/*
* Copyright 2005-2007 WSO2, Inc. (http://wso2.com)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.wso2.carbon.identity.provider.cards;
import org.apache.axiom.om.OMElement;
import org.apache.axis2.util.XMLUtils;
import org.apache.xml.security.Init;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.signature.ObjectContainer;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.Constants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.wso2.carbon.identity.provider.cards.model.CardModelException;
import org.wso2.carbon.identity.provider.cards.model.InformationCard;
import javax.xml.parsers.DocumentBuilderFactory;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
/**
* Generates signed information cards.
*/
public class Generator {
static {
Init.init();
}
private PrivateKey privateKey;
private X509Certificate cert;
private Certificate[] certChain;
private String signatureAlgorithm;
private String canonicalizationAlgorithm = Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
/**
* Sign the given information card content
*
* @param card Information card content to be signed
* @return Signed information card element
* @throws CardModelException
*/
public Element signCard(InformationCard card) throws CardModelException {
try {
OMElement omElement = card.serialize();
Element elem = XMLUtils.toDOM(omElement);
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().newDocument();
XMLSignature sig = new XMLSignature(doc, null, this.signatureAlgorithm,
this.canonicalizationAlgorithm);
doc.appendChild(sig.getElement());
ObjectContainer obj = new ObjectContainer(doc);
obj.appendChild(doc.importNode(elem, true));
String id = "_Object_InformationCard";
obj.setId(id);
sig.appendObject(obj);
Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
sig.addDocument("#" + id, transforms, Constants.ALGO_ID_DIGEST_SHA1);
if (this.certChain != null && this.certChain.length > 0) {
sig.addKeyInfo(certChain);
} else {
sig.addKeyInfo(this.cert);
}
sig.sign(this.privateKey);
return sig.getElement();
} catch (Exception e) {
throw new CardModelException(CardModelException.DEFAULT, e);
}
}
public PrivateKey getPrivateKey() {
return privateKey;
}
public void setPrivateKey(PrivateKey privateKey) {
this.privateKey = privateKey;
}
public String getSignatureAlgorithm() {
return signatureAlgorithm;
}
public void setSignatureAlgorithm(String signatureAlgorithm) {
this.signatureAlgorithm = signatureAlgorithm;
}
public String getCanonicalizationAlgorithm() {
return canonicalizationAlgorithm;
}
public void setCanonicalizationAlgorithm(String canonicalizationAlgorithm) {
this.canonicalizationAlgorithm = canonicalizationAlgorithm;
}
public X509Certificate getCert() {
return cert;
}
public void setCert(X509Certificate cert) {
this.cert = cert;
}
public void setCertChain(Certificate[] certCain) {
this.certChain = certCain;
}
}