Пример #1
2
  /**
   * @param caminhoCertificado
   * @param senhaCertificado
   * @paaram senhaCertificado
   * @param caminhoArquivo
   * @return
   * @throws Exception
   */
  public static String assinarDocumento(
      String caminhoCertificado, String senhaCertificado, String caminhoArquivo) throws Exception {

    final KeyStore keyStore = KeyStore.getInstance("PKCS12");
    try (InputStream certificadoStream = new FileInputStream(new File(caminhoCertificado))) {
      keyStore.load(certificadoStream, senhaCertificado.toCharArray());
    }

    final KeyStore.PrivateKeyEntry keyEntry =
        (KeyStore.PrivateKeyEntry)
            keyStore.getEntry(
                keyStore.aliases().nextElement(),
                new KeyStore.PasswordProtection(senhaCertificado.toCharArray()));

    final XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");

    final List<Transform> transforms = new ArrayList<>(2);
    transforms.add(
        signatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
    transforms.add(
        signatureFactory.newTransform(C14N_TRANSFORM_METHOD, (TransformParameterSpec) null));

    final KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory();
    final X509Data x509Data =
        keyInfoFactory.newX509Data(
            Collections.singletonList((X509Certificate) keyEntry.getCertificate()));
    final KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(x509Data));

    final DocumentBuilderFactory documentBuilderFactory = DocumentBuilderFactory.newInstance();
    documentBuilderFactory.setNamespaceAware(true);

    final Document document =
        documentBuilderFactory.newDocumentBuilder().parse(new File(caminhoArquivo));

    for (final String elementoAssinavel : ELEMENTOS_ASSINAVEIS) {
      final NodeList elements = document.getElementsByTagName(elementoAssinavel);
      for (int i = 0; i < elements.getLength(); i++) {
        final Element element = (Element) elements.item(i);
        final String id = element.getAttribute("Id");
        element.setIdAttribute("Id", true);

        final Reference reference =
            signatureFactory.newReference(
                "#" + id,
                signatureFactory.newDigestMethod(DigestMethod.SHA1, null),
                transforms,
                null,
                null);
        final SignedInfo signedInfo =
            signatureFactory.newSignedInfo(
                signatureFactory.newCanonicalizationMethod(
                    CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null),
                signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
                Collections.singletonList(reference));

        final XMLSignature signature = signatureFactory.newXMLSignature(signedInfo, keyInfo);
        signature.sign(new DOMSignContext(keyEntry.getPrivateKey(), element.getParentNode()));
      }
    }

    try (ByteArrayOutputStream outputStream = new ByteArrayOutputStream()) {
      final Transformer transformer = TransformerFactory.newInstance().newTransformer();
      transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
      transformer.transform(new DOMSource(document), new StreamResult(outputStream));
      return outputStream.toString();
    }
  }
  /**
   * @param context JAXBFilterProcessingContext
   * @return errorCode
   * @throws XWSSecurityException
   */
  public static int sign(JAXBFilterProcessingContext context) throws XWSSecurityException {
    try {
      SignaturePolicy signaturePolicy = (SignaturePolicy) context.getSecurityPolicy();
      ((NamespaceContextEx) context.getNamespaceContext()).addSignatureNS();
      WSSPolicy keyBinding = (WSSPolicy) signaturePolicy.getKeyBinding();
      if (logger.isLoggable(Level.FINEST)) {
        logger.log(Level.FINEST, "KeyBinding is " + keyBinding);
      }

      Key signingKey = null;

      SignatureElementFactory signFactory = new SignatureElementFactory();

      KeyInfo keyInfo = null;
      SecurityHeader securityHeader = context.getSecurityHeader();

      // Get the Signing key and KeyInfo from TokenProcessor
      TokenProcessor tokenProcessor = new TokenProcessor(signaturePolicy, context);
      BuilderResult builderResult = tokenProcessor.process();
      signingKey = builderResult.getDataProtectionKey();
      keyInfo = builderResult.getKeyInfo();

      if (keyInfo != null || !keyBinding.isOptional()) {
        SignedInfo signedInfo = signFactory.constructSignedInfo(context);
        JAXBSignContext signContext = new JAXBSignContext(signingKey);
        signContext.setURIDereferencer(DSigResolver.getInstance());
        XMLSignature signature =
            signFactory.constructSignature(signedInfo, keyInfo, signaturePolicy.getUUID());
        signContext.put(MessageConstants.WSS_PROCESSING_CONTEXT, context);
        NamespaceAndPrefixMapper npMapper =
            new NamespaceAndPrefixMapper(
                context.getNamespaceContext(), context.getDisableIncPrefix());
        signContext.put(NamespaceAndPrefixMapper.NS_PREFIX_MAPPER, npMapper);
        signContext.putNamespacePrefix(MessageConstants.DSIG_NS, MessageConstants.DSIG_PREFIX);
        signature.sign(signContext);

        JAXBSignatureHeaderElement jaxBSign =
            new JAXBSignatureHeaderElement(
                (com.sun.xml.ws.security.opt.crypto.dsig.Signature) signature,
                context.getSOAPVersion());
        securityHeader.add(jaxBSign);

        // For SignatureConfirmation
        List scList = (ArrayList) context.getExtraneousProperty("SignatureConfirmation");
        if (scList != null) {
          scList.add(Base64.encode(signature.getSignatureValue().getValue()));
        }
      }
      // End SignatureConfirmation specific code

    } catch (XWSSecurityException xe) {
      logger.log(Level.SEVERE, LogStringsMessages.WSS_1701_SIGN_FAILED(), xe);
      throw xe;
    } catch (Exception ex) {
      logger.log(Level.SEVERE, LogStringsMessages.WSS_1701_SIGN_FAILED(), ex);
      throw new XWSSecurityException(ex);
    }
    return 0;
  }
  /**
   * Signs a SoapMessage with the holder-of-key configuration provided on class creation. This
   * method changes the SoapMessage.
   *
   * @param message cannot be null
   * @return The signed SoapMessage
   * @throws ParserException
   * @throws SignatureException
   */
  @Override
  public final SoapMessage sign(SoapMessage message) throws ParserException, SignatureException {

    assert message != null;

    Provider securityProvider = holderOfKeyConfig.getSecurityProvider();
    XMLSignatureFactory xmlSigFactory =
        (securityProvider != null)
            ? XMLSignatureFactory.getInstance("DOM", securityProvider)
            : XMLSignatureFactory.getInstance();

    try {
      String bodyUuid = createSoapBodyUuid(message);
      CanonicalizationMethod canonicalizationMethod =
          xmlSigFactory.newCanonicalizationMethod(
              CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null);
      SignatureMethod signatureMethod = getSignatureMethod(xmlSigFactory);
      ArrayList<String> refList = new ArrayList<String>();
      refList.add(bodyUuid);
      refList.add(createTimestampUuid(message));
      List<Reference> references = createSignatureReferences(xmlSigFactory, refList);
      SignedInfo signedInfo =
          xmlSigFactory.newSignedInfo(canonicalizationMethod, signatureMethod, references);

      KeyInfoFactory kif = KeyInfoFactory.getInstance();
      KeyInfo ki =
          kif.newKeyInfo(
              Collections.singletonList(new DOMStructure(createKeyInfoContent(message))));

      XMLSignature signature =
          xmlSigFactory.newXMLSignature(signedInfo, ki, null, addUseKeySignatureId(message), null);

      DOMSignContext dsc =
          new DOMSignContext(
              holderOfKeyConfig.getPrivateKey(), message.getHeader().getFirstChild());
      dsc.putNamespacePrefix(XMLSignature.XMLNS, DIGITAL_SIGNATURE_NAMESPACE_PREFIX);

      signature.sign(dsc);

      log.debug("Message with SOAPBody id: " + bodyUuid + " is signed.");
    } catch (NoSuchAlgorithmException e) {
      log.debug(CREATING_SIGNATURE_ERR_MSG);
      throw new SignatureException(CREATING_SIGNATURE_ERR_MSG, e);
    } catch (InvalidAlgorithmParameterException e) {
      log.debug(CREATING_SIGNATURE_ERR_MSG);
      throw new SignatureException(CREATING_SIGNATURE_ERR_MSG, e);
    } catch (MarshalException e) {
      log.debug(CREATING_SIGNATURE_ERR_MSG);
      throw new SignatureException(CREATING_SIGNATURE_ERR_MSG, e);
    } catch (XMLSignatureException e) {
      log.debug(CREATING_SIGNATURE_ERR_MSG);
      throw new SignatureException(CREATING_SIGNATURE_ERR_MSG, e);
    }

    return message;
  }
Пример #4
0
  private static void signImpl(
      DOMSignContext dsc,
      String digestMethod,
      String signatureMethod,
      String referenceURI,
      PublicKey publicKey,
      X509Certificate x509Certificate)
      throws GeneralSecurityException, MarshalException, XMLSignatureException {
    dsc.setDefaultNamespacePrefix("dsig");

    DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
    Transform transform1 = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
    Transform transform2 =
        fac.newTransform("http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null);

    List<Transform> transformList = new ArrayList<Transform>();
    transformList.add(transform1);
    transformList.add(transform2);

    Reference ref = fac.newReference(referenceURI, digestMethodObj, transformList, null, null);

    CanonicalizationMethod canonicalizationMethod =
        fac.newCanonicalizationMethod(canonicalizationMethodType, (C14NMethodParameterSpec) null);

    List<Reference> referenceList = Collections.singletonList(ref);
    SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null);
    SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethodObj, referenceList);

    KeyInfo ki = null;
    if (includeKeyInfoInSignature) {
      ki = createKeyInfo(publicKey, x509Certificate);
    }
    XMLSignature signature = fac.newXMLSignature(si, ki);

    signature.sign(dsc);
  }
Пример #5
0
  /**
   * @param chnlId
   * @param xmlStr
   * @param chnlStr
   * @return
   */
  public String processXMLForChnls(String chnlId, String xmlStr, final String chnlStr) {
    if ("106".equals(chnlId) || "102".equals(chnlId)) {
      try {
        xmlStr = URLEncoder.encode(xmlStr.trim(), "UTF-8");
      } catch (UnsupportedEncodingException e) {
      }
      xmlStr = "xml=".concat(xmlStr);

    } else if ("103".equals(chnlId) && !"Route1_CONT".equals(chnlStr)) {

      xmlStr =
          "<soap:Envelope xmlns:soap=\"http://schemas.xmlsoap.org/soap/envelope/\">"
              + "<soap:Header>"
              + "<SOAP-SEC:Signature xmlns:SOAP-SEC=\"http://schemas.xmlsoap.org/soap/security/2000-12\">"
              + "</SOAP-SEC:Signature>"
              + "</soap:Header>".concat(xmlStr).concat("</soap:Envelope>");
      try {

        // Create a DOM XMLSignatureFactory that will be used to
        // generate the enveloped signature.
        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
        Reference ref =
            fac.newReference(
                "#Body",
                fac.newDigestMethod(DigestMethod.SHA1, null),
                Collections.singletonList(
                    fac.newTransform(
                        "http://www.w3.org/2001/10/xml-exc-c14n#", (TransformParameterSpec) null)),
                null,
                null);

        // Create the SignedInfo.
        SignedInfo si =
            fac.newSignedInfo(
                fac.newCanonicalizationMethod(
                    CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null),
                fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
                Collections.singletonList(ref));

        // Load the KeyStore and get the signing key and
        // certificate.
        KeyStore ks = KeyStore.getInstance("JKS");

        String certFileNm = "";
        // commonConfigHelper.getConfigMap().get(
        // "ROUTE1_CERTIFICATE_JSK");
        String pwd = ""; // commonConfigHelper.getConfigMap().get(
        // "ROUTE1_CERTIFICATE_PASSWORD");
        String aliasNm = ""; // commonConfigHelper.getConfigMap().get(
        // "ROUTE1_CERTIFICATE_ALIAS");
        ks.load(new FileInputStream(certFileNm), pwd.toCharArray());
        KeyStore.PrivateKeyEntry keyEntry =
            (KeyStore.PrivateKeyEntry)
                ks.getEntry(aliasNm, new KeyStore.PasswordProtection(pwd.toCharArray()));
        X509Certificate cert = (X509Certificate) keyEntry.getCertificate();

        // Create the KeyInfo containing the X509Data.
        KeyInfoFactory kif = fac.getKeyInfoFactory();
        List x509Content = new ArrayList();
        // x509Content.add(cert.getSubjectX500Principal().getName());
        x509Content.add(cert.getIssuerX500Principal().getName());
        X509Data xd = kif.newX509Data(x509Content);
        KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));

        // Instantiate the document to be signed.
        // Document doc = xmlUtil.getDocumentFromString(xmlStr);
        Document doc = null;

        // Create a DOMSignContext and specify the RSA PrivateKey
        // and
        // location of the resulting XMLSignature's parent element.
        DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());

        // Create the XMLSignature, but don't sign it yet.
        XMLSignature signature = fac.newXMLSignature(si, ki);

        // Marshal, generate, and sign the enveloped signature.
        signature.sign(dsc);

        // Output the resulting document.

        xmlStr = xmlUtil.convertXMLDocToString(doc);

      } catch (Exception e) {
      }
    }
    return xmlStr;
  }
  @Test
  public void testXmlSignature() throws Exception {

    String providerName =
        System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");

    XMLSignatureFactory factory =
        XMLSignatureFactory.getInstance(
            "DOM", (Provider) Class.forName(providerName).newInstance());
    DigestMethod digestMethod = factory.newDigestMethod(DigestMethod.SHA1, null);
    Transform transform = factory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);
    Reference reference =
        factory.newReference("", digestMethod, Collections.singletonList(transform), null, null);
    CanonicalizationMethod canonicalizationMethod =
        factory.newCanonicalizationMethod(
            CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null);
    SignatureMethod signatureMethod = factory.newSignatureMethod(SignatureMethod.RSA_SHA1, null);
    SignedInfo signedInfo =
        factory.newSignedInfo(
            canonicalizationMethod, signatureMethod, Collections.singletonList(reference));

    KeyStore ks = KeyStore.getInstance("JKS");
    InputStream fis = XMLSigSpike.class.getClassLoader().getResourceAsStream("dev.jks");
    ks.load(fis, "devjks".toCharArray());
    fis.close();

    PrivateKey prv = (PrivateKey) ks.getKey("vgr-pdl", "devjks".toCharArray());
    final Certificate cert = ks.getCertificate("vgr-pdl");
    final Certificate cacert = ks.getCertificate("vgr-ca");

    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
    dbf.setNamespaceAware(true);
    Document doc =
        dbf.newDocumentBuilder()
            .parse(XMLSigSpike.class.getClassLoader().getResourceAsStream("bfr.xml"));

    final X509Certificate x509Cert = (X509Certificate) cert;
    List<X509Certificate> x509 = Arrays.asList(x509Cert);

    KeyInfoFactory keyInfoFactory = factory.getKeyInfoFactory();
    X509Data x509Data = keyInfoFactory.newX509Data(x509);
    List items = new ArrayList();

    items.add(x509Data);
    // items.add(pub);
    KeyInfo keyInfo = keyInfoFactory.newKeyInfo(items);

    DOMSignContext dsc = new DOMSignContext(prv, doc.getDocumentElement());

    XMLSignature signature = factory.newXMLSignature(signedInfo, keyInfo);
    signature.sign(dsc);

    FileOutputStream fos = new FileOutputStream("mySignedFile.xml");
    TransformerFactory tf = TransformerFactory.newInstance();
    Transformer transformer = tf.newTransformer();
    transformer.transform(new DOMSource(doc), new StreamResult(fos));
    fos.close();

    Document signedDoc = dbf.newDocumentBuilder().parse(new FileInputStream("mySignedFile.xml"));

    // Find Signature element.
    NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
    if (nl.getLength() == 0) {
      throw new Exception("Cannot find Signature element");
    }

    KeySelector selector =
        new KeySelector() {
          @Override
          public KeySelectorResult select(
              final KeyInfo keyInfo,
              final Purpose purpose,
              final AlgorithmMethod algorithmMethod,
              final XMLCryptoContext xmlCryptoContext)
              throws KeySelectorException {
            return new KeySelectorResult() {
              @Override
              public Key getKey() {
                List<X509Data> dataList = keyInfo.getContent();
                List<X509Certificate> certList = dataList.get(0).getContent();
                X509Certificate cert = certList.get(0);
                try {
                  x509Cert.verify(cacert.getPublicKey());
                } catch (CertificateException e) {
                  throw new RuntimeException(e);
                } catch (NoSuchAlgorithmException e) {
                  throw new RuntimeException(e);
                } catch (InvalidKeyException e) {
                  throw new RuntimeException(e);
                } catch (NoSuchProviderException e) {
                  throw new RuntimeException(e);
                } catch (SignatureException e) {
                  throw new RuntimeException(e);
                }
                return cert.getPublicKey();
              }
            };
          }
        };

    // Create a DOMValidateContext and specify a KeySelector
    // and document context.
    DOMValidateContext valContext = new DOMValidateContext(selector, nl.item(0));

    // Unmarshal the XMLSignature.
    XMLSignature xmlSignature = factory.unmarshalXMLSignature(valContext);

    // Validate the XMLSignature.
    boolean coreValidity = signature.validate(valContext);

    assertTrue(coreValidity);
  }
Пример #7
0
  /**
   * Cria a assinatura para o objeto informado no construtor.
   *
   * @return Assinatura gerada.
   * @throws SignatureException Caso ocorra algum erro ao gerar a assinatura.
   */
  @SuppressWarnings({"rawtypes", "unchecked"})
  public SignatureType createSignature() throws SignatureException {
    try {
      final X509Certificate certificate = Configuration.getInstance().getCertificate();

      // Cria a assinatura com a API do Java.
      final XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM");

      final List<Transform> transformList = new ArrayList<Transform>();
      transformList.add(factory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
      transformList.add(
          factory.newTransform(CanonicalizationMethod.INCLUSIVE, (TransformParameterSpec) null));

      final Reference reference =
          factory.newReference(
              this.referenceUri,
              factory.newDigestMethod(DigestMethod.SHA1, null),
              transformList,
              null,
              null);
      final SignedInfo signedInfo =
          factory.newSignedInfo(
              factory.newCanonicalizationMethod(
                  CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null),
              factory.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
              Collections.singletonList(reference));

      final KeyInfoFactory keyInfoFactory = factory.getKeyInfoFactory();

      final List x509Content = new ArrayList();
      x509Content.add(certificate.getSubjectX500Principal().getName());
      x509Content.add(certificate);

      final X509Data x509Data = keyInfoFactory.newX509Data(x509Content);
      final KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(x509Data));

      final DOMSignContext domSignContext =
          new DOMSignContext(
              Configuration.getInstance().getPrivateKey(), this.document.getDocumentElement());

      final XMLSignature newXMLSignature = factory.newXMLSignature(signedInfo, keyInfo);
      newXMLSignature.sign(domSignContext);

      // Remove tags nao recomendadas.
      final String[] unnecessaryElements =
          new String[] {
            "X509SubjectName",
            "X509IssuerSerial",
            "X509IssuerName",
            "X509IssuerName",
            "X509SKI",
            "KeyValue",
            "RSAKeyValue",
            "Modulus",
            "Exponent"
          };
      final XPathFactory xpathFactory = XPathFactory.newInstance();

      for (final String elementName : unnecessaryElements) {
        final XPathExpression xpath =
            xpathFactory.newXPath().compile("//*[name()='" + elementName + "']");
        final Node node = (Node) xpath.evaluate(this.document, XPathConstants.NODE);

        if (null != node) {
          node.getParentNode().removeChild(node);
        }
      }

      final XPathExpression xpath = xpathFactory.newXPath().compile("//*[name()='Signature']");
      return JAXB.unmarshal(
          new DOMSource((Node) xpath.evaluate(this.document, XPathConstants.NODE)),
          SignatureType.class);

    } catch (Exception e) {
      throw new SignatureException("Um erro ocorreu ao criar a assinatura.", e);
    }
  }