XML Digital Signature Java

Question

ho bisogno di digitale firmare i miei messaggi XML in JAVA: La firma XML risultante dovrebbe avere il seguente formato:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> 
<SignedInfo> 
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> 
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> 
<Reference URI=""> 
<Transforms> 
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> 
</Transforms> 
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" /> 
<DigestValue>DsP5NLca+plhp9tZvGwykfb2whQYt3CQ5sbsVd9Q9aE=</DigestValue> 
</Reference> 
</SignedInfo> 
<SignatureValue> 
LrfE0po3YPvVxB/m77iBWWiR07Ghiuhuj7tO2C2LKqZK2cLrAiidt+3tjbJ3m16quCFxfh7bmjRtJsGi7a3HKtK 
qY4auqrjNB62AtYrxvm+7Qd/cRacom4e3M9uF9JD1zTfoGun9w4WDfDrDaoZ+ZwUgNtf6sTYO5Ctcj5sYcD0= 
</SignatureValue> 
<KeyInfo> 
<KeyName>7D665C81ABBE1A7D0E525BFC171F04D276F07BF2</KeyName> 
</KeyInfo> 
</Signature> 

Qualcuno può fornire un aiuto con il codice ??

Edit:

mi è venuta con questo codice:

private static Document sign(Document doc) throws InstantiationException, IllegalAccessException, ClassNotFoundException, 
      NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, 
      FileNotFoundException, TransformerException { 

     String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); 

     XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(providerName).newInstance()); 

     Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA256, null)); 

     // Create the SignedInfo 
     SignedInfo si = fac.newSignedInfo(
       fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), 
       fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref)); 

     KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); 
     kpg.initialize(512); 
     KeyPair kp = kpg.generateKeyPair(); 

     KeyInfoFactory kif = fac.getKeyInfoFactory(); 
     KeyValue kv = kif.newKeyValue(kp.getPublic()); 

     KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); 

     DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); 

     XMLSignature signature = fac.newXMLSignature(si, ki); 
     signature.sign(dsc); 

     TransformerFactory tf = TransformerFactory.newInstance(); 
     Transformer trans = tf.newTransformer(); 
     trans.transform(new DOMSource(doc), new StreamResult(new FileOutputStream("mySignedFile"))); 

     return doc; 
    } 

ma il problema è che sto ottenendo:

<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 

e non:

<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" /> 

Answer 1

ecco la soluzione:

trovo su questo link http://mail-archives.apache.org/mod_mbox/santuario-dev/200907.mbox/%3C4A704241.9060806@sun.com%3E il problema era RSA-SHA256 algoritmo:

ecco il codice risultante:

private static Document sign(Document doc) throws InstantiationException, IllegalAccessException, ClassNotFoundException, 
      NoSuchAlgorithmException, InvalidAlgorithmParameterException, KeyException, MarshalException, XMLSignatureException, 
      FileNotFoundException, TransformerException { 

     String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); 

     XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(providerName).newInstance()); 

     DigestMethod digestMethod = fac.newDigestMethod(DigestMethod.SHA256, null); 
     Transform transform = fac.newTransform(ENVELOPED, (TransformParameterSpec) null); 
     Reference reference = fac.newReference("", digestMethod, singletonList(transform), null, null); 
     SignatureMethod signatureMethod = fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", null); 
     CanonicalizationMethod canonicalizationMethod = fac.newCanonicalizationMethod(EXCLUSIVE, (C14NMethodParameterSpec) null); 

     // Create the SignedInfo 
     SignedInfo si = fac.newSignedInfo(canonicalizationMethod, signatureMethod, singletonList(reference)); 


     KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); 
     kpg.initialize(2048); 

     KeyPair kp = kpg.generateKeyPair(); 

     KeyInfoFactory kif = fac.getKeyInfoFactory(); 
     KeyValue kv = kif.newKeyValue(kp.getPublic()); 

     // Create a KeyInfo and add the KeyValue to it 
     KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); 
     DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()); 

     XMLSignature signature = fac.newXMLSignature(si, ki); 
     signature.sign(dsc); 

     TransformerFactory tf = TransformerFactory.newInstance(); 
     Transformer trans = tf.newTransformer(); 

     // output the resulting document 
     OutputStream os; 

     os = new FileOutputStream("xmlOut.xml"); 

     trans.transform(new DOMSource(doc), new StreamResult(os)); 
     return doc; 

    } 

Answer 2

Questi sono XML standard -Signatures. Vedere lo W3 Documentation on "XML-Signature Syntax and Processing" per le specifiche su come questo può essere fatto. Una rapida ricerca su google ha portato a questo howto scritto da Oracle sull'integrazione di XML Signatures in Java: XML Digital Signature API. Se hai ulteriori problemi, ti preghiamo di mostrarci cosa hai provato.

Answer 3

Hai <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> , perché è quello che hai chiesto: fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null). Come hai capito e gli stati https://blogs.oracle.com/mullan/entry/using_stronger_xml_signature_algorithms, fac.newSignatureMethod("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256", (SignatureMethodParameterSpec) null) ti daranno <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />.