/** * The public key in the certificate and the private key are used to sign the advertisement. * * @param paraCert The signer's certificate (public key) * @param paraPrivateKey The signer's private key. * @return true, if the signing succeeds. Otherwise, true. */ public final synchronized boolean sign( PSECredential pseCredential, boolean includePublicKey, boolean includePeerID) { this.xmlSignatureInfoElement = null; this.xmlSignatureElement = null; this.xmlSignature = null; try { PSEMembershipService pseMembershipService = (PSEMembershipService) pseCredential.getSourceService(); XMLDocument tempDocNoSig = (XMLDocument) this.getDocument(MimeMediaType.XMLUTF8); PSEMembershipService.PSEAdvertismentSignatureToken pseAdvertismentSignatureToken = pseMembershipService.signAdvertisement(tempDocNoSig, includePublicKey, includePeerID); XMLSignatureInfo xmlSignatureInfo = pseAdvertismentSignatureToken.getXMLSignatureInfo(); xmlSignatureInfoElement = xmlSignatureInfo.getXMLSignatureInfoDocument(); this.xmlSignature = pseAdvertismentSignatureToken.getXMLSignature(); xmlSignatureElement = xmlSignature.getXMLSignatureDocument(); this.authenticated = true; this.isMember = true; this.isCorrectMembershipKey = true; } catch (Exception ex) { this.xmlSignatureInfoElement = null; this.xmlSignatureElement = null; this.xmlSignature = null; this.authenticated = false; this.isMember = false; this.isCorrectMembershipKey = false; } return this.authenticated; }
@Test public void testXmlSignature() throws Exception { String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); XMLSignatureFactory factory = XMLSignatureFactory.getInstance( "DOM", (Provider) Class.forName(providerName).newInstance()); DigestMethod digestMethod = factory.newDigestMethod(DigestMethod.SHA1, null); Transform transform = factory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null); Reference reference = factory.newReference("", digestMethod, Collections.singletonList(transform), null, null); CanonicalizationMethod canonicalizationMethod = factory.newCanonicalizationMethod( CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null); SignatureMethod signatureMethod = factory.newSignatureMethod(SignatureMethod.RSA_SHA1, null); SignedInfo signedInfo = factory.newSignedInfo( canonicalizationMethod, signatureMethod, Collections.singletonList(reference)); KeyStore ks = KeyStore.getInstance("JKS"); InputStream fis = XMLSigSpike.class.getClassLoader().getResourceAsStream("dev.jks"); ks.load(fis, "devjks".toCharArray()); fis.close(); PrivateKey prv = (PrivateKey) ks.getKey("vgr-pdl", "devjks".toCharArray()); final Certificate cert = ks.getCertificate("vgr-pdl"); final Certificate cacert = ks.getCertificate("vgr-ca"); DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); Document doc = dbf.newDocumentBuilder() .parse(XMLSigSpike.class.getClassLoader().getResourceAsStream("bfr.xml")); final X509Certificate x509Cert = (X509Certificate) cert; List<X509Certificate> x509 = Arrays.asList(x509Cert); KeyInfoFactory keyInfoFactory = factory.getKeyInfoFactory(); X509Data x509Data = keyInfoFactory.newX509Data(x509); List items = new ArrayList(); items.add(x509Data); // items.add(pub); KeyInfo keyInfo = keyInfoFactory.newKeyInfo(items); DOMSignContext dsc = new DOMSignContext(prv, doc.getDocumentElement()); XMLSignature signature = factory.newXMLSignature(signedInfo, keyInfo); signature.sign(dsc); FileOutputStream fos = new FileOutputStream("mySignedFile.xml"); TransformerFactory tf = TransformerFactory.newInstance(); Transformer transformer = tf.newTransformer(); transformer.transform(new DOMSource(doc), new StreamResult(fos)); fos.close(); Document signedDoc = dbf.newDocumentBuilder().parse(new FileInputStream("mySignedFile.xml")); // Find Signature element. NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); if (nl.getLength() == 0) { throw new Exception("Cannot find Signature element"); } KeySelector selector = new KeySelector() { @Override public KeySelectorResult select( final KeyInfo keyInfo, final Purpose purpose, final AlgorithmMethod algorithmMethod, final XMLCryptoContext xmlCryptoContext) throws KeySelectorException { return new KeySelectorResult() { @Override public Key getKey() { List<X509Data> dataList = keyInfo.getContent(); List<X509Certificate> certList = dataList.get(0).getContent(); X509Certificate cert = certList.get(0); try { x509Cert.verify(cacert.getPublicKey()); } catch (CertificateException e) { throw new RuntimeException(e); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } catch (InvalidKeyException e) { throw new RuntimeException(e); } catch (NoSuchProviderException e) { throw new RuntimeException(e); } catch (SignatureException e) { throw new RuntimeException(e); } return cert.getPublicKey(); } }; } }; // Create a DOMValidateContext and specify a KeySelector // and document context. DOMValidateContext valContext = new DOMValidateContext(selector, nl.item(0)); // Unmarshal the XMLSignature. XMLSignature xmlSignature = factory.unmarshalXMLSignature(valContext); // Validate the XMLSignature. boolean coreValidity = signature.validate(valContext); assertTrue(coreValidity); }