/**
* Signs a SoapMessage with the holder-of-key configuration provided on class creation. This
* method changes the SoapMessage.
*
* @param message cannot be null
* @return The signed SoapMessage
* @throws ParserException
* @throws SignatureException
*/
@Override
public final SoapMessage sign(SoapMessage message) throws ParserException, SignatureException {
assert message != null;
Provider securityProvider = holderOfKeyConfig.getSecurityProvider();
XMLSignatureFactory xmlSigFactory =
(securityProvider != null)
? XMLSignatureFactory.getInstance("DOM", securityProvider)
: XMLSignatureFactory.getInstance();
try {
String bodyUuid = createSoapBodyUuid(message);
CanonicalizationMethod canonicalizationMethod =
xmlSigFactory.newCanonicalizationMethod(
CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
SignatureMethod signatureMethod = getSignatureMethod(xmlSigFactory);
ArrayList<String> refList = new ArrayList<String>();
refList.add(bodyUuid);
refList.add(createTimestampUuid(message));
List<Reference> references = createSignatureReferences(xmlSigFactory, refList);
SignedInfo signedInfo =
xmlSigFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references);
KeyInfoFactory kif = KeyInfoFactory.getInstance();
KeyInfo ki =
kif.newKeyInfo(
Collections.singletonList(new DOMStructure(createKeyInfoContent(message))));
XMLSignature signature =
xmlSigFactory.newXMLSignature(signedInfo, ki, null, addUseKeySignatureId(message), null);
DOMSignContext dsc =
new DOMSignContext(
holderOfKeyConfig.getPrivateKey(), message.getHeader().getFirstChild());
dsc.putNamespacePrefix(XMLSignature.XMLNS, DIGITAL_SIGNATURE_NAMESPACE_PREFIX);
signature.sign(dsc);
log.debug("Message with SOAPBody id: " + bodyUuid + " is signed.");
} catch (NoSuchAlgorithmException e) {
log.debug(CREATING_SIGNATURE_ERR_MSG);
throw new SignatureException(CREATING_SIGNATURE_ERR_MSG, e);
} catch (InvalidAlgorithmParameterException e) {
log.debug(CREATING_SIGNATURE_ERR_MSG);
throw new SignatureException(CREATING_SIGNATURE_ERR_MSG, e);
} catch (MarshalException e) {
log.debug(CREATING_SIGNATURE_ERR_MSG);
throw new SignatureException(CREATING_SIGNATURE_ERR_MSG, e);
} catch (XMLSignatureException e) {
log.debug(CREATING_SIGNATURE_ERR_MSG);
throw new SignatureException(CREATING_SIGNATURE_ERR_MSG, e);
}
return message;
}
private static void signImpl(
DOMSignContext dsc,
String digestMethod,
String signatureMethod,
String referenceURI,
PublicKey publicKey,
X509Certificate x509Certificate)
throws GeneralSecurityException, MarshalException, XMLSignatureException {
dsc.setDefaultNamespacePrefix("dsig");
DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
Transform transform1 = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
Transform transform2 =
fac.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null);
List<Transform> transformList = new ArrayList<Transform>();
transformList.add(transform1);
transformList.add(transform2);
Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null);
CanonicalizationMethod canonicalizationMethod =
fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null);
List<Reference> referenceList = Collections.singletonList(ref);
SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null);
SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj, referenceList);
KeyInfo ki = null;
if (includeKeyInfoInSignature) {
ki = createKeyInfo(publicKey, x509Certificate);
}
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
}