cxf-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From owu...@apache.org
Subject svn commit: r1535850 - in /cxf/fediz/trunk: plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/ plugins/core/src/main/java/org/apache/cxf/fediz/core/util/ services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/
Date Fri, 25 Oct 2013 20:17:56 GMT
Author: owulff
Date: Fri Oct 25 20:17:56 2013
New Revision: 1535850

URL: http://svn.apache.org/r1535850
Log:
[FEDIZ-67] Use same Canonicalization Method for Signatures for Metadata document as for SAML
tokens

Added:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java
      - copied, changed from r1535509, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/CertsUtils.java
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
Removed:
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/CertsUtils.java
Modified:
    cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
    cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java

Modified: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java?rev=1535850&r1=1535849&r2=1535850&view=diff
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/metadata/MetadataWriter.java
Fri Oct 25 20:17:56 2013
@@ -26,46 +26,23 @@ import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.io.OutputStreamWriter;
 import java.io.Writer;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collections;
 import java.util.List;
 
 import javax.security.auth.callback.CallbackHandler;
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.crypto.dsig.SignedInfo;
-import javax.xml.crypto.dsig.Transform;
-import javax.xml.crypto.dsig.XMLSignature;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.dom.DOMSignContext;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
-import javax.xml.crypto.dsig.keyinfo.X509Data;
-import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.stream.XMLOutputFactory;
 import javax.xml.stream.XMLStreamWriter;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
 
 import org.w3c.dom.Document;
 
 import org.apache.cxf.fediz.core.config.Claim;
 import org.apache.cxf.fediz.core.config.FederationContext;
 import org.apache.cxf.fediz.core.config.FederationProtocol;
-import org.apache.cxf.fediz.core.config.KeyManager;
 import org.apache.cxf.fediz.core.config.Protocol;
 import org.apache.cxf.fediz.core.exception.ProcessingException;
 import org.apache.cxf.fediz.core.util.DOMUtils;
+import org.apache.cxf.fediz.core.util.SignatureUtils;
 
-import org.apache.ws.security.components.crypto.CryptoType;
 import org.apache.ws.security.util.UUIDGenerator;
 
 import org.slf4j.Logger;
@@ -81,9 +58,7 @@ public class MetadataWriter {
     private static final Logger LOG = LoggerFactory.getLogger(MetadataWriter.class);
     
     private static final XMLOutputFactory XML_OUTPUT_FACTORY = XMLOutputFactory.newInstance();
-    private static final XMLSignatureFactory XML_SIGNATURE_FACTORY = XMLSignatureFactory.getInstance("DOM");
     private static final DocumentBuilderFactory DOC_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
-    private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
     
     static {
         DOC_BUILDER_FACTORY.setNamespaceAware(true);
@@ -233,7 +208,8 @@ public class MetadataWriter {
                 LOG.info("No signingKey element found in config: " + ex.getMessage());
             }
             if (hasSigningKey) {
-                ByteArrayOutputStream result = signMetaInfo(config, is, referenceID);
+                ByteArrayOutputStream result = SignatureUtils.signMetaInfo(
+                    config.getSigningKey().getCrypto(), config.getSigningKey().getKeyAlias(),
config.getSigningKey().getKeyPassword(), is, referenceID);
                 if (result != null) {
                     is = new ByteArrayInputStream(result.toByteArray());
                 } else {
@@ -250,92 +226,6 @@ public class MetadataWriter {
 
     }
 
-    private ByteArrayOutputStream signMetaInfo(FederationContext config, InputStream metaInfo,
String referenceID) throws Exception {
-        KeyManager keyManager = config.getSigningKey();
-        String keyAlias = keyManager.getKeyAlias();
-        String keypass  = keyManager.getKeyPassword();
-        
-        // in case we did not specify the key alias, we assume there is only one key in the
keystore ,
-        // we use this key's alias as default. 
-        if (keyAlias == null || "".equals(keyAlias)) {
-            //keyAlias = getDefaultX509Identifier(ks);
-            keyAlias = keyManager.getCrypto().getDefaultX509Identifier();
-        }
-        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
-        cryptoType.setAlias(keyAlias);
-        X509Certificate[] issuerCerts = keyManager.getCrypto().getX509Certificates(cryptoType);
-        if (issuerCerts == null || issuerCerts.length == 0) {
-            throw new ProcessingException(
-                    "No issuer certs were found to sign the metadata using issuer name: "
-                            + keyAlias);
-        }
-        X509Certificate cert = issuerCerts[0];
-        
-        String signatureMethod = null;
-        if ("SHA1withDSA".equals(cert.getSigAlgName())) {
-            signatureMethod = SignatureMethod.DSA_SHA1;
-        } else if ("SHA1withRSA".equals(cert.getSigAlgName())) {
-            signatureMethod = SignatureMethod.RSA_SHA1;
-        } else if ("SHA256withRSA".equals(cert.getSigAlgName())) {
-            signatureMethod = SignatureMethod.RSA_SHA1;
-        } else {
-            LOG.error("Unsupported signature method: " + cert.getSigAlgName());
-            throw new RuntimeException("Unsupported signature method: " + cert.getSigAlgName());
-        }
-        
-        // Create a Reference to the enveloped document (in this case,
-        // you are signing the whole document, so a URI of "" signifies
-        // that, and also specify the SHA1 digest algorithm and
-        // the ENVELOPED Transform.
-        Reference ref = XML_SIGNATURE_FACTORY.newReference("#" + referenceID, XML_SIGNATURE_FACTORY.newDigestMethod(DigestMethod.SHA1,
null), Collections
-            .singletonList(XML_SIGNATURE_FACTORY.newTransform(Transform.ENVELOPED, (TransformParameterSpec)null)),
null, null);
-
-        // Create the SignedInfo.
-        SignedInfo si = XML_SIGNATURE_FACTORY.newSignedInfo(XML_SIGNATURE_FACTORY.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
-                                                                        (C14NMethodParameterSpec)null),
XML_SIGNATURE_FACTORY
-            .newSignatureMethod(signatureMethod, null), Collections.singletonList(ref));
-
-        // step 2
-        // Load the KeyStore and get the signing key and certificate.
-
-        
-        
-        PrivateKey keyEntry = keyManager.getCrypto().getPrivateKey(keyAlias, keypass);
-        
-        
-        // Create the KeyInfo containing the X509Data.
-        KeyInfoFactory kif = XML_SIGNATURE_FACTORY.getKeyInfoFactory();
-        List<Object> x509Content = new ArrayList<Object>();
-        x509Content.add(cert.getSubjectX500Principal().getName());
-        x509Content.add(cert);
-        X509Data xd = kif.newX509Data(x509Content);
-        KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
-
-        // step3
-        // Instantiate the document to be signed.
-        Document doc = DOC_BUILDER_FACTORY.newDocumentBuilder().parse(metaInfo);
-
-        // Create a DOMSignContext and specify the RSA PrivateKey and
-        // location of the resulting XMLSignature's parent element.
-        //DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
-        DOMSignContext dsc = new DOMSignContext(keyEntry, doc.getDocumentElement());
-        dsc.setIdAttributeNS(doc.getDocumentElement(), null, "ID");
-        dsc.setNextSibling(doc.getDocumentElement().getFirstChild());
-
-        // Create the XMLSignature, but don't sign it yet.
-        XMLSignature signature = XML_SIGNATURE_FACTORY.newXMLSignature(si, ki);
-
-        // Marshal, generate, and sign the enveloped signature.
-        signature.sign(dsc);
-
-        // step 4
-        // Output the resulting document.
-
-        ByteArrayOutputStream os = new ByteArrayOutputStream(8192);
-        Transformer trans = TRANSFORMER_FACTORY.newTransformer();
-        trans.transform(new DOMSource(doc), new StreamResult(os));
-        os.flush();
-        return os;
-    }
+    
 
 }

Copied: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java
(from r1535509, cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/CertsUtils.java)
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java?p2=cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java&p1=cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/CertsUtils.java&r1=1535509&r2=1535850&rev=1535850&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/CertsUtils.java
(original)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/CertsUtils.java
Fri Oct 25 20:17:56 2013
@@ -17,7 +17,7 @@
  * under the License.
  */
 
-package org.apache.cxf.fediz.service.idp.util;
+package org.apache.cxf.fediz.core.util;
 
 import java.io.BufferedInputStream;
 import java.io.IOException;

Added: cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java?rev=1535850&view=auto
==============================================================================
--- cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
(added)
+++ cxf/fediz/trunk/plugins/core/src/main/java/org/apache/cxf/fediz/core/util/SignatureUtils.java
Fri Oct 25 20:17:56 2013
@@ -0,0 +1,175 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.cxf.fediz.core.util;
+
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.X509Data;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.w3c.dom.Document;
+
+import org.apache.ws.security.components.crypto.Crypto;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public final class SignatureUtils {
+
+    private static final Logger LOG = LoggerFactory.getLogger(SignatureUtils.class);
+    
+    private static final XMLSignatureFactory XML_SIGNATURE_FACTORY = XMLSignatureFactory.getInstance("DOM");
+    private static final DocumentBuilderFactory DOC_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
+    private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
+    
+    private SignatureUtils() {
+    }
+    
+    
+    public static ByteArrayOutputStream signMetaInfo(Crypto crypto, String keyAlias, String
keyPassword,
+                                              InputStream metaInfo, String referenceID) throws
Exception {
+        if (keyAlias == null || "".equals(keyAlias)) {
+            keyAlias = crypto.getDefaultX509Identifier();
+        }
+        X509Certificate cert = CertsUtils.getX509Certificate(crypto, keyAlias);
+//    }
+    
+/*    public static ByteArrayOutputStream signMetaInfo(FederationContext config, InputStream
metaInfo,
+        String referenceID)
+        throws Exception {
+
+        KeyManager keyManager = config.getSigningKey();
+        String keyAlias = keyManager.getKeyAlias();
+        String keypass  = keyManager.getKeyPassword();
+        
+        // in case we did not specify the key alias, we assume there is only one key in the
keystore ,
+        // we use this key's alias as default. 
+        if (keyAlias == null || "".equals(keyAlias)) {
+            //keyAlias = getDefaultX509Identifier(ks);
+            keyAlias = keyManager.getCrypto().getDefaultX509Identifier();
+        }
+        CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+        cryptoType.setAlias(keyAlias);
+        X509Certificate[] issuerCerts = keyManager.getCrypto().getX509Certificates(cryptoType);
+        if (issuerCerts == null || issuerCerts.length == 0) {
+            throw new ProcessingException(
+                    "No issuer certs were found to sign the metadata using issuer name: "
+                            + keyAlias);
+        }
+        X509Certificate cert = issuerCerts[0];
+*/        
+        String signatureMethod = null;
+        if ("SHA1withDSA".equals(cert.getSigAlgName())) {
+            signatureMethod = SignatureMethod.DSA_SHA1;
+        } else if ("SHA1withRSA".equals(cert.getSigAlgName())) {
+            signatureMethod = SignatureMethod.RSA_SHA1;
+        } else if ("SHA256withRSA".equals(cert.getSigAlgName())) {
+            signatureMethod = SignatureMethod.RSA_SHA1;
+        } else {
+            LOG.error("Unsupported signature method: " + cert.getSigAlgName());
+            throw new RuntimeException("Unsupported signature method: " + cert.getSigAlgName());
+        }
+        
+        List<Transform> transformList = new ArrayList<Transform>();
+        transformList.add(XML_SIGNATURE_FACTORY.newTransform(Transform.ENVELOPED, (TransformParameterSpec)null));
+        transformList.add(XML_SIGNATURE_FACTORY.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,
+                                                             (C14NMethodParameterSpec)null));
+        
+        // Create a Reference to the enveloped document (in this case,
+        // you are signing the whole document, so a URI of "" signifies
+        // that, and also specify the SHA1 digest algorithm and
+        // the ENVELOPED Transform.
+        Reference ref = XML_SIGNATURE_FACTORY.newReference(
+            "#" + referenceID,
+            XML_SIGNATURE_FACTORY.newDigestMethod(DigestMethod.SHA1, null),
+            transformList,
+            null, null);
+
+        // Create the SignedInfo.
+        SignedInfo si = XML_SIGNATURE_FACTORY.newSignedInfo(
+            XML_SIGNATURE_FACTORY.newCanonicalizationMethod(
+                CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec)null),
+            XML_SIGNATURE_FACTORY.newSignatureMethod(
+                signatureMethod, null), Collections.singletonList(ref));
+
+        // step 2
+        // Load the KeyStore and get the signing key and certificate.
+        
+        PrivateKey keyEntry = crypto.getPrivateKey(keyAlias, keyPassword);
+        
+        // Create the KeyInfo containing the X509Data.
+        KeyInfoFactory kif = XML_SIGNATURE_FACTORY.getKeyInfoFactory();
+        List<Object> x509Content = new ArrayList<Object>();
+        x509Content.add(cert.getSubjectX500Principal().getName());
+        x509Content.add(cert);
+        X509Data xd = kif.newX509Data(x509Content);
+        KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
+
+        // step3
+        // Instantiate the document to be signed.
+        Document doc = DOC_BUILDER_FACTORY.newDocumentBuilder().parse(metaInfo);
+
+        // Create a DOMSignContext and specify the RSA PrivateKey and
+        // location of the resulting XMLSignature's parent element.
+        //DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
+        DOMSignContext dsc = new DOMSignContext(keyEntry, doc.getDocumentElement());
+        dsc.setIdAttributeNS(doc.getDocumentElement(), null, "ID");
+        dsc.setNextSibling(doc.getDocumentElement().getFirstChild());
+
+        // Create the XMLSignature, but don't sign it yet.
+        XMLSignature signature = XML_SIGNATURE_FACTORY.newXMLSignature(si, ki);
+
+        // Marshal, generate, and sign the enveloped signature.
+        signature.sign(dsc);
+
+        // step 4
+        // Output the resulting document.
+
+        ByteArrayOutputStream os = new ByteArrayOutputStream(8192);
+        Transformer trans = TRANSFORMER_FACTORY.newTransformer();
+        trans.transform(new DOMSource(doc), new StreamResult(os));
+        os.flush();
+        return os;
+    }
+    
+}

Modified: cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
URL: http://svn.apache.org/viewvc/cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java?rev=1535850&r1=1535849&r2=1535850&view=diff
==============================================================================
--- cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
(original)
+++ cxf/fediz/trunk/services/idp/src/main/java/org/apache/cxf/fediz/service/idp/util/MetadataWriter.java
Fri Oct 25 20:17:56 2013
@@ -24,37 +24,18 @@ import java.io.ByteArrayOutputStream;
 import java.io.InputStream;
 import java.io.OutputStreamWriter;
 import java.io.Writer;
-import java.security.PrivateKey;
+
 import java.security.cert.X509Certificate;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.crypto.dsig.SignedInfo;
-import javax.xml.crypto.dsig.Transform;
-import javax.xml.crypto.dsig.XMLSignature;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.dom.DOMSignContext;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
-import javax.xml.crypto.dsig.keyinfo.X509Data;
-import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+
 import javax.xml.parsers.DocumentBuilderFactory;
 import javax.xml.stream.XMLOutputFactory;
 import javax.xml.stream.XMLStreamWriter;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
-import javax.xml.transform.stream.StreamResult;
 
 import org.w3c.dom.Document;
 
+import org.apache.cxf.fediz.core.util.CertsUtils;
 import org.apache.cxf.fediz.core.util.DOMUtils;
+import org.apache.cxf.fediz.core.util.SignatureUtils;
 import org.apache.cxf.fediz.service.idp.model.IDPConfig;
 
 import org.apache.ws.security.components.crypto.Crypto;
@@ -74,9 +55,7 @@ public class MetadataWriter {
     private static final Logger LOG = LoggerFactory.getLogger(MetadataWriter.class);
     
     private static final XMLOutputFactory XML_OUTPUT_FACTORY = XMLOutputFactory.newInstance();
-    private static final XMLSignatureFactory XML_SIGNATURE_FACTORY = XMLSignatureFactory.getInstance("DOM");
     private static final DocumentBuilderFactory DOC_BUILDER_FACTORY = DocumentBuilderFactory.newInstance();
-    private static final TransformerFactory TRANSFORMER_FACTORY = TransformerFactory.newInstance();
     
     static {
         DOC_BUILDER_FACTORY.setNamespaceAware(true);
@@ -194,7 +173,7 @@ public class MetadataWriter {
             
             InputStream is = new ByteArrayInputStream(bout.toByteArray());
             
-            ByteArrayOutputStream result = signMetaInfo(crypto, config.getCertificatePassword(),
is, referenceID);
+            ByteArrayOutputStream result = SignatureUtils.signMetaInfo(crypto, null, config.getCertificatePassword(),
is, referenceID);
             if (result != null) {
                 is = new ByteArrayInputStream(result.toByteArray());
             } else {
@@ -211,66 +190,5 @@ public class MetadataWriter {
 
     }
 
-    
-    private ByteArrayOutputStream signMetaInfo(Crypto crypto, String keyPassword, InputStream
metaInfo, String referenceID) throws Exception {
-        String keyAlias = crypto.getDefaultX509Identifier(); //only one key supported in
JKS
-        X509Certificate cert = CertsUtils.getX509Certificate(crypto, keyAlias);
-                
-        // Create a Reference to the enveloped document (in this case,
-        // you are signing the whole document, so a URI of "" signifies
-        // that, and also specify the SHA1 digest algorithm and
-        // the ENVELOPED Transform.
-        Reference ref = XML_SIGNATURE_FACTORY.newReference("#" + referenceID, XML_SIGNATURE_FACTORY.newDigestMethod(DigestMethod.SHA1,
null), Collections
-            .singletonList(XML_SIGNATURE_FACTORY.newTransform(Transform.ENVELOPED, (TransformParameterSpec)null)),
null, null);
-        
-        String signatureMethod = null;
-        if ("SHA1withDSA".equals(cert.getSigAlgName())) {
-            signatureMethod = SignatureMethod.DSA_SHA1;
-        } else if ("SHA1withRSA".equals(cert.getSigAlgName())) {
-            signatureMethod = SignatureMethod.RSA_SHA1;
-        } else if ("SHA256withRSA".equals(cert.getSigAlgName())) {
-            signatureMethod = SignatureMethod.RSA_SHA1;
-        } else {
-            LOG.error("Unsupported signature method: " + cert.getSigAlgName());
-            throw new RuntimeException("Unsupported signature method: " + cert.getSigAlgName());
-        }
-        // Create the SignedInfo.
-        SignedInfo si = XML_SIGNATURE_FACTORY.newSignedInfo(XML_SIGNATURE_FACTORY.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
-                                                                        (C14NMethodParameterSpec)null),
XML_SIGNATURE_FACTORY
-            .newSignatureMethod(signatureMethod, null), Collections.singletonList(ref));
-        //      .newSignatureMethod(cert.getSigAlgOID(), null), Collections.singletonList(ref));
                                                                       
-        
-        PrivateKey keyEntry = crypto.getPrivateKey(keyAlias, keyPassword);
-        
-        // Create the KeyInfo containing the X509Data.
-        KeyInfoFactory kif = XML_SIGNATURE_FACTORY.getKeyInfoFactory();
-        List<Object> x509Content = new ArrayList<Object>();
-        x509Content.add(cert.getSubjectX500Principal().getName());
-        x509Content.add(cert);
-        X509Data xd = kif.newX509Data(x509Content);
-        KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
-
-        // Instantiate the document to be signed.
-        Document doc = DOC_BUILDER_FACTORY.newDocumentBuilder().parse(metaInfo);
-
-        // Create a DOMSignContext and specify the RSA PrivateKey and
-        // location of the resulting XMLSignature's parent element.
-        DOMSignContext dsc = new DOMSignContext(keyEntry, doc.getDocumentElement());
-        dsc.setIdAttributeNS(doc.getDocumentElement(), null, "ID");
-        dsc.setNextSibling(doc.getDocumentElement().getFirstChild());
-
-        // Create the XMLSignature, but don't sign it yet.
-        XMLSignature signature = XML_SIGNATURE_FACTORY.newXMLSignature(si, ki);
-
-        // Marshal, generate, and sign the enveloped signature.
-        signature.sign(dsc);
-
-        // Output the resulting document.
-        ByteArrayOutputStream os = new ByteArrayOutputStream(8192);
-        Transformer trans = TRANSFORMER_FACTORY.newTransformer();
-        trans.transform(new DOMSource(doc), new StreamResult(os));
-        os.flush();
-        return os;
-    }    
  
 }



Mime
View raw message