Java XML String Transform signEmbeded(Node doc, String uri, PrivateKey pKey, X509Certificate cert)

Here you can find the source of signEmbeded(Node doc, String uri, PrivateKey pKey, X509Certificate cert)

  1. HOME
  2. Java
  3. X
  4. XML String Transform
  5. signEmbeded(Node doc, String uri, PrivateKey pKey, X509Certificate cert)

Description

Firma digitalmente usando la forma "enveloped signature" seg&uacute;n el est&aacute;ndar de la W3C (<a href="http://www.w3.org/TR/xmldsig-core/">http://www.w3.org/TR/xmldsig-core/</a>).

License

Apache License

Parameter

Parameter Description
doc El documento a firmar
uri La referencia dentro del documento que debe ser firmada
pKey La llave privada para firmar
cert El certificado digital correspondiente a la llave privada

Exception

Parameter Description
NoSuchAlgorithmException Si el algoritmo de firma de la llave no est&aacute; soportado(Actualmente soportado RSA+SHA1, DSA+SHA1 y HMAC+SHA1).
InvalidAlgorithmParameterException Si los algoritmos de canonizaci&oacute;n (parte delest&aacute;ndar XML Signature) no son soportados (actaulmentese usa el por defecto)
KeyException Si hay problemas al incluir la llave p&uacute;blica en el&lt;KeyValue&gt;.
MarshalException an exception
XMLSignatureException an exception

Declaration 

public static void signEmbeded(Node doc, String uri, PrivateKey pKey, X509Certificate cert)
        throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException,
        XMLSignatureException

Method Source Code

//package com.java2s;
/**//from  ww  w . jav a  2  s.  c om
 * Copyright [2009] [NIC Labs]
 * 
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file
 * except in compliance with the License. You may obtain a copy of the    License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or 
 * agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations under the License.
 * 
 **/

import java.security.InvalidAlgorithmParameterException;

import java.security.KeyException;

import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;

import java.security.cert.X509Certificate;

import java.util.ArrayList;
import java.util.Collections;

import java.util.List;

import javax.xml.crypto.MarshalException;

import javax.xml.crypto.XMLStructure;

import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureException;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;

import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.KeyValue;

import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;

import org.w3c.dom.Node;

public class Main {
    /**
     * Firma digitalmente usando la forma "enveloped signature" seg&uacute;n el
     * est&aacute;ndar de la W3C (<a
     * href="http://www.w3.org/TR/xmldsig-core/">http://www.w3.org/TR/xmldsig-core/</a>).
     * <p>
     * 
     * Este m&eacute;todo adem&aacute;s incorpora la informaci&oacute;n del
     * certificado a la secci&oacute;n &lt;KeyInfo&gt; opcional del
     * est&aacute;ndar, seg&uacute;n lo exige SII.
     * <p>
     * 
     * @param doc
     *            El documento a firmar
     * @param uri
     *            La referencia dentro del documento que debe ser firmada
     * @param pKey
     *            La llave privada para firmar
     * @param cert
     *            El certificado digital correspondiente a la llave privada
     * @throws NoSuchAlgorithmException
     *             Si el algoritmo de firma de la llave no est&aacute; soportado
     *             (Actualmente soportado RSA+SHA1, DSA+SHA1 y HMAC+SHA1).
     * @throws InvalidAlgorithmParameterException
     *             Si los algoritmos de canonizaci&oacute;n (parte del
     *             est&aacute;ndar XML Signature) no son soportados (actaulmente
     *             se usa el por defecto)
     * @throws KeyException
     *             Si hay problemas al incluir la llave p&uacute;blica en el
     *             &lt;KeyValue&gt;.
     * @throws MarshalException
     * @throws XMLSignatureException
     * 
     * @see javax.xml.crypto.dsig.XMLSignature#sign(javax.xml.crypto.dsig.XMLSignContext)
     */
    public static void signEmbeded(Node doc, String uri, PrivateKey pKey, X509Certificate cert)
            throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException,
            XMLSignatureException {

        // Create a DOM XMLSignatureFactory that will be used to generate the
        // enveloped signature
        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");

        // Create a Reference to the enveloped document (in this case we are
        // signing the whole document, so a URI of "" signifies that) and
        // also specify the SHA1 digest algorithm and the ENVELOPED Transform.

        Reference ref = fac.newReference(uri, fac.newDigestMethod(DigestMethod.SHA1, null),
                Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)),
                null, null);

        // Create the SignedInfo
        String method = SignatureMethod.RSA_SHA1; // default by SII

        if ("DSA".equals(cert.getPublicKey().getAlgorithm()))
            method = SignatureMethod.DSA_SHA1;
        else if ("HMAC".equals(cert.getPublicKey().getAlgorithm()))
            method = SignatureMethod.HMAC_SHA1;

        SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, // Default canonical and
                // default by SII
                (C14NMethodParameterSpec) null), fac.newSignatureMethod(method, null),
                Collections.singletonList(ref));

        KeyInfoFactory kif = fac.getKeyInfoFactory();
        KeyValue kv = kif.newKeyValue(cert.getPublicKey());

        // Create a KeyInfo and add the KeyValue to it
        List<XMLStructure> kidata = new ArrayList<XMLStructure>();
        kidata.add(kv);
        kidata.add(kif.newX509Data(Collections.singletonList(cert)));
        KeyInfo ki = kif.newKeyInfo(kidata);

        // Create a DOMSignContext and specify the PrivateKey and
        // location of the resulting XMLSignature's parent element
        DOMSignContext dsc = new DOMSignContext(pKey, doc);

        // Create the XMLSignature (but don't sign it yet)
        XMLSignature signature = fac.newXMLSignature(si, ki);

        // Marshal, generate (and sign) the enveloped signature
        signature.sign(dsc);

    }
}

Related

  1. readURL(String urlStr)
  2. readXMLFile(String xmlFileName)
  3. render(String name, byte[] xmldata)
  4. replaceLineSeparatorInternal(String string, String lineSeparator)
  5. save(Node doc, OutputStream stream, String encoding, boolean indent)
  6. String2Doc(String InputXMLString)
  7. string2Source(String xml)
  8. stringToNode(String s)
  9. strToSchema(final String strXsd)