source: fedd/abac-src/ttg/credential/SignCredential.java @ 59f3d1f

version-1.30
Last change on this file since 59f3d1f was 8780cbec, checked in by Jay Jacobs <Jay.Jacobs@…>, 15 years ago

ABAC sources from Cobham

  • Property mode set to 100644
File size: 3.2 KB
Line 
1package com.nailabs.abac.credential;
2
3import java.security.*;
4import java.security.cert.*;
5import org.w3c.dom.*;
6import org.apache.xml.security.signature.*;
7import org.apache.xml.security.exceptions.*;
8import org.apache.xml.security.transforms.Transforms;
9import org.apache.xml.security.utils.*;
10
11/**
12 * A utility for signing a credential domain document.
13 */
14public class SignCredential extends Application {
15    /** signature algorithm is set to DSA */
16    protected static String SIG_TYPE = XMLSignature.ALGO_ID_SIGNATURE_DSA;
17    /** digest algorithm is SHA-1 */
18    protected static String DIGEST_TYPE = Constants.ALGO_ID_DIGEST_SHA1;
19
20    protected static String KEY_PAIR_TYPE = "DSA";
21
22    protected PrivateKey privateKey = null;
23
24    protected PublicKey publicKey = null;
25   
26    protected X509Certificate cert = null;
27
28    /**
29     * Constructor for the application which reads in an XML document,
30     * parses the doc into a DOM tree, signs the document, and writes
31     * the signed tree into an XML file. Cryptographic material is supplied
32     * by a Java keystore.
33     */
34    public SignCredential(String argv[]) {
35        super(argv);
36        name = "SignCredential";
37        parseParameters();
38        getKeys();
39        readDoc();
40        signDoc();
41        writeDoc();
42    }
43
44    private void generateKeyPair() {
45        if(DEBUG) {
46            out.println("Generating random keypair for use in signature");
47            out.println("(useful for demo purposes only)" );
48        }
49        try {
50            KeyPairGenerator kpg = KeyPairGenerator.getInstance(KEY_PAIR_TYPE);
51            kpg.initialize(512);
52            KeyPair newKeyPair = kpg.generateKeyPair();
53            privateKey = newKeyPair.getPrivate();
54            publicKey = newKeyPair.getPublic();
55        } catch( java.security.NoSuchAlgorithmException nsae ) {
56            if(DEBUG)nsae.printStackTrace();
57        }
58    }
59
60    protected void getKeys() {
61        super.getKeys();       // loads the keystore to a class instance field
62        if( keys == null )
63            generateKeyPair(); // Generate a random, one-time-use key
64        else {
65            try {
66                cert = (X509Certificate)keyStore.getCertificate(alias);
67                publicKey = cert.getPublicKey();
68                privateKey = 
69                    (PrivateKey)keyStore.getKey(alias, password.toCharArray());
70            } catch( Exception e ) {
71                cert = null;
72                publicKey = null;
73                e.printStackTrace();
74            }
75        }
76    }
77
78    protected void signDoc() {
79        try {
80            String baseURI = outXML.toURL().toString();
81            XMLSignature sig = new XMLSignature(doc, baseURI, SIG_TYPE );
82            docElement.appendChild( sig.getElement() );
83            Transforms transforms = new Transforms( doc );
84            transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE );
85            transforms.addTransform( Transforms.TRANSFORM_C14N_WITH_COMMENTS );
86            if( includeTransform ) {
87                sig.addDocument("", transforms, DIGEST_TYPE);
88            }
89            if( includeCert && ( cert != null ) ) {
90                sig.addKeyInfo( cert );
91            } else if( publicKey != null )
92                sig.addKeyInfo( publicKey );
93            sig.sign( privateKey );
94        } catch( XMLSecurityException xmlse ) {
95            xmlse.printStackTrace();
96        } catch( java.net.MalformedURLException murle ) {
97            murle.printStackTrace();
98        }
99    }
100
101
102    /** standard main routine for launching the application */
103    public static void main(String argv[]) {
104        SignCredential sc = new SignCredential(argv);
105    }
106
107}
Note: See TracBrowser for help on using the repository browser.