//签名函数
public static Element SignEnveloped
(final String strTagNameOfElementsToSign,
final Element elemParent,
final String strReferenceIdentifier,
final PrivateKey privateKey,
final PublicKey publicKey,
final String constants)
throws Exception
{
org.apache.xml.security.Init.init();
String strSignatureAlgorithm = org.apache.xml.security.signature.XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
String strSignatureCanonicalizationAlgorithm = org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
String strReferenceCanonicalizationAlgorithm = org.apache.xml.security.transforms.Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS;
String strReferenceDigestAlgorithm = org.apache.xml.security.utils.Constants.ALGO_ID_DIGEST_SHA1;
if (null == strTagNameOfElementsToSign)
{
throw new Exception("Sign Failed: Invalid Parameter: TagNameOfElementsToSign is null");
}
if (null == elemParent)
{
throw new Exception("Sign Failed: Invalid Parameter: Parent is null");
}
// if (null == strReferenceIdentifier)
// {
// throw new Exception("Sign Failed: Invalid Parameter: ReferenceIdentifier is null");
// }
if (null == privateKey)
{
throw new Exception("Sign Failed: Invalid Parameter: PrivateKey is null");
}
if (null == publicKey)
{
throw new Exception("Sign Failed: Invalid Parameter: PublicKey is null");
}
if (null == constants)
{
throw new Exception("Sign Failed: Invalid Parameter: Constants is null");
}
org.apache.xml.security.utils.Constants.setSignatureSpecNSprefix("ds");
org.w3c.dom.Element domParent = elemParent;
final org.w3c.dom.Document domDocument = domParent.getOwnerDocument();
final org.w3c.dom.NodeList nlToSigns = domParent.getElementsByTagName
(strTagNameOfElementsToSign);
if (null == nlToSigns)
{
final String strErrorMessage = "org.w3c.dom.Element.getElementsByTagNameNS unexpectedly returned null";
// XMLSecurityApacheExtension.log.error
// (strErrorMessage);
throw new Exception("Sign Failed: " + strErrorMessage);
}
if (1 != nlToSigns.getLength())
{
final String strErrorMessage = "org.w3c.dom.Element.getElementsByTagNameNS unexpectedly returned "
+ nlToSigns.getLength()
+ " nodes";
// XMLSecurityApacheExtension.log.error
// (strErrorMessage);
throw new Exception("Sign Failed: " + strErrorMessage);
}
final org.w3c.dom.Element domToSign = (Element)nlToSigns.item(0);
final org.apache.xml.security.signature.XMLSignature signature = new org.apache.xml.security.signature.XMLSignature
(domDocument,
"",
strSignatureAlgorithm,
strSignatureCanonicalizationAlgorithm);
domToSign.appendChild(signature.getElement());
final org.apache.xml.security.signature.SignedInfo signedInfo = signature.getSignedInfo();
final IDResolver resolver = new IDResolver
(domDocument);
signedInfo.addResourceResolver(resolver);
final org.apache.xml.security.transforms.Transforms transforms = new org.apache.xml.security.transforms.Transforms
(domDocument);
transforms.addTransform
(org.apache.xml.security.transforms.Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform
(strReferenceCanonicalizationAlgorithm);
// signature.addDocument
// ("#" + strReferenceIdentifier,
// transforms,
// strReferenceDigestAlgorithm);
signature.addDocument
("#" + strReferenceIdentifier,
transforms,
strReferenceDigestAlgorithm);
signature.addKeyInfo
(publicKey);
signature.sign(privateKey);
final org.w3c.dom.Element elemSignature = signature.getElement();
return elemSignature;
// final org.w3c.dom.NodeList nodeListSignatureValue = elemSignature.getElementsByTagNameNS
// (constants,
// "SignatureValue");
// final org.w3c.dom.Element elemSignatureValue = (org.w3c.dom.Element)nodeListSignatureValue.item(0);
// org.eclipse.higgins.sts.utilities.XMLHelper.stripWhiteSpaceFromElement(elemSignatureValue);
// domParent = org.eclipse.higgins.sts.utilities.XMLHelper.reparseElement
// (domParent);
// org.eclipse.higgins.sts.api.IElement elemResult = new org.eclipse.higgins.sts.common.Element();
// elemResult.set(domParent);
// return elemResult;
// Document doc = elemSignatureValue.getOwnerDocument();
// Element sign = doc.getDocumentElement();
// return sign;
}
//验证函数
public static boolean VerifyEnveloped
(final Element elemSignedElement
)
throws Exception
{
org.apache.xml.security.Init.init();
if (null == elemSignedElement)
{
throw new Exception("Verify Failed: Invalid Parameter: SignedElement is null");
}
// if (null == constants)
// {
// throw new Exception("Verify Failed: Invalid Parameter: Constants is null");
// }
final org.w3c.dom.Element domSignedElement = (org.w3c.dom.Element)elemSignedElement;
final org.w3c.dom.Document domParent = domSignedElement.getOwnerDocument();
final Element elemContext = org.apache.xml.security.utils.XMLUtils.createDSctx
(domParent,
"ds",
org.apache.xml.security.utils.Constants.SignatureSpecNS);
final Element elemSignature = (Element) org.apache.xpath.XPathAPI.selectSingleNode
(domParent,
"//ds:Signature",
elemContext);
// final org.apache.xml.security.signature.XMLSignature signature = new org.apache.xml.security.signature.XMLSignature
// (elemSignature,
// null);
final org.apache.xml.security.signature.XMLSignature signature = new org.apache.xml.security.signature.XMLSignature
(elemSignedElement,
null);
signature.addResourceResolver(new IDResolver(domParent));
final org.apache.xml.security.keys.KeyInfo keyInfo = signature.getKeyInfo();
boolean bResult = false;
if (keyInfo != null)
{
if (keyInfo.containsX509Data())
{
System.out.println("Found a X509Data element in the KeyInfo");
}
final java.security.cert.X509Certificate cert = signature.getKeyInfo().getX509Certificate();
if (cert != null)
{
bResult = signature.checkSignatureValue(cert);
}
else
{
System.out.println("Did not find an X509Data element in the KeyInfo");
final PublicKey publicKey = keyInfo.getPublicKey();
if (publicKey != null)
{
bResult = signature.checkSignatureValue(publicKey);
}
else
{
System.out.println("Did not find a public key, so I can't check the signature");
}
}
}
else
{
System.out.println("Did not find a KeyInfo");
}
return bResult;
}