Menu
▾
▴
[Neuclear-develop] neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec SignedInfo.java,NONE,1.1 Reference.java,1.11,1.12 XMLSignature.java,1.13,1.14 SignatureInfo.java,1.6,NONE
Update of /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec In directory sc8-pr-cvs1.sourceforge.net:/tmp/cvs-serv32469/src/java/org/neuclear/xml/xmlsec Modified Files: Reference.java XMLSignature.java Added Files: SignedInfo.java Removed Files: SignatureInfo.java Log Message: Renamed SignatureInfo to SignedInfo as that is the name of the Element. Made some changes in the Canonicalizer to make all the output verify in Aleksey's xmlsec library. Unfortunately this breaks example 3 of merlin-eight's canonicalization interop tests, because dom4j afaik can't tell the difference between <test/> and <test xmlns=""/>. Changed XMLSignature it is now has less repeated code. --- NEW FILE: SignedInfo.java --- /* $Id: SignedInfo.java,v 1.1 2004/03/02 23:30:43 pelle Exp $ * $Log: SignedInfo.java,v $ * Revision 1.1 2004/03/02 23:30:43 pelle * Renamed SignatureInfo to SignedInfo as that is the name of the Element. * Made some changes in the Canonicalizer to make all the output verify in Aleksey's xmlsec library. * Unfortunately this breaks example 3 of merlin-eight's canonicalization interop tests, because dom4j afaik * can't tell the difference between <test/> and <test xmlns=""/>. * Changed XMLSignature it is now has less repeated code. * * Revision 1.6 2004/01/14 06:42:38 pelle * Got rid of the verifyXXX() methods * * Revision 1.5 2004/01/13 23:37:59 pelle * Refactoring parts of the core of XMLSignature. There shouldnt be any real API changes. * * Revision 1.4 2003/12/11 23:56:53 pelle * Trying to test the ReceiverServlet with cactus. Still no luck. Need to return a ElementProxy of some sort. * Cleaned up some missing fluff in the ElementProxy interface. getTagName(), getQName() and getNameSpace() have been killed. * * Revision 1.3 2003/11/21 04:44:31 pelle * EncryptedFileStore now works. It uses the PBECipher with DES3 afair. * Otherwise You will Finaliate. * Anything that can be final has been made final throughout everyting. We've used IDEA's Inspector tool to find all instance of variables that could be final. * This should hopefully make everything more stable (and secure). * * Revision 1.2 2003/11/11 21:18:07 pelle * Further vital reshuffling. * org.neudist.crypto.* and org.neudist.utils.* have been moved to respective areas under org.neuclear.commons * org.neuclear.signers.* as well as org.neuclear.passphraseagents have been moved under org.neuclear.commons.crypto as well. * Did a bit of work on the Canonicalizer and changed a few other minor bits. * * Revision 1.1.1.1 2003/11/11 16:33:25 pelle * Moved over from neudist.org * Moved remaining common utilities into commons * * Revision 1.9 2003/11/08 20:27:02 pelle * Updated the Signer interface to return a key type to be used for XML SignedInfo. Thus we now support DSA sigs yet again. * * Revision 1.8 2003/02/24 12:57:37 pelle * Sorted out problem with signing enveloping signatures. * Canonicalizer needs a Document. If there isn't a Document the xpath wont work and returns false. * Thus always have a document for an element. * * Revision 1.7 2003/02/24 03:26:30 pelle * XMLSignature class has been tested as working for Enveloped Signatures. * It is still failing verification on home grown Enveloping Signatures. * It failes while checking reference validity. This means there is something strange about the Digest is initially * calculated for Enveloping signatures. * * Revision 1.6 2003/02/24 00:41:07 pelle * Cleaned up a lot of code for new fixed processing model. * It all still work as before, but will be easier to modify the Reference processing model which is the only * main thing todo besides X509 and HMAC-SHA1 support. * * Revision 1.5 2003/02/22 16:54:30 pelle * Major structural changes in the whole processing framework. * Verification now supports Enveloping and detached signatures. * The reference element is a lot more important at the moment and handles much of the logic. * Replaced homegrown Base64 with Blackdowns. * Still experiencing problems with decoding foreign signatures. I reall dont understand it. I'm going to have * to reread the specs a lot more and study other implementations sourcecode. * * Revision 1.4 2003/02/08 19:11:10 pelle * Cleaned stuff up a bit. * * Revision 1.3 2003/02/08 18:48:37 pelle * The Signature phase has been rewritten. * There now is a new Class called QuickEmbeddedSignature which is more in line with my original idea for this library. * It simply has a template of the xml and signs it in a standard way. * The original XMLSignature class is still used for verification and will in the future handle more thoroughly * all the various flavours of XMLSig. * XMLSecTools has got different flavours of canonicalize now. Including one where you can pass it a Canonicaliser to use. * Of the new Canonicalizer's are CanonicalizerWithComments, which I accidently left out of the last commit. * And CanonicalizerWithoutSignature which leaves out the Signature in the Canonicalization phase and is thus * a lot more efficient than the previous approach. * * Revision 1.2 2003/01/21 03:14:11 pelle * Mainly clean ups through out and further documentation. * * Revision 1.1 2003/01/18 18:12:32 pelle * First Independent commit of the Independent XML-Signature API for NeuDist. * * Revision 1.3 2002/10/10 21:29:31 pelle * Oops. XML-Signature's SignedInfo element I had coded as SignedInfo * As I thought Canonicalisation doesnt seem to be standard. * Updated the SignedServlet to default to using ~/.neuclear/signers.ks * * Revision 1.2 2002/09/21 23:11:16 pelle * A bunch of clean ups. Got rid of as many hard coded URL's as I could. * */ package org.neuclear.xml.xmlsec; /** * @author pelleb * @version $Revision: 1.1 $ */ import org.dom4j.Element; import org.neuclear.commons.crypto.signers.Signer; import org.neuclear.xml.XMLException; import org.neuclear.xml.c14.Canonicalizer; import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.Signature; public final class SignedInfo extends AbstractXMLSigElement { public SignedInfo(final Element root, final int sigalg, final int sigtype) throws XMLSecurityException { super(SignedInfo.TAG_NAME); this.algType = sigalg; final Element cm = XMLSecTools.createElementInSignatureSpace("CanonicalizationMethod"); cm.addAttribute("Algorithm", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); try { addElement(cm); final Element sm = XMLSecTools.createElementInSignatureSpace("SignatureMethod"); if (sigalg == SignedInfo.SIG_ALG_RSA) sm.addAttribute("Algorithm", "http://www.w3.org/2000/09/xmldsig#rsa-sha1"); else sm.addAttribute("Algorithm", "http://www.w3.org/2000/09/xmldsig#dsa-sha1"); addElement(sm); ref = new Reference(root, sigtype); addElement(ref); } catch (XMLException e) { throw new XMLSecurityException(e); } } public SignedInfo(final Element elem) throws XMLSecurityException, InvalidSignatureException { super(elem); if (!elem.getQName().equals(XMLSecTools.createQName(TAG_NAME))) throw new XMLSecurityException("Element: " + elem.getQualifiedName() + " is not a valid: " + XMLSecTools.NS_DS.getPrefix() + ":" + TAG_NAME); this.sig = sig; final Element c14elem = elem.element(XMLSecTools.createQName("CanonicalizationMethod")); if (c14elem != null && c14elem.attributeValue("Algorithm").equals("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments")) c14nType = Canonicalizer.C14NTYPE_WITH_COMMENTS; final Element refElem = elem.element(XMLSecTools.createQName("Reference")); if (refElem != null) ref = new Reference(refElem); //Check reference element if signature is enveloped } /** * Method getSigningKey * This returns the signing PublicKey if it exists or null if it doesnt. * * @return * @throws XMLSecurityException */ public final Reference getReference() throws XMLSecurityException { return ref; } final Canonicalizer getCanonicalizer() { // if (ref.getSigType() == Reference.XMLSIGTYPE_ENVELOPED) // return new CanonicalizerWithoutSignature(); // else if (c14nType == Canonicalizer.C14NTYPE_WITH_COMMENTS) // return new CanonicalizerWithComments(); return new Canonicalizer(); } final XMLSignature getSig() { return sig; } //TODO Ignore this bit for now final Signature getSignatureAlgorithm() throws XMLSecurityException { try { return Signature.getInstance("SHA1withRSA", "BC"); } catch (NoSuchAlgorithmException e) { XMLSecTools.rethrowException(e); } catch (NoSuchProviderException e) { XMLSecTools.rethrowException(e); } return null; } public final byte[] canonicalize() throws XMLSecurityException { return XMLSecTools.canonicalize(getCanonicalizer(), getElement()); } public final String getTagName() { return TAG_NAME; } private static final String TAG_NAME = "SignedInfo"; private Reference ref; private int c14nType = 0; private int algType = 0; private XMLSignature sig; public final static int SIG_ALG_RSA = Signer.KEY_RSA; public final static int SIG_ALG_DSA = Signer.KEY_DSA; // private PublicKey pub; } Index: Reference.java =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/Reference.java,v retrieving revision 1.11 retrieving revision 1.12 diff -C2 -d -r1.11 -r1.12 *** Reference.java 2 Mar 2004 18:39:57 -0000 1.11 --- Reference.java 2 Mar 2004 23:30:43 -0000 1.12 *************** *** 1,4 **** --- 1,11 ---- /* $Id$ * $Log$ + * Revision 1.12 2004/03/02 23:30:43 pelle + * Renamed SignatureInfo to SignedInfo as that is the name of the Element. + * Made some changes in the Canonicalizer to make all the output verify in Aleksey's xmlsec library. + * Unfortunately this breaks example 3 of merlin-eight's canonicalization interop tests, because dom4j afaik + * can't tell the difference between <test/> and <test xmlns=""/>. + * Changed XMLSignature it is now has less repeated code. + * * Revision 1.11 2004/03/02 18:39:57 pelle * Done some more minor fixes within xmlsig, but mainly I've removed the old Source and Store patterns and sub packages. This is because *************** *** 124,128 **** * * Revision 1.4 2002/10/10 21:29:31 pelle ! * Oops. XML-Signature's SignedInfo element I had coded as SignatureInfo * As I thought Canonicalisation doesnt seem to be standard. * Updated the SignedServlet to default to using ~/.neuclear/signers.ks --- 131,135 ---- * * Revision 1.4 2002/10/10 21:29:31 pelle ! * Oops. XML-Signature's SignedInfo element I had coded as SignedInfo * As I thought Canonicalisation doesnt seem to be standard. * Updated the SignedServlet to default to using ~/.neuclear/signers.ks *************** *** 169,194 **** super(Reference.TAG_NAME); final Canonicalizer canon; ! Object ref=null; Element transformsElement = addElement("Transforms"); // final Element object; ! if (sigtype == XMLSIGTYPE_ENVELOPED){ ! createAttribute("URI",""); ! canon=new CanonicalizerWithoutSignature(); ! transformsElement.addElement(XMLSecTools.createQName("Transform")).addAttribute("Algorithm","http://www.w3.org/2000/09/xmldsig#enveloped-signature"); ! ref=root; ! } else if (sigtype == XMLSIGTYPE_ENVELOPING){ ! canon= new Canonicalizer(); ! ref=root; } else { throw new XMLSecurityException("Unsupported Signature Method"); } ! transformsElement.addElement(XMLSecTools.createQName("Transform")).addAttribute("Algorithm","http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); ! type=sigtype; ! final String id = Utility.denullString(root.attributeValue("Id"),root.attributeValue("ID")); if (!Utility.isEmpty(id)) ! createAttribute("URI","#"+id); ! addDigest(canon,ref); } --- 176,201 ---- super(Reference.TAG_NAME); final Canonicalizer canon; ! Object ref = null; Element transformsElement = addElement("Transforms"); // final Element object; ! if (sigtype == XMLSIGTYPE_ENVELOPED) { ! createAttribute("URI", ""); ! canon = new CanonicalizerWithoutSignature(); ! transformsElement.addElement(XMLSecTools.createQName("Transform")).addAttribute("Algorithm", "http://www.w3.org/2000/09/xmldsig#enveloped-signature"); ! ref = root; ! } else if (sigtype == XMLSIGTYPE_ENVELOPING) { ! canon = new Canonicalizer(); ! ref = root; } else { throw new XMLSecurityException("Unsupported Signature Method"); } ! transformsElement.addElement(XMLSecTools.createQName("Transform")).addAttribute("Algorithm", "http://www.w3.org/TR/2001/REC-xml-c14n-20010315"); ! type = sigtype; ! final String id = Utility.denullString(root.attributeValue("Id"), root.attributeValue("ID")); if (!Utility.isEmpty(id)) ! createAttribute("URI", "#" + id); ! addDigest(canon, ref); } *************** *** 196,205 **** public Reference(final String uri) throws XMLSecurityException { super(Reference.TAG_NAME); ! type=XMLSIGTYPE_DETACHED; ! createAttribute("URI",uri); ! addDigest(new Canonicalizer(),loadReference(uri)); } /** * Build this from XML Reference Element * @param elem * @throws XMLSecurityException --- 203,214 ---- public Reference(final String uri) throws XMLSecurityException { super(Reference.TAG_NAME); ! type = XMLSIGTYPE_DETACHED; ! createAttribute("URI", uri); ! addDigest(new Canonicalizer(), loadReference(uri)); } + /** * Build this from XML Reference Element + * * @param elem * @throws XMLSecurityException *************** *** 209,258 **** if (!elem.getQName().getName().equals(TAG_NAME)) throw new XMLSecurityException("Element: " + elem.getQualifiedName() + " is not a valid: " + XMLSecTools.NS_DS.getPrefix() + ":" + TAG_NAME); ! type=findSignatureType(elem); ! byte digest[]=XMLSecTools.decodeBase64Element(getElement().element(XMLSecTools.createQName("DigestValue"))); ! final Object object=findRefElement(elem); ! if (object==null) ! throw new XMLSecurityException("Couldnt Dereference Object:\n "+elem.asXML()); final Canonicalizer canon; ! if (type==XMLSIGTYPE_ENVELOPED) ! canon=new CanonicalizerWithoutSignature(); else ! canon=new Canonicalizer(); final byte dig2[] = createDigest(canon, object); ! if (!CryptoTools.equalByteArrays(digest,dig2)) ! throw new InvalidSignatureException(digest,dig2); } private void addDigest(final Canonicalizer canon, Object root) throws XMLSecurityException { ! addElement("DigestMethod").addAttribute(XMLSecTools.createQName("Algorithm"),"http://www.w3.org/2000/09/xmldsig#sha1"); ! getElement().add(XMLSecTools.base64ToElement("DigestValue",createDigest(canon,root))); } private static byte[] createDigest(final Canonicalizer canon, Object root) throws XMLSecurityException { final byte[] value = canon.canonicalize(root); ! // System.out.println("Canonicalized:"); // System.out.println(new String(value)); // System.out.println("------"); ! return CryptoTools.digest(value); } private static int findSignatureType(Element elem) { ! final String id=elem.attributeValue("URI"); ! if (!Utility.isEmpty(id)&&id.length()>1){ ! if (id.startsWith("#")) ! return XMLSIGTYPE_ENVELOPING; ! return XMLSIGTYPE_DETACHED; ! } return XMLSIGTYPE_ENVELOPED; } private static Object findRefElement(Element elem) throws XMLSecurityException { ! final String id=elem.attributeValue("URI"); ! if (!Utility.isEmpty(id)&&id.length()>1){ ! if (id.startsWith("#")){ // System.out.println("Ref: "+id.substring(1)); ! return XMLTools.getByID(elem,id.substring(1));//.createCopy(); } // Non Local URI, we need to load it --- 218,268 ---- if (!elem.getQName().getName().equals(TAG_NAME)) throw new XMLSecurityException("Element: " + elem.getQualifiedName() + " is not a valid: " + XMLSecTools.NS_DS.getPrefix() + ":" + TAG_NAME); ! type = findSignatureType(elem); ! byte digest[] = XMLSecTools.decodeBase64Element(getElement().element(XMLSecTools.createQName("DigestValue"))); ! final Object object = findRefElement(elem); ! if (object == null) ! throw new XMLSecurityException("Couldnt Dereference Object:\n " + elem.asXML()); final Canonicalizer canon; ! if (type == XMLSIGTYPE_ENVELOPED) ! canon = new CanonicalizerWithoutSignature(); else ! canon = new Canonicalizer(); final byte dig2[] = createDigest(canon, object); ! if (!CryptoTools.equalByteArrays(digest, dig2)) ! throw new InvalidSignatureException(digest, dig2); } + private void addDigest(final Canonicalizer canon, Object root) throws XMLSecurityException { ! addElement("DigestMethod").addAttribute(XMLSecTools.createQName("Algorithm"), "http://www.w3.org/2000/09/xmldsig#sha1"); ! getElement().add(XMLSecTools.base64ToElement("DigestValue", createDigest(canon, root))); } private static byte[] createDigest(final Canonicalizer canon, Object root) throws XMLSecurityException { final byte[] value = canon.canonicalize(root); ! // System.out.println("Canonicalized Reference:"); // System.out.println(new String(value)); // System.out.println("------"); ! return CryptoTools.digest(value); } private static int findSignatureType(Element elem) { ! final String id = elem.attributeValue("URI"); ! if (!Utility.isEmpty(id) && id.length() > 1) { ! if (id.startsWith("#")) ! return XMLSIGTYPE_ENVELOPING; ! return XMLSIGTYPE_DETACHED; ! } return XMLSIGTYPE_ENVELOPED; } private static Object findRefElement(Element elem) throws XMLSecurityException { ! final String id = elem.attributeValue("URI"); ! if (!Utility.isEmpty(id) && id.length() > 1) { ! if (id.startsWith("#")) { // System.out.println("Ref: "+id.substring(1)); ! return XMLTools.getByID(elem, id.substring(1));//.createCopy(); } // Non Local URI, we need to load it *************** *** 268,281 **** throw new XMLSecurityException("XMLSignature is not linked to Document"); try { ! URL url= new URL(refuri); ! String ref=url.getRef(); ! if (ref!=null) // If we have a reference part it is XML ! return XMLTools.loadDocument(url).getRootElement().elementByID(ref); ! BufferedInputStream is=new BufferedInputStream(url.openStream()); ! ByteArrayOutputStream os=new ByteArrayOutputStream(is.available()); ! byte input[]=new byte[is.available()]; ! int count=0; ! while((count=is.read(input))>=0){ ! os.write(input,0,count); } is.close(); --- 278,291 ---- throw new XMLSecurityException("XMLSignature is not linked to Document"); try { ! URL url = new URL(refuri); ! String ref = url.getRef(); ! if (ref != null) // If we have a reference part it is XML ! return XMLTools.loadDocument(url).getRootElement().elementByID(ref); ! BufferedInputStream is = new BufferedInputStream(url.openStream()); ! ByteArrayOutputStream os = new ByteArrayOutputStream(is.available()); ! byte input[] = new byte[is.available()]; ! int count = 0; ! while ((count = is.read(input)) >= 0) { ! os.write(input, 0, count); } is.close(); *************** *** 291,296 **** ! ! public String getUri(){ return getElement().attributeValue("URI"); } --- 301,305 ---- ! public String getUri() { return getElement().attributeValue("URI"); } Index: XMLSignature.java =================================================================== RCS file: /cvsroot/neuclear/neuclear-xmlsig/src/java/org/neuclear/xml/xmlsec/XMLSignature.java,v retrieving revision 1.13 retrieving revision 1.14 diff -C2 -d -r1.13 -r1.14 *** XMLSignature.java 2 Mar 2004 18:39:57 -0000 1.13 --- XMLSignature.java 2 Mar 2004 23:30:43 -0000 1.14 *************** *** 1,4 **** --- 1,11 ---- /* $Id$ * $Log$ + * Revision 1.14 2004/03/02 23:30:43 pelle + * Renamed SignatureInfo to SignedInfo as that is the name of the Element. + * Made some changes in the Canonicalizer to make all the output verify in Aleksey's xmlsec library. + * Unfortunately this breaks example 3 of merlin-eight's canonicalization interop tests, because dom4j afaik + * can't tell the difference between <test/> and <test xmlns=""/>. + * Changed XMLSignature it is now has less repeated code. + * * Revision 1.13 2004/03/02 18:39:57 pelle * Done some more minor fixes within xmlsig, but mainly I've removed the old Source and Store patterns and sub packages. This is because *************** *** 169,173 **** * * Revision 1.4 2002/10/10 21:29:31 pelle ! * Oops. XML-Signature's SignedInfo element I had coded as SignatureInfo * As I thought Canonicalisation doesnt seem to be standard. * Updated the SignedServlet to default to using ~/.neuclear/signers.ks --- 176,180 ---- * * Revision 1.4 2002/10/10 21:29:31 pelle ! * Oops. XML-Signature's SignedInfo element I had coded as SignedInfo * As I thought Canonicalisation doesnt seem to be standard. * Updated the SignedServlet to default to using ~/.neuclear/signers.ks *************** *** 186,189 **** --- 193,197 ---- import org.dom4j.DocumentHelper; import org.dom4j.Element; + import org.neuclear.commons.crypto.Base64; import org.neuclear.commons.crypto.CryptoException; import org.neuclear.commons.crypto.CryptoTools; *************** *** 197,201 **** import java.security.PrivateKey; import java.security.PublicKey; - import java.security.interfaces.RSAPrivateKey; import java.security.interfaces.RSAPublicKey; --- 205,208 ---- *************** *** 207,213 **** /** * Creates an Enveloped (Embedded) Signature object based on the given element root ! * ! * @param keypair ! * @param root * @throws XMLSecurityException */ --- 214,220 ---- /** * Creates an Enveloped (Embedded) Signature object based on the given element root ! * ! * @param keypair ! * @param root * @throws XMLSecurityException */ *************** *** 233,246 **** } ! //TODO Something does not work right with Enveloping signatures. I am trying to figure out what it is. However enveloped are all ! // that we need for NeuClear, so I may put this on the backburner. ! public XMLSignature(final PrivateKey key, final PublicKey pub, Element root, final int type) throws XMLSecurityException, CryptoException { super(XMLSignature.TAG_NAME); try { ! if (type == Reference.XMLSIGTYPE_ENVELOPED) { root.add(getElement()); ! } else if (type == Reference.XMLSIGTYPE_ENVELOPING) { final Element objElem = XMLSecTools.createElementInSignatureSpace("Object"); ! objElem.addAttribute("Id","data"); DocumentHelper.createDocument(getElement());//As Signature Element is parent we will now add a doc objElem.add(root); --- 240,259 ---- } ! /** ! * Internal constructor used for common stuff regardless of key type ! * ! * @param pub ! * @param root ! * @param type ! * @throws XMLSecurityException ! */ ! private XMLSignature(final PublicKey pub, Element root, final int type) throws XMLSecurityException { super(XMLSignature.TAG_NAME); try { ! if (type == Reference.XMLSIGTYPE_ENVELOPED) { root.add(getElement()); ! } else if (type == Reference.XMLSIGTYPE_ENVELOPING) { final Element objElem = XMLSecTools.createElementInSignatureSpace("Object"); ! objElem.addAttribute("Id", "data"); DocumentHelper.createDocument(getElement());//As Signature Element is parent we will now add a doc objElem.add(root); *************** *** 248,261 **** getElement().add(root); } ! final int alg = (key instanceof RSAPrivateKey) ? SignatureInfo.SIG_ALG_RSA : SignatureInfo.SIG_ALG_DSA; ! si = new SignatureInfo( root, alg, type); addElement(si); ! final byte[] cansi = si.canonicalize(); ! // System.out.println("Canonicalized:"); ! // System.out.println(new String(cansi)); ! // System.out.println("------"); ! addElement(XMLSecTools.base64ToElement("SignatureValue", CryptoTools.sign(key, cansi))); if (pub != null) addElement(new KeyInfo(pub)); // If Enveloping add Object element last if (type == Reference.XMLSIGTYPE_ENVELOPING) { --- 261,271 ---- getElement().add(root); } ! final int alg = (pub instanceof RSAPublicKey) ? SignedInfo.SIG_ALG_RSA : SignedInfo.SIG_ALG_DSA; ! si = new SignedInfo(root, alg, type); addElement(si); ! sigval = addElement("SignatureValue"); if (pub != null) addElement(new KeyInfo(pub)); + // If Enveloping add Object element last if (type == Reference.XMLSIGTYPE_ENVELOPING) { *************** *** 267,304 **** } } ! public XMLSignature(final String name, final Signer signer, Element root,final int type) throws XMLSecurityException, NonExistingSignerException, UserCancellationException { ! super(XMLSignature.TAG_NAME); ! if (! (signer instanceof PublicKeySource)) ! throw new XMLSecurityException("We Require a PublicKeySource"); ! PublicKeySource src=(PublicKeySource)signer; ! try { ! if (type == Reference.XMLSIGTYPE_ENVELOPED) { ! root.add(getElement()); ! } else if (type == Reference.XMLSIGTYPE_ENVELOPING) { ! final Element objElem = XMLSecTools.createElementInSignatureSpace("Object"); ! objElem.addAttribute("Id","data"); ! DocumentHelper.createDocument(getElement());//As Signature Element is parent we will now add a doc ! objElem.add(root); ! root = objElem; ! getElement().add(root); ! } ! final PublicKey pub = src.getPublicKey(name); ! final int alg = (pub instanceof RSAPublicKey) ? SignatureInfo.SIG_ALG_RSA : SignatureInfo.SIG_ALG_DSA; ! si = new SignatureInfo( root, alg, type); ! addElement(si); ! final byte[] cansi = si.canonicalize(); // System.out.println("Canonicalized:"); // System.out.println(new String(cansi)); // System.out.println("------"); ! addElement(XMLSecTools.base64ToElement("SignatureValue", signer.sign(name, cansi))); ! final KeyInfo key = new KeyInfo(pub); ! addElement(key); ! if (type == Reference.XMLSIGTYPE_ENVELOPING) { ! getElement().remove(root); ! getElement().add(root); ! } ! } catch (XMLException e) { ! throw new XMLSecurityException(e); ! } } --- 277,303 ---- } } ! ! public XMLSignature(final PrivateKey key, final PublicKey pub, Element root, final int type) throws XMLSecurityException, CryptoException { ! this(pub, root, type); ! final byte[] cansi = si.canonicalize(); // System.out.println("Canonicalized:"); // System.out.println(new String(cansi)); // System.out.println("------"); ! sigval.setText(Base64.encode(CryptoTools.sign(key, cansi))); ! } ! ! public XMLSignature(final String name, final Signer signer, Element root, final int type) throws XMLSecurityException, UserCancellationException, NonExistingSignerException { ! this(getPublicKey(signer, name), root, type); ! final byte[] cansi = si.canonicalize(); ! // System.out.println("Canonicalized SI:"); ! // System.out.println(new String(cansi)); ! // System.out.println("------"); ! sigval.setText(Base64.encode(signer.sign(name, cansi))); ! } ! ! private static PublicKey getPublicKey(final Signer signer, final String name) throws XMLSecurityException, NonExistingSignerException { ! if (!(signer instanceof PublicKeySource)) ! throw new XMLSecurityException("The Signer must also be a public key source"); ! return ((PublicKeySource) signer).getPublicKey(name); } *************** *** 308,313 **** if (!elem.getQName().equals(XMLSecTools.createQName(TAG_NAME)) || siElem == null) // Not sure if equals is imeplemented properly for QNames throw new XMLSecurityException("Element: " + elem.getQualifiedName() + " is not a valid: " + XMLSecTools.NS_DS.getPrefix() + ":" + TAG_NAME); ! si = new SignatureInfo(siElem); ! KeyInfo key=getKeyInfo(); if (key == null) throw new XMLSecurityException("No included PublicKey, can not verify."); --- 307,312 ---- if (!elem.getQName().equals(XMLSecTools.createQName(TAG_NAME)) || siElem == null) // Not sure if equals is imeplemented properly for QNames throw new XMLSecurityException("Element: " + elem.getQualifiedName() + " is not a valid: " + XMLSecTools.NS_DS.getPrefix() + ":" + TAG_NAME); ! si = new SignedInfo(siElem); ! KeyInfo key = getKeyInfo(); if (key == null) throw new XMLSecurityException("No included PublicKey, can not verify."); *************** *** 327,336 **** } ! public XMLSignature(final Element elem,PublicKey pub) throws XMLSecurityException, InvalidSignatureException { super(elem); final Element siElem = elem.element(XMLSecTools.createQName("SignedInfo")); if (!elem.getQName().equals(XMLSecTools.createQName(TAG_NAME)) || siElem == null) // Not sure if equals is imeplemented properly for QNames throw new XMLSecurityException("Element: " + elem.getQualifiedName() + " is not a valid: " + XMLSecTools.NS_DS.getPrefix() + ":" + TAG_NAME); ! si = new SignatureInfo(siElem); final byte[] sig = getSignature(); final byte[] cansi = si.canonicalize(); --- 326,335 ---- } ! public XMLSignature(final Element elem, PublicKey pub) throws XMLSecurityException, InvalidSignatureException { super(elem); final Element siElem = elem.element(XMLSecTools.createQName("SignedInfo")); if (!elem.getQName().equals(XMLSecTools.createQName(TAG_NAME)) || siElem == null) // Not sure if equals is imeplemented properly for QNames throw new XMLSecurityException("Element: " + elem.getQualifiedName() + " is not a valid: " + XMLSecTools.NS_DS.getPrefix() + ":" + TAG_NAME); ! si = new SignedInfo(siElem); final byte[] sig = getSignature(); final byte[] cansi = si.canonicalize(); *************** *** 355,383 **** public final PublicKey getSignersKey() throws XMLSecurityException { ! KeyInfo key=getKeyInfo(); if (key == null) return null; return key.getPublicKey(); } public final String getSignersId() throws XMLSecurityException { ! KeyInfo key=getKeyInfo(); if (key == null) return null; return key.getKeyName(); } ! private final synchronized KeyInfo getKeyInfo() throws XMLSecurityException{ ! if (ki==null){ final Element keyInfoElem = getElement().element(XMLSecTools.createQName("KeyInfo")); if (keyInfoElem != null) ! ki=new KeyInfo(keyInfoElem); } return ki; } ! protected final SignatureInfo getSi() { return si; } ! private SignatureInfo si; private KeyInfo ki; private static final String TAG_NAME = "Signature"; --- 354,385 ---- public final PublicKey getSignersKey() throws XMLSecurityException { ! KeyInfo key = getKeyInfo(); if (key == null) return null; return key.getPublicKey(); } + public final String getSignersId() throws XMLSecurityException { ! KeyInfo key = getKeyInfo(); if (key == null) return null; return key.getKeyName(); } ! ! private final synchronized KeyInfo getKeyInfo() throws XMLSecurityException { ! if (ki == null) { final Element keyInfoElem = getElement().element(XMLSecTools.createQName("KeyInfo")); if (keyInfoElem != null) ! ki = new KeyInfo(keyInfoElem); } return ki; } ! protected final SignedInfo getSi() { return si; } ! private SignedInfo si; ! private Element sigval; private KeyInfo ki; private static final String TAG_NAME = "Signature"; --- SignatureInfo.java DELETED --- |
