VerifyXmlSignature.java
/*
* GovWay - A customizable API Gateway
* https://govway.org
*
* Copyright (c) 2005-2025 Link.it srl (https://link.it).
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 3, as published by
* the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
*/
package org.openspcoop2.utils.security;
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
import org.apache.xml.security.keys.KeyInfo;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.openspcoop2.utils.UtilsException;
import org.openspcoop2.utils.certificate.KeyStore;
import org.openspcoop2.utils.xml.DynamicNamespaceContext;
import org.openspcoop2.utils.xml.XPathExpressionEngine;
import org.openspcoop2.utils.xml.XPathReturnType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
/**
* VerifyXmlSignature
*
* @author Poli Andrea (apoli@link.it)
* @author $Author$
* @version $Rev$, $Date$
*/
public class VerifyXmlSignature {
private KeyStore keystore;
private Certificate certificate;
private KeyInfo keyInfo;
public VerifyXmlSignature(java.security.KeyStore keystore) throws UtilsException{
this(new KeyStore(keystore), null, false);
}
public VerifyXmlSignature(java.security.KeyStore keystore, String alias) throws UtilsException{
this(new KeyStore(keystore), alias, false);
}
public VerifyXmlSignature(java.security.KeyStore keystore, boolean addBouncyCastleProvider) throws UtilsException{
this(new KeyStore(keystore), null, addBouncyCastleProvider);
}
public VerifyXmlSignature(java.security.KeyStore keystore, String alias, boolean addBouncyCastleProvider) throws UtilsException{
this(new KeyStore(keystore), alias, addBouncyCastleProvider);
}
public VerifyXmlSignature(KeyStore keystore) throws UtilsException{
this(keystore, null, false);
}
public VerifyXmlSignature(KeyStore keystore, String alias) throws UtilsException{
this(keystore, alias, false);
}
public VerifyXmlSignature(KeyStore keystore, boolean addBouncyCastleProvider) throws UtilsException{
this(keystore, null, addBouncyCastleProvider);
}
public VerifyXmlSignature(KeyStore keystore, String alias, boolean addBouncyCastleProvider) throws UtilsException{
this.keystore = keystore;
if(alias==null){
this.certificate = this.keystore.getCertificate();
}
else{
this.certificate = this.keystore.getCertificate(alias);
}
try{
// Providers
if(addBouncyCastleProvider){
BouncyCastleProvider bouncyCastleProvider = new BouncyCastleProvider();
Security.addProvider(bouncyCastleProvider);
}
org.apache.xml.security.Init.init();
}catch(Exception e){
throw new UtilsException(e.getMessage(),e);
}
}
private Node signatureElement;
public boolean verify(Document element, boolean clean) throws UtilsException{
return this._verify(element.getDocumentElement(), clean);
}
public boolean verify(Element element, boolean clean) throws UtilsException{
return this._verify(element, clean);
}
private boolean _verify(Element element, boolean clean) throws UtilsException{
try{
XPathExpressionEngine xpathEngine = new XPathExpressionEngine();
DynamicNamespaceContext dnc = new DynamicNamespaceContext();
dnc.findPrefixNamespace(element);
Object o = xpathEngine.getMatchPattern(element, dnc, "//{http://www.w3.org/2000/09/xmldsig#}Signature", XPathReturnType.NODE);
if (o == null) {
throw new Exception("Signature element not found");
}
this.signatureElement = (Node) o;
org.apache.xml.security.signature.XMLSignature sigXMLSec = new org.apache.xml.security.signature.XMLSignature((Element)this.signatureElement, null);
boolean valida = sigXMLSec.checkSignatureValue((X509Certificate)this.certificate);
this.keyInfo = sigXMLSec.getKeyInfo();
// elimino elemento signature dal document
if(clean){
this.detach(element);
}
return valida;
}catch(Exception e){
throw new UtilsException(e.getMessage(),e);
}
}
public KeyInfo getKeyInfo() {
return this.keyInfo;
}
public void detach(Element element) throws UtilsException {
try{
if(this.signatureElement==null) {
throw new Exception("Signature element not found; invoke 'verify' method first");
}
element.removeChild(this.signatureElement);
}catch(Exception e){
throw new UtilsException(e.getMessage(),e);
}
}
}