1 17 package com.sun.org.apache.xml.internal.security.signature; 18 19 20 21 import java.io.IOException ; 22 import java.io.OutputStream ; 23 import java.security.Key ; 24 import java.security.PublicKey ; 25 import java.security.cert.X509Certificate ; 26 27 import javax.crypto.SecretKey; 28 29 import com.sun.org.apache.xml.internal.security.algorithms.SignatureAlgorithm; 30 import com.sun.org.apache.xml.internal.security.c14n.CanonicalizationException; 31 import com.sun.org.apache.xml.internal.security.c14n.Canonicalizer; 32 import com.sun.org.apache.xml.internal.security.c14n.InvalidCanonicalizerException; 33 import com.sun.org.apache.xml.internal.security.exceptions.Base64DecodingException; 34 import com.sun.org.apache.xml.internal.security.exceptions.XMLSecurityException; 35 import com.sun.org.apache.xml.internal.security.keys.KeyInfo; 36 import com.sun.org.apache.xml.internal.security.keys.content.X509Data; 37 import com.sun.org.apache.xml.internal.security.transforms.Transforms; 38 import com.sun.org.apache.xml.internal.security.utils.Base64; 39 import com.sun.org.apache.xml.internal.security.utils.Constants; 40 import com.sun.org.apache.xml.internal.security.utils.I18n; 41 import com.sun.org.apache.xml.internal.security.utils.IdResolver; 42 import com.sun.org.apache.xml.internal.security.utils.SignatureElementProxy; 43 import com.sun.org.apache.xml.internal.security.utils.SignerOutputStream; 44 import com.sun.org.apache.xml.internal.security.utils.UnsyncBufferedOutputStream; 45 import com.sun.org.apache.xml.internal.security.utils.XMLUtils; 46 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver; 47 import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi; 48 import org.w3c.dom.Document ; 49 import org.w3c.dom.Element ; 50 import org.w3c.dom.Node ; 51 import org.w3c.dom.Text ; 52 53 54 76 public final class XMLSignature extends SignatureElementProxy { 77 78 79 static java.util.logging.Logger log = 80 java.util.logging.Logger.getLogger(XMLSignature.class.getName()); 81 82 84 public static final String ALGO_ID_MAC_HMAC_SHA1 = Constants.SignatureSpecNS + "hmac-sha1"; 85 86 87 public static final String ALGO_ID_SIGNATURE_DSA = Constants.SignatureSpecNS + "dsa-sha1"; 88 89 90 public static final String ALGO_ID_SIGNATURE_RSA = Constants.SignatureSpecNS + "rsa-sha1"; 91 92 public static final String ALGO_ID_SIGNATURE_RSA_SHA1 = Constants.SignatureSpecNS + "rsa-sha1"; 93 94 public static final String ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5 = Constants.MoreAlgorithmsSpecNS + "rsa-md5"; 95 96 public static final String ALGO_ID_SIGNATURE_RSA_RIPEMD160 = Constants.MoreAlgorithmsSpecNS + "rsa-ripemd160"; 97 98 public static final String ALGO_ID_SIGNATURE_RSA_SHA256 = Constants.MoreAlgorithmsSpecNS + "rsa-sha256"; 99 100 public static final String ALGO_ID_SIGNATURE_RSA_SHA384 = Constants.MoreAlgorithmsSpecNS + "rsa-sha384"; 101 102 public static final String ALGO_ID_SIGNATURE_RSA_SHA512 = Constants.MoreAlgorithmsSpecNS + "rsa-sha512"; 103 104 105 public static final String ALGO_ID_MAC_HMAC_NOT_RECOMMENDED_MD5 = Constants.MoreAlgorithmsSpecNS + "hmac-md5"; 106 107 public static final String ALGO_ID_MAC_HMAC_RIPEMD160 = Constants.MoreAlgorithmsSpecNS + "hmac-ripemd160"; 108 109 public static final String ALGO_ID_MAC_HMAC_SHA256 = Constants.MoreAlgorithmsSpecNS + "hmac-sha256"; 110 111 public static final String ALGO_ID_MAC_HMAC_SHA384 = Constants.MoreAlgorithmsSpecNS + "hmac-sha384"; 112 113 public static final String ALGO_ID_MAC_HMAC_SHA512 = Constants.MoreAlgorithmsSpecNS + "hmac-sha512"; 114 116 117 private SignedInfo _signedInfo = null; 118 119 120 private KeyInfo _keyInfo = null; 121 122 127 private boolean _followManifestsDuringValidation = false; 128 129 141 public XMLSignature(Document doc, String BaseURI, String SignatureMethodURI) 142 throws XMLSecurityException { 143 this(doc, BaseURI, SignatureMethodURI, 0, 144 Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS); 145 } 146 147 156 public XMLSignature( 157 Document doc, String BaseURI, String SignatureMethodURI, int HMACOutputLength) 158 throws XMLSecurityException { 159 this(doc, BaseURI, SignatureMethodURI, HMACOutputLength, 160 Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS); 161 } 162 163 172 public XMLSignature( 173 Document doc, String BaseURI, String SignatureMethodURI, String CanonicalizationMethodURI) 174 throws XMLSecurityException { 175 this(doc, BaseURI, SignatureMethodURI, 0, CanonicalizationMethodURI); 176 } 177 178 188 public XMLSignature( 189 Document doc, String BaseURI, String SignatureMethodURI, int HMACOutputLength, String CanonicalizationMethodURI) 190 throws XMLSecurityException { 191 192 super(doc); 193 194 XMLUtils.addReturnToElement(this._constructionElement); 195 196 this._baseURI = BaseURI; 197 this._signedInfo = new SignedInfo(this._doc, SignatureMethodURI, 198 HMACOutputLength, 199 CanonicalizationMethodURI); 200 201 this._constructionElement.appendChild(this._signedInfo.getElement()); 202 XMLUtils.addReturnToElement(this._constructionElement); 203 204 Element signatureValueElement = 206 XMLUtils.createElementInSignatureSpace(this._doc, 207 Constants._TAG_SIGNATUREVALUE); 208 209 this._constructionElement.appendChild(signatureValueElement); 210 XMLUtils.addReturnToElement(this._constructionElement); 211 } 212 220 public XMLSignature( 221 Document doc, String BaseURI, Element SignatureMethodElem, Element CanonicalizationMethodElem) 222 throws XMLSecurityException { 223 224 super(doc); 225 226 XMLUtils.addReturnToElement(this._constructionElement); 227 228 this._baseURI = BaseURI; 229 this._signedInfo = new SignedInfo(this._doc, SignatureMethodElem, CanonicalizationMethodElem); 230 231 this._constructionElement.appendChild(this._signedInfo.getElement()); 232 XMLUtils.addReturnToElement(this._constructionElement); 233 234 Element signatureValueElement = 236 XMLUtils.createElementInSignatureSpace(this._doc, 237 Constants._TAG_SIGNATUREVALUE); 238 239 this._constructionElement.appendChild(signatureValueElement); 240 XMLUtils.addReturnToElement(this._constructionElement); 241 } 242 243 252 public XMLSignature(Element element, String BaseURI) 253 throws XMLSignatureException, XMLSecurityException { 254 255 super(element, BaseURI); 256 257 Element signedInfoElem = XMLUtils.selectDsNode(this._constructionElement.getFirstChild(), 259 Constants._TAG_SIGNEDINFO,0); 260 261 if (signedInfoElem == null) { 263 Object exArgs[] = { Constants._TAG_SIGNEDINFO, 264 Constants._TAG_SIGNATURE }; 265 266 throw new XMLSignatureException("xml.WrongContent", exArgs); 267 } 268 269 this._signedInfo = new SignedInfo(signedInfoElem, BaseURI); 271 272 Element signatureValueElement = XMLUtils.selectDsNode(this._constructionElement.getFirstChild(), 274 Constants._TAG_SIGNATUREVALUE,0); 275 276 if (signatureValueElement == null) { 278 Object exArgs[] = { Constants._TAG_SIGNATUREVALUE, 279 Constants._TAG_SIGNATURE }; 280 281 throw new XMLSignatureException("xml.WrongContent", exArgs); 282 } 283 284 Element keyInfoElem =XMLUtils.selectDsNode(this._constructionElement.getFirstChild(), 286 Constants._TAG_KEYINFO,0); 287 288 if (keyInfoElem != null) { 290 this._keyInfo = new KeyInfo(keyInfoElem, BaseURI); 291 } 292 } 293 294 299 public void setId(String Id) { 300 301 if ((this._state == MODE_SIGN) && (Id != null)) { 302 this._constructionElement.setAttributeNS(null, Constants._ATT_ID, Id); 303 IdResolver.registerElementById(this._constructionElement, Id); 304 } 305 } 306 307 312 public String getId() { 313 return this._constructionElement.getAttributeNS(null, Constants._ATT_ID); 314 } 315 316 321 public SignedInfo getSignedInfo() { 322 return this._signedInfo; 323 } 324 325 332 public byte[] getSignatureValue() throws XMLSignatureException { 333 334 try { 335 Element signatureValueElem = XMLUtils.selectDsNode(this._constructionElement.getFirstChild(), 336 Constants._TAG_SIGNATUREVALUE,0); 337 byte[] signatureValue = Base64.decode(signatureValueElem); 338 339 return signatureValue; 340 } catch (Base64DecodingException ex) { 341 throw new XMLSignatureException("empty", ex); 342 } 343 } 344 345 351 private void setSignatureValueElement(byte[] bytes) 352 { 353 354 if (this._state == MODE_SIGN) { 355 Element signatureValueElem = XMLUtils.selectDsNode(this._constructionElement.getFirstChild(), 356 Constants._TAG_SIGNATUREVALUE,0); 357 while (signatureValueElem.hasChildNodes()) { 358 signatureValueElem.removeChild(signatureValueElem.getFirstChild()); 359 } 360 361 String base64codedValue = Base64.encode(bytes); 362 363 if (base64codedValue.length() > 76) { 364 base64codedValue = "\n" + base64codedValue + "\n"; 365 } 366 367 Text t = this._doc.createTextNode(base64codedValue); 368 369 signatureValueElem.appendChild(t); 370 } 371 } 372 373 381 public KeyInfo getKeyInfo() { 382 383 if ((this._state == MODE_SIGN) && (this._keyInfo == null)) { 385 386 this._keyInfo = new KeyInfo(this._doc); 388 389 Element keyInfoElement = this._keyInfo.getElement(); 391 Element firstObject=null; 392 Node sibling= this._constructionElement.getFirstChild(); 393 firstObject = XMLUtils.selectDsNode(sibling,Constants._TAG_OBJECT,0); 394 395 if (firstObject != null) { 396 397 this._constructionElement.insertBefore(keyInfoElement, 399 firstObject); 400 this._constructionElement 401 .insertBefore(this._doc.createTextNode("\n"), firstObject); 402 } else { 403 404 this._constructionElement.appendChild(keyInfoElement); 406 XMLUtils.addReturnToElement(this._constructionElement); 407 } 408 } 409 410 return this._keyInfo; 411 } 412 413 421 public void appendObject(ObjectContainer object) 422 throws XMLSignatureException { 423 424 try { 425 if (this._state != MODE_SIGN) { 426 throw new XMLSignatureException( 427 "signature.operationOnlyBeforeSign"); 428 } 429 430 this._constructionElement.appendChild(object.getElement()); 431 XMLUtils.addReturnToElement(this._constructionElement); 432 } catch (XMLSecurityException ex) { 433 throw new XMLSignatureException("empty", ex); 434 } 435 } 436 437 444 public ObjectContainer getObjectItem(int i) { 445 446 Element objElem = XMLUtils.selectDsNode(this._constructionElement.getFirstChild(), 447 Constants._TAG_OBJECT,i); 448 449 try { 450 return new ObjectContainer(objElem, this._baseURI); 451 } catch (XMLSecurityException ex) { 452 return null; 453 } 454 } 455 456 461 public int getObjectLength() { 462 return this.length(Constants.SignatureSpecNS, Constants._TAG_OBJECT); 463 } 464 465 472 public void sign(Key signingKey) throws XMLSignatureException { 473 474 if (signingKey instanceof PublicKey ) { 475 throw new IllegalArgumentException (I18n 476 .translate("algorithms.operationOnlyVerification")); 477 } 478 479 try { 480 if (this._state == MODE_SIGN) { 481 482 Element signatureMethodElement = 485 this._signedInfo.getSignatureMethodElement(); 486 487 SignatureAlgorithm sa = 489 new SignatureAlgorithm(signatureMethodElement, 490 this.getBaseURI()); 491 492 sa.initSign(signingKey); 494 495 SignedInfo si = this.getSignedInfo(); 496 497 si.generateDigestValues(); 499 OutputStream so=new UnsyncBufferedOutputStream(new SignerOutputStream(sa)); 500 try { 501 so.close(); 502 } catch (IOException e) { 503 } 505 si.signInOctectStream(so); 507 508 byte jcebytes[] = sa.sign(); 509 510 this.setSignatureValueElement(jcebytes); 512 } 513 } catch (CanonicalizationException ex) { 514 throw new XMLSignatureException("empty", ex); 515 } catch (InvalidCanonicalizerException ex) { 516 throw new XMLSignatureException("empty", ex); 517 } catch (XMLSecurityException ex) { 518 throw new XMLSignatureException("empty", ex); 519 } 520 } 521 522 527 public void addResourceResolver(ResourceResolver resolver) { 528 this.getSignedInfo().addResourceResolver(resolver); 529 } 530 531 536 public void addResourceResolver(ResourceResolverSpi resolver) { 537 this.getSignedInfo().addResourceResolver(resolver); 538 } 539 540 550 public boolean checkSignatureValue(X509Certificate cert) 551 throws XMLSignatureException { 552 553 if (cert != null) { 555 556 return this.checkSignatureValue(cert.getPublicKey()); 558 } 559 560 Object exArgs[] = { "Didn't get a certificate" }; 561 throw new XMLSignatureException("empty", exArgs); 562 563 } 564 565 574 public boolean checkSignatureValue(Key pk) throws XMLSignatureException { 575 576 if (pk == null) { 579 Object exArgs[] = { "Didn't get a key" }; 580 581 throw new XMLSignatureException("empty", exArgs); 582 } 583 584 try { 585 586 SignatureAlgorithm sa = 589 new SignatureAlgorithm(this.getSignedInfo() 590 .getSignatureMethodElement(), this.getBaseURI()); 591 if (true) { 592 if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "SignatureMethodURI = " + sa.getAlgorithmURI()); 593 if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "jceSigAlgorithm = " + sa.getJCEAlgorithmString()); 594 if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "jceSigProvider = " + sa.getJCEProviderName()); 595 if (log.isLoggable(java.util.logging.Level.FINE)) log.log(java.util.logging.Level.FINE, "PublicKey = " + pk); 596 } 597 sa.initVerify(pk); 598 599 SignerOutputStream so=new SignerOutputStream(sa); 601 OutputStream bos=new UnsyncBufferedOutputStream(so); 602 this._signedInfo.signInOctectStream(bos); 603 try { 604 bos.close(); 605 } catch (IOException e) { 606 } 608 609 byte sigBytes[] = this.getSignatureValue(); 611 612 613 if (!sa.verify(sigBytes)) { 616 return false; 617 } 618 619 return this.getSignedInfo().verify 625 (this._followManifestsDuringValidation); 626 } catch (XMLSecurityException ex) { 627 throw new XMLSignatureException("empty", ex); 628 } 629 } 630 631 644 public void addDocument( 645 String referenceURI, Transforms trans, String digestURI, String ReferenceId, String ReferenceType) 646 throws XMLSignatureException { 647 this._signedInfo.addDocument(this._baseURI, referenceURI, trans, 648 digestURI, ReferenceId, ReferenceType); 649 } 650 651 660 public void addDocument( 661 String referenceURI, Transforms trans, String digestURI) 662 throws XMLSignatureException { 663 this._signedInfo.addDocument(this._baseURI, referenceURI, trans, 664 digestURI, null, null); 665 } 666 667 675 public void addDocument(String referenceURI, Transforms trans) 676 throws XMLSignatureException { 677 this._signedInfo.addDocument(this._baseURI, referenceURI, trans, 678 Constants.ALGO_ID_DIGEST_SHA1, null, null); 679 } 680 681 688 public void addDocument(String referenceURI) throws XMLSignatureException { 689 this._signedInfo.addDocument(this._baseURI, referenceURI, null, 690 Constants.ALGO_ID_DIGEST_SHA1, null, null); 691 } 692 693 700 public void addKeyInfo(X509Certificate cert) throws XMLSecurityException { 701 702 X509Data x509data = new X509Data(this._doc); 703 704 x509data.addCertificate(cert); 705 this.getKeyInfo().add(x509data); 706 } 707 708 714 public void addKeyInfo(PublicKey pk) { 715 this.getKeyInfo().add(pk); 716 } 717 718 727 public SecretKey createSecretKey(byte[] secretKeyBytes) 728 { 729 return this.getSignedInfo().createSecretKey(secretKeyBytes); 730 } 731 732 741 public void setFollowNestedManifests(boolean followManifests) { 742 this._followManifestsDuringValidation = followManifests; 743 } 744 745 750 public String getBaseLocalName() { 751 return Constants._TAG_SIGNATURE; 752 } 753 } 754 | Popular Tags |