Java XML Signature

1. package Main;
2.  
3. import java.io.FileInputStream;
4. import java.io.FileNotFoundException;
5. import java.io.FileOutputStream;
6. import java.io.IOException;
7. import java.io.StringWriter;
8. import java.io.ByteArrayInputStream;
9. import java.nio.charset.StandardCharsets;
10. import java.security.InvalidAlgorithmParameterException;
11. import java.security.InvalidKeyException;
12. import java.security.KeyException;
13. import java.security.KeyPair;
14. import java.security.KeyPairGenerator;
15. import java.security.KeyStore;
16. import java.security.KeyStoreException;
17. import java.security.MessageDigest;
18. import java.security.NoSuchAlgorithmException;
19. import java.security.PrivateKey;
20. import java.security.PublicKey;
21. import java.security.Signature;
22. import java.security.SignatureException;
23. import java.security.UnrecoverableEntryException;
24. import java.security.cert.CertificateException;
25. import java.security.cert.X509Certificate;
26. import java.util.*;
27.  
28. import javax.crypto.BadPaddingException;
29. import javax.crypto.Cipher;
30. import javax.crypto.IllegalBlockSizeException;
31. import javax.crypto.NoSuchPaddingException;
32. import javax.xml.crypto.MarshalException;
33. import javax.xml.crypto.dsig.CanonicalizationMethod;
34. import javax.xml.crypto.dsig.DigestMethod;
35. import javax.xml.crypto.dsig.Reference;
36. import javax.xml.crypto.dsig.SignatureMethod;
37. import javax.xml.crypto.dsig.SignedInfo;
38. import javax.xml.crypto.dsig.Transform;
39. import javax.xml.crypto.dsig.XMLSignature;
40. import javax.xml.crypto.dsig.XMLSignatureException;
41. import javax.xml.crypto.dsig.XMLSignatureFactory;
42. import javax.xml.crypto.dsig.dom.DOMSignContext;
43. import javax.xml.crypto.dsig.keyinfo.KeyInfo;
44. import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
45. import javax.xml.crypto.dsig.keyinfo.KeyValue;
46. import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
47. import javax.xml.crypto.dsig.spec.TransformParameterSpec;
48. import javax.xml.parsers.DocumentBuilderFactory;
49. import javax.xml.parsers.ParserConfigurationException;
50. import javax.xml.transform.OutputKeys;
51. import javax.xml.transform.Transformer;
52. import javax.xml.transform.TransformerConfigurationException;
53. import javax.xml.transform.TransformerException;
54. import javax.xml.transform.TransformerFactory;
55. import javax.xml.transform.dom.DOMSource;
56. import javax.xml.transform.stream.StreamResult;
57. import javax.xml.parsers.DocumentBuilder;
58. import org.xml.sax.SAXException;
59.  
60. import org.w3c.dom.Document;
61. import org.w3c.dom.Element;
62.  
63. public class Main {
64.  
65.     /** TEST CODE TO CREATE SOAP XMLDSig
66.      * https://stackoverflow.com/questions/12528667/xml-digital-signature-java
67.      * https://www.codota.com/code/java/classes/java.security.PrivateKey
68.      * https://stackoverflow.com/questions/6358555/obtaining-public-key-from-certificate
69.      * https://stackoverflow.com/questions/33262/how-do-i-load-an-org-w3c-dom-document-from-xml-in-a-string
70.      * https://www.oracle.com/technical-resources/articles/javase/dig-signatures.html
71.      * https://dzone.com/articles/signing-soap-messages
72.      *
73.      * @param args
74.      * @throws NoSuchAlgorithmException
75.      * @throws SignatureException
76.      * @throws NoSuchPaddingException
77.      * @throws IllegalBlockSizeException
78.      * @throws BadPaddingException
79.      * @throws KeyStoreException
80.      * @throws CertificateException
81.      * @throws FileNotFoundException
82.      * @throws IOException
83.      * @throws UnrecoverableEntryException
84.      * @throws InvalidAlgorithmParameterException
85.      * @throws ParserConfigurationException
86.      * @throws SAXException
87.      * @throws KeyException
88.      * @throws MarshalException
89.      * @throws TransformerException
90.      * @throws org.apache.xml.security.signature.XMLSignatureException
91.      * @throws XMLSecurityException
92.      */
93.     public static void main(String[] args)
94.             throws NoSuchAlgorithmException,
95.                    SignatureException,
96.                    NoSuchPaddingException,
97.                    IllegalBlockSizeException,
98.                    BadPaddingException,
99.                    KeyStoreException,
100.                    CertificateException,
101.                    FileNotFoundException,
102.                    IOException,
103.                    UnrecoverableEntryException,
104.                    InvalidAlgorithmParameterException,
105.                    ParserConfigurationException,
106.                    SAXException,
107.                    KeyException,
108.                    MarshalException,
109.                    XMLSignatureException,
110.                    TransformerException,
111.                    XMLSecurityException {
112.     // Algorythms to use    
113.     String XMLNS_WSU = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
114.     String XSD_WSSE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
115.     String SECURITY = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary";
116.     String PROFILE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3";
117.     String XMLDsig = "http://www.w3.org/2000/09/xmldsig#";
118.     String C14 = "http://www.w3.org/2001/10/xml-exc-c14n#";
119.     String RSA = "http://www.w3.org/2000/09/xmldsig#rsa-sha1";
120.     String SHA1 = "http://www.w3.org/2000/09/xmldsig#sha1";
121.        
122.     // Certificate data
123.     String alias = "ALIAS";
124.     String path = "CERT PATH";
125.     String password = "PSSWD";
126.        
127.     // Load cert from keystore in file
128.     KeyStore keyStore = KeyStore.getInstance("JKS");
129.     keyStore.load(
130.         new FileInputStream(path),
131.         password.toCharArray()
132.     );
133.        
134.     KeyStore.PrivateKeyEntry pkEntry =
135.         (KeyStore.PrivateKeyEntry) keyStore.getEntry(
136.             alias,
137.             new KeyStore.PasswordProtection(password.toCharArray()
138.         )
139.     );
140.  
141.     PrivateKey privateKey = pkEntry.getPrivateKey();
142.         PublicKey publicKey = keyStore.getCertificate(alias).getPublicKey();
143.        
144.     // Compute binary security token
145.     String binarySecurityToken = Base64.getEncoder().encodeToString(keyStore.getCertificate(alias).getEncoded());
146.        
147.     // Compute signature and digest
148.     XMLSignatureFactory fac = XMLSignatureFactory.getInstance();
149.         DigestMethod digestMethod = fac.newDigestMethod(DigestMethod.SHA1, null);
150.         Transform transform = fac.newTransform(C14, (TransformParameterSpec) null);
151.         List<Transform> transforms = new ArrayList<Transform>();
152.         transforms.add(transform);
153.         Reference reference = fac.newReference("", digestMethod, transforms, null, null);
154.         SignatureMethod signatureMethod = fac.newSignatureMethod(RSA, null);
155.         CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(C14, (C14NMethodParameterSpec) null);
156.         List<Reference> references = new ArrayList<Reference>();
157.         references.add(reference);
158.         SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethod, references);
159.        
160.         String plaintext = "SOAPBody HERE";
161.         Document doc = loadXMLFromString(plaintext);
162.        
163.         // Method - https://stackoverflow.com/questions/12528667/xml-digital-signature-java
164.         DOMSignContext dsc = new DOMSignContext(privateKey, doc.getDocumentElement());
165.  
166.         KeyInfoFactory kif = fac.getKeyInfoFactory();
167.         KeyValue kv = kif.newKeyValue(publicKey);
168.         KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
169.        
170.         XMLSignature signature = fac.newXMLSignature(si, ki);
171.         signature.sign(dsc);
172.  
173.         TransformerFactory tf = TransformerFactory.newInstance();
174.         Transformer trans = tf.newTransformer();
175.         trans.setOutputProperty(OutputKeys.ENCODING, "UTF-8");
176.         StringWriter output = new StringWriter();
177.         trans.transform(new DOMSource(doc), new StreamResult(output));
178.        
179.         // Common data
180.         System.out.println(">> Common data");
181.         System.out.println("Input data: '" + plaintext + "'");
182.         System.out.println("Binary Security Token: '" + binarySecurityToken + "'");
183.         System.out.println();
184.        
185.         // Display results
186.         System.out.println(">> Values");
187.         System.out.println("Digest: '" + Base64.getEncoder().encodeToString(reference.getDigestValue()) + "'");
188.         System.out.println("Signature: '" + Base64.getEncoder().encodeToString(signature.getSignatureValue().getValue()) + "'");
189.         System.out.println();
190.     }
191.  
192.     public static Document loadXMLFromString(String xml) throws ParserConfigurationException, SAXException, IOException
193.     {
194.         DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
195.         //factory.setNamespaceAware(true);
196.         DocumentBuilder builder = factory.newDocumentBuilder();
197.         return builder.parse(new ByteArrayInputStream(xml.getBytes()));
198.     }
199. }
200.