Java DOMSignContext.setDefaultNamespacePrefix方法代碼示例

import javax.xml.crypto.dsig.dom.DOMSignContext; //導入方法依賴的package包/類
private void test_create_signature_enveloping(
    SignatureMethod sm, DigestMethod dm, KeyInfo ki, Key signingKey, KeySelector ks
) throws Exception {

    // create reference
    Reference ref = fac.newReference("#DSig.Object_1", dm, null,
                                     XMLObject.TYPE, null);

    // create SignedInfo
    SignedInfo si = fac.newSignedInfo(withoutComments, sm,
                                      Collections.singletonList(ref));

    Document doc = db.newDocument();
    // create Objects
    Element webElem = doc.createElementNS(null, "Web");
    Text text = doc.createTextNode("up up and away");
    webElem.appendChild(text);
    XMLObject obj = fac.newXMLObject(Collections.singletonList
                                     (new DOMStructure(webElem)), "DSig.Object_1", "text/xml", null);

    // create XMLSignature
    XMLSignature sig = fac.newXMLSignature
    (si, ki, Collections.singletonList(obj), null, null);

    DOMSignContext dsc = new DOMSignContext(signingKey, doc);
    dsc.setDefaultNamespacePrefix("dsig");

    sig.sign(dsc);
    TestUtils.validateSecurityOrEncryptionElement(doc.getDocumentElement());

    // XMLUtils.outputDOM(doc.getDocumentElement(), System.out);

    DOMValidateContext dvc = new DOMValidateContext
    (ks, doc.getDocumentElement());
    XMLSignature sig2 = fac.unmarshalXMLSignature(dvc);

    assertTrue(sig.equals(sig2));
    assertTrue(sig2.validate(dvc));
}
 

import javax.xml.crypto.dsig.dom.DOMSignContext; //導入方法依賴的package包/類
private static void sign(Document document, DigitalSignatureServiceSession session) throws NoSuchAlgorithmException,
		InvalidAlgorithmParameterException, MarshalException, XMLSignatureException {
	Key key = new SecretKeySpec(session.getKey(), "HMACSHA1");
	Node parentElement = document.getElementsByTagNameNS("urn:oasis:names:tc:dss:1.0:core:schema", "OptionalInputs")
			.item(0);
	DOMSignContext domSignContext = new DOMSignContext(key, parentElement);
	domSignContext.setDefaultNamespacePrefix("ds");
	// XMLDSigRI Websphere work-around
	XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM", new XMLDSigRI());

	List<Transform> transforms = new LinkedList<Transform>();
	transforms.add(xmlSignatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
	transforms.add(
			xmlSignatureFactory.newTransform(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null));
	Reference reference = xmlSignatureFactory.newReference("",
			xmlSignatureFactory.newDigestMethod(DigestMethod.SHA1, null), transforms, null, null);

	SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(
			xmlSignatureFactory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,
					(C14NMethodParameterSpec) null),
			xmlSignatureFactory.newSignatureMethod(SignatureMethod.HMAC_SHA1, null),
			Collections.singletonList(reference));

	Element securityTokenReferenceElement = getSecurityTokenReference(session);

	KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
	DOMStructure securityTokenReferenceDOMStructure = new DOMStructure(securityTokenReferenceElement);
	KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(securityTokenReferenceDOMStructure));

	XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
	xmlSignature.sign(domSignContext);
}
 

import javax.xml.crypto.dsig.dom.DOMSignContext; //導入方法依賴的package包/類
public String signMessage(String message, String signedElementId, boolean useEnvelopedTransform, String signatureParent, String signatureSibling)
        throws ConfigurationException {

    try {
    // Create a DOM XMLSignatureFactory that will be used to
        // generate the enveloped signature.
        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");

        List<Transform> transforms = new LinkedList<>();
        if (useEnvelopedTransform) {
            transforms.add(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));
        }
        transforms.add(fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,
                (C14NMethodParameterSpec) null));
        Reference ref = fac.newReference(signedElementId, fac.newDigestMethod(DigestMethod.SHA1, null),
                transforms, null, null);

        // Create the SignedInfo.
        SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,
                (C14NMethodParameterSpec) null),
                fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
                Collections.singletonList(ref));

        KeyStore.PrivateKeyEntry keyEntry
                = (KeyStore.PrivateKeyEntry) keyStore.getEntry(keyAlias, new KeyStore.PasswordProtection(password));
        X509Certificate cert = (X509Certificate) keyEntry.getCertificate();

        // Create the KeyInfo containing the X509Data.
        KeyInfoFactory kif = fac.getKeyInfoFactory();
        List x509Content = new ArrayList(2);
        x509Content.add(cert.getSubjectX500Principal().getName());
        x509Content.add(cert);
        X509Data xd = kif.newX509Data(x509Content);
        KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));

        // Instantiate the document to be signed.
        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
        dbf.setFeature(XMLConstants.FEATURE_SECURE_PROCESSING, true);
        dbf.setNamespaceAware(true);
        Document doc = dbf.newDocumentBuilder().parse(new ByteArrayInputStream(message.getBytes()));

        // set explicitly all Id attributes
        setAllIdAttributesInDocument(doc, "Id");
        setAllIdAttributesInDocument(doc, "ID");

    // Create a DOMSignContext and specify the RSA PrivateKey and
        // location of the resulting XMLSignature's parent element.
        DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
        dsc.setDefaultNamespacePrefix(signatureNamespacePrefix);

        List<? extends Node> nl1 = DomUtilities.evaluateXPath(doc, "//*[local-name()=\"" + signatureParent + "\"]");
        List<? extends Node> nl2 = DomUtilities.evaluateXPath(doc, "//*[local-name()=\"" + signatureSibling + "\"]");
        System.out.println(nl1.get(0));
        dsc.setParent(nl1.get(0));
        dsc.setNextSibling(nl2.get(0));

        // Create the XMLSignature, but don't sign it yet.
        XMLSignature signature = fac.newXMLSignature(si, ki);

        // Marshal, generate, and sign the enveloped signature.
        signature.sign(dsc);

        String result = DomUtilities.domToString(doc);

        return result;
    } catch (IOException | InvalidAlgorithmParameterException | KeyStoreException |
            MarshalException | NoSuchAlgorithmException | ParserConfigurationException |
            SAXException | UnrecoverableEntryException | XMLSignatureException |
            XPathExpressionException e) {
        throw new ConfigurationException(e);
    }
}
 

import javax.xml.crypto.dsig.dom.DOMSignContext; //導入方法依賴的package包/類
private static void sign(Document document, String tokenId, byte[] tokenKey)
		throws NoSuchAlgorithmException,
		InvalidAlgorithmParameterException, MarshalException,
		XMLSignatureException {
	Key key = new SecretKeySpec(tokenKey, "HMACSHA1");
	Node parentElement = document.getElementsByTagNameNS(
			"urn:oasis:names:tc:dss:1.0:core:schema", "OptionalOutputs")
			.item(0);
	DOMSignContext domSignContext = new DOMSignContext(key, parentElement);
	domSignContext.setDefaultNamespacePrefix("ds");
	XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory
			.getInstance("DOM");

	List<Transform> transforms = new LinkedList<Transform>();
	transforms.add(xmlSignatureFactory.newTransform(Transform.ENVELOPED,
			(TransformParameterSpec) null));
	transforms.add(xmlSignatureFactory.newTransform(
			CanonicalizationMethod.EXCLUSIVE,
			(C14NMethodParameterSpec) null));
	Reference reference = xmlSignatureFactory.newReference("",
			xmlSignatureFactory.newDigestMethod(DigestMethod.SHA1, null),
			transforms, null, null);

	SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(
			xmlSignatureFactory.newCanonicalizationMethod(
					CanonicalizationMethod.EXCLUSIVE,
					(C14NMethodParameterSpec) null), xmlSignatureFactory
					.newSignatureMethod(SignatureMethod.HMAC_SHA1, null),
			Collections.singletonList(reference));

	Element securityTokenReferenceElement = getSecurityTokenReference(tokenId);

	KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
	DOMStructure securityTokenReferenceDOMStructure = new DOMStructure(
			securityTokenReferenceElement);
	KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections
			.singletonList(securityTokenReferenceDOMStructure));

	XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(
			signedInfo, keyInfo);
	xmlSignature.sign(domSignContext);
}
 

import javax.xml.crypto.dsig.dom.DOMSignContext; //導入方法依賴的package包/類
/**
 * Apply an XMLDSig onto the passed document.
 *
 * @param aPrivateKey
 *        The private key used for signing. May not be <code>null</code>.
 * @param aCertificate
 *        The certificate to be used. May not be <code>null</code>.
 * @param aDocument
 *        The document to be signed. The signature will always be the first
 *        child element of the document element. The document may not contains
 *        any disg:Signature element. This element is inserted manually.
 * @throws Exception
 *         In case something goes wrong
 */
public void applyXMLDSig (@Nonnull final PrivateKey aPrivateKey,
                          @Nonnull final X509Certificate aCertificate,
                          @Nonnull final Document aDocument) throws Exception
{
  ValueEnforcer.notNull (aPrivateKey, "privateKey");
  ValueEnforcer.notNull (aCertificate, "certificate");
  ValueEnforcer.notNull (aDocument, "document");
  ValueEnforcer.notNull (aDocument.getDocumentElement (), "Document is missing a document element");
  if (aDocument.getDocumentElement ().getChildNodes ().getLength () == 0)
    throw new IllegalArgumentException ("Document element has no children!");

  // Check that the document does not contain another Signature element
  final NodeList aNodeList = aDocument.getElementsByTagNameNS (XMLSignature.XMLNS, XMLDSigSetup.ELEMENT_SIGNATURE);
  if (aNodeList.getLength () > 0)
    throw new IllegalArgumentException ("Document already contains an XMLDSig Signature element!");

  // Create a DOM XMLSignatureFactory that will be used to generate the
  // enveloped signature.
  final XMLSignatureFactory aSignatureFactory = XMLDSigSetup.getXMLSignatureFactory ();

  // Create a Reference to the enveloped document (we are signing the whole
  // document, so a URI of "" signifies that, and also specify the SHA1 digest
  // algorithm and the ENVELOPED Transform)
  final Reference aReference = aSignatureFactory.newReference ("",
                                                               createDigestMethod (aSignatureFactory),
                                                               createTransformList (aSignatureFactory),
                                                               null,
                                                               null);

  // Create the SignedInfo.
  final SignedInfo aSignedInfo = aSignatureFactory.newSignedInfo (createCanonicalizationMethod (aSignatureFactory),
                                                                  createSignatureMethod (aSignatureFactory),
                                                                  CollectionHelper.makeUnmodifiable (aReference));

  // Create the KeyInfo containing the X509Data.
  final KeyInfoFactory aKeyInfoFactory = aSignatureFactory.getKeyInfoFactory ();
  // The X509 certificate
  final ICommonsList <Object> aX509Content = new CommonsArrayList <> (aCertificate.getSubjectX500Principal ()
                                                                                  .getName (),
                                                                      aCertificate);
  final X509Data aX509Data = aKeyInfoFactory.newX509Data (aX509Content);

  // The public key itself
  final KeyValue aKeyValue = aKeyInfoFactory.newKeyValue (aCertificate.getPublicKey ());

  // Collect certificate and key value in key info
  final KeyInfo aKeyInfo = aKeyInfoFactory.newKeyInfo (CollectionHelper.makeUnmodifiable (aX509Data, aKeyValue));

  // Create the XMLSignature, but don't sign it yet.
  final XMLSignature aXMLSignature = aSignatureFactory.newXMLSignature (aSignedInfo, aKeyInfo);

  // Create a DOMSignContext and specify the RSA PrivateKey and
  // location of the resulting XMLSignature's parent element.
  // -> The signature is always the first child element of the document
  // element for ebInterface
  final DOMSignContext aDOMSignContext = new DOMSignContext (aPrivateKey,
                                                             aDocument.getDocumentElement (),
                                                             aDocument.getDocumentElement ().getFirstChild ());

  // The namespace prefix to be used for the signed XML
  aDOMSignContext.setDefaultNamespacePrefix ("dsig");

  // Marshal, generate, and sign the enveloped signature.
  aXMLSignature.sign (aDOMSignContext);
}