Java XMLSignatureException類代碼示例

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
public Result validate ( final Document doc ) throws Exception
{
    final NodeList nl = doc.getElementsByTagNameNS ( XMLSignature.XMLNS, "Signature" ); //$NON-NLS-1$

    if ( nl.getLength () == 0 )
    {
        return new Result ( StatusCodes.VALIDATE_NO_SIGNATURE_DATA, "No signature data found" );
    }

    final DOMValidateContext dvc = new DOMValidateContext ( this.keySelector, nl.item ( 0 ) );

    final XMLSignature signature = this.factory.unmarshalXMLSignature ( dvc );

    try
    {
        final boolean result = signature.validate ( dvc );

        return new Result ( result, signature );
    }
    catch ( final XMLSignatureException e )
    {
        logger.debug ( "Failed to perform validation", e );
        return Result.INVALID;
    }
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
@org.junit.Test
public void testLocalFilesystem() throws Exception {
    String file = "signature-external-c14n-xmlatrs.xml";

    DOMValidateContext vc =
        validator.getValidateContext(
            file, new KeySelectors.SecretKeySelector("secret".getBytes("ASCII"))
        );

    vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.FALSE);
    boolean coreValidity = validator.validate(vc);
    assertTrue("Signature failed core validation", coreValidity);

    vc.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);

    try {
        validator.validate(vc);
        fail("Failure expected when secure validation is enabled");
    } catch (XMLSignatureException ex) {
        assertTrue(ex.getMessage().contains("URIReferenceException"));
    }
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
private static String explainValidationProblem(
    DOMValidateContext context, XMLSignature signature)
        throws XMLSignatureException {
  @SuppressWarnings("unchecked")  // Safe by specification.
  List<Reference> references = signature.getSignedInfo().getReferences();
  StringBuilder builder = new StringBuilder();
  builder.append("Signature failed core validation\n");
  boolean sv = signature.getSignatureValue().validate(context);
  builder.append("Signature validation status: " + sv + "\n");
  for (Reference ref : references) {
    builder.append("references[");
    builder.append(ref.getURI());
    builder.append("] validity status: ");
    builder.append(ref.validate(context));
    builder.append("\n");
  }
  return builder.toString();
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
/**
 * Verification via the default JSR105 implementation triggers some
 * canonicalization errors.
 * 
 * @param odfUrl
 * @param signatureNode
 * @throws MarshalException
 * @throws XMLSignatureException
 */
private boolean verifySignature(URL odfUrl, Node signatureNode) throws MarshalException, XMLSignatureException {

	// work-around for Java 7
	Element signedPropertiesElement = (Element) ((Element) signatureNode)
			.getElementsByTagNameNS(XAdESXLSignatureFacet.XADES_NAMESPACE, "SignedProperties").item(0);
	if (null != signedPropertiesElement) {
		signedPropertiesElement.setIdAttribute("Id", true);
	}

	DOMValidateContext domValidateContext = new DOMValidateContext(new KeyInfoKeySelector(), signatureNode);
	ODFURIDereferencer dereferencer = new ODFURIDereferencer(odfUrl);
	domValidateContext.setURIDereferencer(dereferencer);
	XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance();
	LOG.debug("java version: " + System.getProperty("java.version"));
	/*
	 * Requires Java 6u10 because of a bug. See also:
	 * http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6696582
	 */
	XMLSignature xmlSignature = xmlSignatureFactory.unmarshalXMLSignature(domValidateContext);
	boolean validity = xmlSignature.validate(domValidateContext);
	return validity;
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
@Test(expected = DigitalSignatureValidationException.class)
public void validate_error() throws Exception {
    // given
    FileInputStream in = null;
    Document document = null;
    try {
        in = new FileInputStream(FILE_OPENAM_RESPONSE);
        document = XMLConverter.convertToDocument(in);
    } finally {
        if (in != null) {
            in.close();
        }
    }
    NodeList nl = document.getElementsByTagNameNS(XMLSignature.XMLNS,
            "Signature");
    doThrow(new XMLSignatureException("")).when(validator)
            .workaroundOpenamBug(any(XMLSignature.class),
                    any(DOMValidateContext.class), anyBoolean());

    // when
    validator.validate(nl.item(0));

    // then exception expected
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
public Envelope buildFault(String request) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, MarshalException, XMLSignatureException {
	Envelope r = buildResponse(request, false);
	r.getBody().getUnknownXMLObjects().clear();
	
	Fault fault = SAMLUtil.buildXMLObject(Fault.class);
	Detail detail = SAMLUtil.buildXMLObject(Detail.class);

	FaultString msg = SAMLUtil.buildXMLObject(FaultString.class);
	msg.setValue("test");
	fault.setMessage(msg);
	
	fault.setDetail(detail);

	XSAny d = new XSAnyBuilder().buildObject("urn:test", "fault", "fa");
	detail.getUnknownXMLObjects().add(d);
	
	r.getBody().getUnknownXMLObjects().add(fault);
	
	return r;
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
public synchronized void sign()
		throws MarshalException,
		XMLSignatureException,
		KeyException {

	if (this.document == null)
		throw new RuntimeException("Can't sign a NULL document");

	Reference reference = this.signatureFactory.newReference(
			referenceUri,
			this.digestMethod,
			this.transformList,
			null,
			null);

	SignedInfo signedInfo = this.signatureFactory.newSignedInfo(
			this.canonicalizationMethod,
			this.signatureMethod,
			Collections.singletonList(reference));

	// Create the KeyInfo containing the X509Data.
	X509Data xd = this.keyInfoFactory.newX509Data(
			Collections.singletonList(this.certificateWithKey.certificate));

	KeyInfo keyInfo = this.keyInfoFactory.newKeyInfo(Collections.singletonList(xd));

	XMLSignature signature = this.signatureFactory.newXMLSignature(
			signedInfo,
			keyInfo);

	DOMSignContext signingContext = new DOMSignContext(
			this.certificateWithKey.privateKey,
			document.getDocumentElement());

	signature.sign(signingContext);
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
public synchronized boolean validate()
		throws MarshalException,
		XMLSignatureException {

	// Find Signature element.
	NodeList list = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
	if (list.getLength() == 0) {
		throw new RuntimeException("Cannot find Signature element");
	}

	// Create a DOMValidateContext and specify a KeySelector
	// and document context.
	DOMValidateContext validateContext = new DOMValidateContext(new X509CertificateKeySelector(), list.item(0));

	// Unmarshal the XMLSignature.
	XMLSignature signature = this.signatureFactory.unmarshalXMLSignature(validateContext);

	// Validate the XMLSignature.
	if (signature.validate(validateContext)) {
		return true;
	} else {
		Iterator<?> i = signature.getSignedInfo().getReferences().iterator();
		for (int j = 0; i.hasNext(); j++) {
			System.out.print("ref[" + j + "] -> ");
			Reference ref = (Reference) i.next();
			System.out.print(ref.getURI());
			System.out.print(", ");
			System.out.print(ref.getDigestMethod().toString());
			System.out.print(", ");
			System.out.print(ref.getId());
			boolean refValid = ref.validate(validateContext);
			System.out.print(", validity status: " + refValid + "\r\n");
		}
		return false;
	}
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
public Document sign(FileInputStream fileStream, KeyPair keyPair)
        throws ParserConfigurationException, SAXException, IOException,
        NoSuchAlgorithmException, InvalidAlgorithmParameterException,
        KeyException, MarshalException, XMLSignatureException {

    DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
    factory.setNamespaceAware(true);

    DocumentBuilder builder = factory.newDocumentBuilder();
    Document document = builder.parse(fileStream);

    DOMSignContext signContext = new DOMSignContext(keyPair.getPrivate(),
            document.getDocumentElement());
    XMLSignatureFactory signFactory = XMLSignatureFactory
            .getInstance("DOM");
    Reference ref = signFactory.newReference("", signFactory
            .newDigestMethod(digestMethod, null), Collections
            .singletonList(signFactory.newTransform(Transform.ENVELOPED,
                    (TransformParameterSpec) null)), null, null);
    SignedInfo si = signFactory.newSignedInfo(signFactory
            .newCanonicalizationMethod(
                    CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
                    (C14NMethodParameterSpec) null), signFactory
            .newSignatureMethod(signatureMethod, null), Collections
            .singletonList(ref));

    KeyInfoFactory kif = signFactory.getKeyInfoFactory();
    KeyValue kv = kif.newKeyValue(keyPair.getPublic());
    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));

    XMLSignature signature = signFactory.newXMLSignature(si, ki);
    signature.sign(signContext);

    return document;
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
private boolean validate(final DOMValidateContext validationContext)
        throws DigitalSignatureValidationException {

    try {
        // if (getLogger().isDebugLoggingEnabled()) {
        // enableReferenceCaching(validationContext);
        // }

        XMLSignatureFactory factory = XMLSignatureFactory
                .getInstance(XML_MECHANISM_TYPE);
        XMLSignature signature = factory
                .unmarshalXMLSignature(validationContext);
        boolean validationResult = signature.validate(validationContext);

        validationResult = workaroundOpenamBug(signature,
                validationContext, validationResult);

        // if (getLogger().isDebugLoggingEnabled()) {
        // debugLogReferences(signature, validationContext);
        // }
        return validationResult;
    } catch (XMLSignatureException | MarshalException exception) {
        throw new DigitalSignatureValidationException(
                "Error occurred during digital signature validation process",
                DigitalSignatureValidationException.ReasonEnum.EXCEPTION_OCCURRED,
                exception);
    }
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
/**
 * The overall signature validation consists of two steps, one is the
 * validation of the signature itself and the other the validation of the
 * references digest values. Because of a canonicalization bug in openam,
 * which is not yet registered, the second verification cannot be done.
 * 
 * @return true if the signature validation has not failed, even if the
 *         reference validation failed.
 */
boolean workaroundOpenamBug(XMLSignature signature,
        DOMValidateContext validationContext, boolean validationResult)
        throws XMLSignatureException {
    if (!validationResult) {
        if (signature.getSignatureValue().validate(validationContext)) {
            return true;
        }
    }
    return validationResult;
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
/** 
 * Signs the Excel OOXML file and writes it to the final outputstream
 * 
 * @param privateKey private Key for signing
 * @param x509 Certificate for private Key for signing
 * @param password optional password for encryption, if used
 * @param hashAlgorithm hash algorithm to be used
 * 
 * @throws MarshalException 
 * @throws XMLSignatureException 
 * @throws IOException 
 * @throws FormatNotUnderstoodException 
 */
public void sign(Key privateKey, X509Certificate x509, String password, HashAlgorithm hashAlgorithm) throws XMLSignatureException, MarshalException, IOException, FormatNotUnderstoodException {
	if (this.tempSignFileOS!=null) { // close it we sign only a closed temporary file
		this.tempSignFileOS.close();
	}
	SignatureConfig sc = new SignatureConfig();
       sc.addSignatureFacet(new OOXMLSignatureFacet());
       sc.addSignatureFacet(new KeyInfoSignatureFacet());
       sc.addSignatureFacet(new XAdESSignatureFacet());
       sc.addSignatureFacet(new Office2010SignatureFacet());
	sc.setKey((PrivateKey)privateKey);
	sc.setSigningCertificateChain(Collections.singletonList(x509));
	sc.setDigestAlgo(hashAlgorithm);
	FileInputStream tempSignFileIS = null;
	try {
		
		InputStream tmpFileInputStream = new FileInputStream(this.tempSignFile);
		if (password==null) {
			this.signUnencryptedOpcPackage(tmpFileInputStream, sc);
		} else {
			this.signEncryptedPackage(tmpFileInputStream, sc, password);
		}
		
	} catch (InvalidFormatException | IOException e) {
		LOG.error(e);
	} finally {
		if (this.finalOutputStream!=null) {
			this.finalOutputStream.close();
		}
		if (tempSignFileIS!=null) {
			tempSignFileIS.close();
		}
	}
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
private void signUnencryptedOpcPackage(InputStream tmpFileInputStream, SignatureConfig sc) throws InvalidFormatException, IOException, XMLSignatureException, MarshalException {
	OPCPackage	pkg = OPCPackage.open(tmpFileInputStream);
	sc.setOpcPackage(pkg);
	SignatureInfo si = new SignatureInfo();
	si.setSignatureConfig(sc);
	si.confirmSignature();
	pkg.save(this.finalOutputStream);
	pkg.close();
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
private void signEncryptedPackage(InputStream tmpFileInputStream, SignatureConfig sc, String password) throws IOException, InvalidFormatException, FormatNotUnderstoodException, XMLSignatureException, MarshalException {

	NPOIFSFileSystem poifsTemp = new NPOIFSFileSystem(tmpFileInputStream);
	EncryptionInfo info = new EncryptionInfo(poifsTemp);
	Decryptor d = Decryptor.getInstance(info);
	try {
		if (!d.verifyPassword(password)) {
			throw new FormatNotUnderstoodException("Error: Cannot decrypt new Excel file (.xlsx) for signing. Invalid password");
		}
		// signing
		OPCPackage pkg = OPCPackage.open(d.getDataStream(poifsTemp));
		sc.setOpcPackage(pkg);
		SignatureInfo si = new SignatureInfo();
		si.setSignatureConfig(sc);
		si.confirmSignature();
		// encrypt again
		Encryptor enc = info.getEncryptor();
		enc.confirmPassword(password);
		NPOIFSFileSystem poifs = new NPOIFSFileSystem();
		OutputStream os = enc.getDataStream(poifs);
		pkg.save(os);
		pkg.close();
		if (os!=null) {
			os.close();
		}
		poifs.writeFilesystem(this.finalOutputStream);
		if (poifs!=null) {
			poifs.close();
		}
		if (poifsTemp!=null) {
			poifsTemp.close();
		}
	} catch (GeneralSecurityException e) {
		
		LOG.error(e);
		throw new FormatNotUnderstoodException("Error: Cannot decrypt new Excel file (.xlsx)  for signing.");
	}
}
 

import javax.xml.crypto.dsig.XMLSignatureException; //導入依賴的package包/類
@org.junit.Test
public void test_signature_enveloping_hmac_sha1_trunclen_0() throws Exception {
    try {
        validator.validate
            ("signature-enveloping-hmac-sha1-trunclen-0-attack.xml",
            new KeySelectors.SecretKeySelector("secret".getBytes("ASCII")));
        fail("Expected HMACOutputLength exception");
    } catch (XMLSignatureException xse) {
        // System.out.println(xse.getMessage());
        // pass
    }
}