add support for ecdsa-ripemd160

honwhy · Sep 9, 2018 · 950c7b1 · 950c7b1
1 parent 45f5963
commit 950c7b1
Show file tree

Hide file tree

Showing 3 changed files with 61 additions and 9 deletions.
diff --git a/src/main/java/com/honey/xmlsec/BcSignatureAlgorithm.java b/src/main/java/com/honey/xmlsec/BcSignatureAlgorithm.java
@@ -13,6 +13,9 @@ public class BcSignatureAlgorithm extends AbstractSignatureAlgorithm {
 
     protected Signature engine;
     protected static BouncyCastleProvider provider = new BouncyCastleProvider();
+    static {
+        Security.addProvider(provider);
+    }
     public BcSignatureAlgorithm(Document doc, String algorithmURI) throws XMLSecurityException {
         super(doc, algorithmURI);
         initEngine();

diff --git a/src/main/java/com/honey/xmlsec/MyUtil.java b/src/main/java/com/honey/xmlsec/MyUtil.java
@@ -2,6 +2,7 @@
 
 import org.apache.xml.security.algorithms.SignatureAlgorithm;
 import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.encryption.XMLCipherParameters;
 import org.apache.xml.security.keys.KeyInfo;
 import org.apache.xml.security.keys.content.X509Data;
 import org.apache.xml.security.signature.XMLSignature;
@@ -127,5 +128,42 @@ public String signWithCert(String sourceXml, PrivateKey privateKey, X509Certific
         return new String(bos.toByteArray(), "utf-8");
     }
 
+    public String signWithCertEcdsa(String sourceXml, PrivateKey privateKey, X509Certificate signingCert) throws Exception {
+
+        Document doc = null;
+        try (InputStream is = new ByteArrayInputStream(sourceXml.getBytes(Charset.forName("utf-8")))) {
+            doc = MyXMLUtils.read(is, false);
+        }
+
+        Element root = doc.getDocumentElement();
+
+        Element canonElem =
+                XMLUtils.createElementInSignatureSpace(doc, Constants._TAG_CANONICALIZATIONMETHOD);
+        canonElem.setAttributeNS(
+                null, Constants._ATT_ALGORITHM, Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS
+        );
+
+        AbstractSignatureAlgorithm signatureAlgorithm =
+                new BcEcdsaSignatureAlgorithm(doc, XMLSignature.ALGO_ID_SIGNATURE_ECDSA_RIPEMD160);
+        XMLSignature sig =
+                new XMLSignature(doc, null, signatureAlgorithm.getElement(), canonElem);
+
+        root.appendChild(sig.getElement());
+        Transforms transforms = new Transforms(doc);
+        transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
+        sig.addDocument("", transforms, XMLCipherParameters.RIPEMD_160);
+
+        //sig.addKeyInfo(signingCert);
+        X509Data x509data = new X509Data(doc);
+        x509data.addCertificate(signingCert);
+
+        sig.getKeyInfo().add(x509data);
+        //sig.sign(privateKey);
+        signatureAlgorithm.doSign(privateKey,sig.getSignedInfo());
+        ByteArrayOutputStream bos = new ByteArrayOutputStream();
+
+        XMLUtils.outputDOMc14nWithComments(doc, bos);
+        return new String(bos.toByteArray(), "utf-8");
+    }
 
 }
diff --git a/src/test/java/com/honey/xmlsec/XmlSecApplicationTests.java b/src/test/java/com/honey/xmlsec/XmlSecApplicationTests.java
@@ -23,7 +23,9 @@ public void contextLoads() {
 	}
 	private static final String BASEDIR = System.getProperty("basedir");
 	private static final String SEP = System.getProperty("file.separator");
-
+	private static final String ECDSA_JKS =
+			"src/test/resources/ecdsa.jks";
+	private static final String ECDSA_JKS_PASSWORD = "security";
 	private static KeyPair keyPair;
 	static {
 		try {
@@ -45,11 +47,11 @@ public static void main(String[] args) throws Exception{
 			fis = new FileInputStream("src/test/resources/sample.xml");
 		}
 		String body = getFileContent(fis, "utf-8");
-		String signedXml = myUtil.signWithKeyPair(body, keyPair);
-		System.out.println(signedXml);
+		//String signedXml = myUtil.signWithKeyPair(body, keyPair);
+		//System.out.println(signedXml);
 
-		boolean validate = myUtil.verify(signedXml);
-		System.out.println(validate);
+		//boolean validate = myUtil.verify(signedXml);
+		//System.out.println(validate);
 		/* doSignWithCert */
 		KeyStore ks = KeyStore.getInstance("JKS");
 		FileInputStream fis2 = null;
@@ -63,11 +65,20 @@ public static void main(String[] args) throws Exception{
 		PrivateKey privateKey = (PrivateKey) ks.getKey("transmitter", "default".toCharArray());
 		X509Certificate signingCert = (X509Certificate) ks.getCertificate("transmitter");
 
-		String signed2 = myUtil.signWithCert(body, privateKey, signingCert);
-		System.out.println(signed2);
-		boolean validate2 = myUtil.verify(signed2);
-		System.out.println(validate2);
+		//String signed2 = myUtil.signWithCert(body, privateKey, signingCert);
+		//System.out.println(signed2);
+		//boolean validate2 = myUtil.verify(signed2);
+		//System.out.println(validate2);
+		// ecdsa
+		KeyStore keyStore;
+		keyStore = KeyStore.getInstance("JKS");
+		keyStore.load(new FileInputStream(ECDSA_JKS), ECDSA_JKS_PASSWORD.toCharArray());
+		PrivateKey privateKey2 =
+				(PrivateKey)keyStore.getKey("ECDSA", ECDSA_JKS_PASSWORD.toCharArray());
 
+		X509Certificate x509 = (X509Certificate)keyStore.getCertificate("ECDSA");
+		String signed3 = myUtil.signWithCertEcdsa(body, privateKey2, x509);
+		System.err.println(signed3);
 		/** close streams */
 		fis.close();
 		//fis2.close();