Source code

001package org.hl7.fhir.r5.utils;
002
003/*
004  Copyright (c) 2011+, HL7, Inc.
005  All rights reserved.
006  
007  Redistribution and use in source and binary forms, with or without modification, 
008  are permitted provided that the following conditions are met:
009    
010   * Redistributions of source code must retain the above copyright notice, this 
011     list of conditions and the following disclaimer.
012   * Redistributions in binary form must reproduce the above copyright notice, 
013     this list of conditions and the following disclaimer in the documentation 
014     and/or other materials provided with the distribution.
015   * Neither the name of HL7 nor the names of its contributors may be used to 
016     endorse or promote products derived from this software without specific 
017     prior written permission.
018  
019  THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND 
020  ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 
021  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. 
022  IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, 
023  INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 
024  NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR 
025  PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, 
026  WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 
027  ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 
028  POSSIBILITY OF SUCH DAMAGE.
029  
030 */
031
032
033
034import java.io.ByteArrayInputStream;
035import java.io.FileOutputStream;
036import java.io.OutputStream;
037import java.nio.file.Files;
038import java.nio.file.Paths;
039import java.security.KeyFactory;
040import java.security.PrivateKey;
041import java.security.PublicKey;
042import java.security.spec.PKCS8EncodedKeySpec;
043import java.security.spec.X509EncodedKeySpec;
044import java.util.Collections;
045
046import javax.xml.crypto.dsig.CanonicalizationMethod;
047import javax.xml.crypto.dsig.DigestMethod;
048import javax.xml.crypto.dsig.Reference;
049import javax.xml.crypto.dsig.SignatureMethod;
050import javax.xml.crypto.dsig.SignedInfo;
051import javax.xml.crypto.dsig.Transform;
052import javax.xml.crypto.dsig.XMLSignature;
053import javax.xml.crypto.dsig.XMLSignatureFactory;
054import javax.xml.crypto.dsig.dom.DOMSignContext;
055import javax.xml.crypto.dsig.keyinfo.KeyInfo;
056import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
057import javax.xml.crypto.dsig.keyinfo.KeyValue;
058import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
059import javax.xml.crypto.dsig.spec.TransformParameterSpec;
060import javax.xml.parsers.DocumentBuilder;
061import javax.xml.parsers.DocumentBuilderFactory;
062
063import org.hl7.fhir.utilities.MarkedToMoveToAdjunctPackage;
064import org.hl7.fhir.utilities.Utilities;
065import org.hl7.fhir.utilities.filesystem.ManagedFileAccess;
066import org.hl7.fhir.utilities.xml.XMLUtil;
067import org.hl7.fhir.utilities.xml.XmlGenerator;
068import org.w3c.dom.Document;
069
070@MarkedToMoveToAdjunctPackage
071public class DigitalSignatures {
072
073  public static PrivateKey getPrivateKey(String filename) throws Exception {
074
075    byte[] keyBytes = Files.readAllBytes(Paths.get(filename));
076
077    PKCS8EncodedKeySpec spec =
078        new PKCS8EncodedKeySpec(keyBytes);
079    KeyFactory kf = KeyFactory.getInstance("RSA");
080    return kf.generatePrivate(spec);
081  }
082
083  public static PublicKey getPublicKey(String filename) throws Exception {
084
085    byte[] keyBytes = Files.readAllBytes(Paths.get(filename));
086
087    X509EncodedKeySpec spec = new X509EncodedKeySpec(keyBytes);
088    KeyFactory kf = KeyFactory.getInstance("RSA");
089    return kf.generatePublic(spec);
090  }
091
092  public static void main(String[] args) throws Exception {
093    // http://docs.oracle.com/javase/7/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html
094    //
095    byte[] inputXml = "<Envelope xmlns=\"urn:envelope\">\r\n</Envelope>\r\n".getBytes();
096    // load the document that's going to be signed
097    DocumentBuilderFactory dbf = XMLUtil.newXXEProtectedDocumentBuilderFactory();
098    dbf.setNamespaceAware(true);
099    DocumentBuilder builder = dbf.newDocumentBuilder();  
100    Document doc = builder.parse(new ByteArrayInputStream(inputXml)); 
101    
102//    // create a key pair
103//    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
104//    kpg.initialize(512);
105//    KeyPair kp = kpg.generateKeyPair(); 
106    PublicKey pub = getPublicKey("C:\\work\\fhirserver\\tests\\signatures\\public_key.der");
107    PrivateKey priv = getPrivateKey("C:\\work\\fhirserver\\tests\\signatures\\private_key.der");
108    
109    // sign the document
110    DOMSignContext dsc = new DOMSignContext(priv, doc.getDocumentElement()); 
111    XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); 
112   
113    Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
114    SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
115    
116    KeyInfoFactory kif = fac.getKeyInfoFactory(); 
117    KeyValue kv = kif.newKeyValue(pub);
118    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
119    XMLSignature signature = fac.newXMLSignature(si, ki); 
120    signature.sign(dsc);
121    
122    OutputStream os = ManagedFileAccess.outStream(Utilities.path("[tmp]", "java-digsig.xml"));
123    new XmlGenerator().generate(doc.getDocumentElement(), os);
124  }
125}