/*
* Copyright 2012 Juergen Groothues
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package de.groothues.mysaml.signature.impl;
import java.security.InvalidAlgorithmParameterException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import org.w3c.dom.Document;
import de.groothues.mysaml.SamlContext;
import de.groothues.mysaml.impl.SamlContextAware;
import de.groothues.mysaml.signature.DocumentSigner;
public class DocumentSignerImpl extends SamlContextAware implements DocumentSigner {
public DocumentSignerImpl(SamlContext samlContext) {
super(samlContext);
}
/* (non-Javadoc)
* @see de.groothues.mysaml.signature.impl.DocumentSigner#sign(org.w3c.dom.Document, java.util.Map)
*/
@Override
public void sign(Document document, Map<String, String> runtimeProperties) {
XMLSignatureFactory xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM");
try {
SignedInfo signedInfo = createSignedInfo(xmlSignatureFactory);
KeyInfo keyInfo = createKeyInfo(xmlSignatureFactory);
PrivateKey privateKey = getSamlContext().getSignatureKeyStore().getSignatureKey();
DOMSignContext signContext = new DOMSignContext(privateKey, document.getDocumentElement());
XMLSignature signature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo);
signature.sign(signContext);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private KeyInfo createKeyInfo(XMLSignatureFactory xmlSignatureFactory)
throws KeyStoreException {
X509Certificate cert = (X509Certificate) getSamlContext().getSignatureKeyStore().
getSignatureCertificate();
KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();
List<Object> x509Content = new ArrayList<Object>();
x509Content.add(cert.getSubjectX500Principal().getName());
x509Content.add(cert);
X509Data data = keyInfoFactory.newX509Data(x509Content);
KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(data));
return keyInfo;
}
private SignedInfo createSignedInfo(XMLSignatureFactory xmlSignatureFactory)
throws NoSuchAlgorithmException, InvalidAlgorithmParameterException {
Reference reference = xmlSignatureFactory.newReference("",
xmlSignatureFactory.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(xmlSignatureFactory.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)),
null,
null);
SignedInfo signedInfo = xmlSignatureFactory.newSignedInfo(
xmlSignatureFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec) null),
xmlSignatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
Collections.singletonList(reference));
return signedInfo;
}
}