change sign method (#6)

Author: carlosthe19916

src/main/java/io/github/project/openubl/xmlbuilderlib/xml/XMLSigner.java

@@ -34,12 +34,9 @@
 import java.io.IOException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
-import java.util.ArrayList;
 import java.util.Collections;
-import java.util.List;
 
 public class XMLSigner {
 
@@ -48,36 +45,28 @@ public static Document signXML(
             String referenceID,
             X509Certificate certificate,
             PrivateKey privateKey
-    ) throws ParserConfigurationException, NoSuchAlgorithmException, XMLSignatureException, InvalidAlgorithmParameterException, MarshalException, IOException, SAXException {
+    ) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException, XMLSignatureException, MarshalException, IOException, SAXException, ParserConfigurationException {
         Document document = XmlSignatureHelper.convertStringToXMLDocument(text);
         return signXML(document, referenceID, certificate, privateKey);
     }
 
     public static Document signXML(
-            Document copyDocument,
+            Document document,
             String referenceID,
             X509Certificate certificate,
             PrivateKey privateKey
     ) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, MarshalException, XMLSignatureException, ParserConfigurationException {
-//        Document copyDocument = XMLUtils.cloneDocument(document);
-
-        addUBLExtensions(copyDocument);
-        addUBLExtension(copyDocument);
-        Node nodeExtensionContent = addExtensionContent(copyDocument);
-
-        XMLSignatureFactory signatureFactory;
-        // Try to install the Santuario Provider - fall back to the JDK provider if this does
-        // not work
-        try {
-            signatureFactory = XMLSignatureFactory.getInstance("DOM", "ApacheXMLDSig");
-        } catch (NoSuchProviderException ex) {
-            signatureFactory = XMLSignatureFactory.getInstance("DOM");
-        }
+        addUBLExtensions(document);
+        addUBLExtension(document);
+        Node nodeExtensionContent = addExtensionContent(document);
 
-        DOMSignContext signContext = new DOMSignContext(privateKey, copyDocument.getDocumentElement());
+        // Start the signing process
+        DOMSignContext signContext = new DOMSignContext(privateKey, document.getDocumentElement());
         signContext.setDefaultNamespacePrefix("ds");
         signContext.setParent(nodeExtensionContent);
 
+        XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");
+
         Reference reference = signatureFactory.newReference("",
                 signatureFactory.newDigestMethod(DigestMethod.SHA1, null),
                 Collections.singletonList(signatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
@@ -86,25 +75,14 @@ public static Document signXML(
                 signatureFactory.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null),
                 signatureFactory.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(reference));
 
-        // Certificate
-        List<X509Certificate> x509Content = new ArrayList<>();
-        x509Content.add(certificate);
-
         KeyInfoFactory keyInfoFactory = signatureFactory.getKeyInfoFactory();
-        X509Data xdata = keyInfoFactory.newX509Data(x509Content);
+        X509Data xdata = keyInfoFactory.newX509Data(Collections.singletonList(certificate));
         KeyInfo keyInfo = keyInfoFactory.newKeyInfo(Collections.singletonList(xdata));
 
-        // Sign
-        XMLSignature signature = signatureFactory.newXMLSignature(signedInfo, keyInfo);
+        XMLSignature signature = signatureFactory.newXMLSignature(signedInfo, keyInfo, null, referenceID, null);
         signature.sign(signContext);
 
-        Element elementParent = (Element) signContext.getParent();
-        if ((referenceID != null) && (elementParent.getElementsByTagName("ds:Signature") != null)) {
-            Element elementSignature = (Element) elementParent.getElementsByTagName("ds:Signature").item(0);
-            elementSignature.setAttribute("Id", referenceID);
-        }
-
-        return copyDocument;
+        return document;
     }
 
     private static void addUBLExtensions(Document document) {

src/main/java/io/github/project/openubl/xmlbuilderlib/xml/XmlSignatureHelper.java

@@ -82,7 +82,7 @@ public static void transformNonTextNodeToOutputStream(Node node, OutputStream os
 
     public static byte[] getBytesFromDocument(Document outputDoc) throws Exception {
         ByteArrayOutputStream outStream = new ByteArrayOutputStream();
-        XmlSignatureHelper.transformNonTextNodeToOutputStream(outputDoc, outStream, false, "UTF-8");
+        XmlSignatureHelper.transformNonTextNodeToOutputStream(outputDoc, outStream, false, "ISO-8859-1");
         return outStream.toByteArray();
     }
 

src/test/java/io/github/project/openubl/xmlbuilderlib/xml/XMLSignerTest.java

@@ -0,0 +1,73 @@
+/**
+ * Copyright 2019 Project OpenUBL, Inc. and/or its affiliates
+ * and other contributors as indicated by the @author tags.
+ *
+ * Licensed under the Eclipse Public License - v 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * https://www.eclipse.org/legal/epl-2.0/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package io.github.project.openubl.xmlbuilderlib.xml;
+
+import io.github.project.openubl.xmlbuilderlib.integrationtest.utils.CertificateDetails;
+import io.github.project.openubl.xmlbuilderlib.integrationtest.utils.CertificateDetailsFactory;
+import org.junit.jupiter.api.Test;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.parsers.DocumentBuilderFactory;
+import java.io.InputStream;
+import java.util.Iterator;
+
+import static org.junit.jupiter.api.Assertions.assertTrue;
+
+public class XMLSignerTest {
+
+    @Test
+    public void signXML() throws Exception {
+        // Given
+        InputStream ksInputStream = Thread.currentThread().getContextClassLoader().getResourceAsStream("LLAMA-PE-CERTIFICADO-DEMO-10467793549.pfx");
+        CertificateDetails CERTIFICATE = CertificateDetailsFactory.create(ksInputStream, "password");
+
+        InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream("xml/invoice_specialCharacters.xml");
+
+        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+        dbf.setNamespaceAware(true);
+        Document documentToSign = dbf.newDocumentBuilder().parse(is);
+
+        // When
+        Document signedDocument = XMLSigner.signXML(documentToSign, "PROJECT-OPENUBL", CERTIFICATE.getX509Certificate(), CERTIFICATE.getPrivateKey());
+
+        // Then
+        NodeList nodeList = signedDocument.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
+        if (nodeList.getLength() == 0) {
+            throw new Exception("Cannot find Signature element");
+        }
+
+        DOMValidateContext valContext = new DOMValidateContext(CERTIFICATE.getX509Certificate().getPublicKey(), nodeList.item(0));
+        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
+        XMLSignature signature = fac.unmarshalXMLSignature(valContext);
+        boolean coreValidity = signature.validate(valContext);
+        assertTrue(coreValidity);
+
+        boolean signatureValidity = signature.getSignatureValue().validate(valContext);
+        assertTrue(signatureValidity);
+
+        Iterator<Reference> i = signature.getSignedInfo().getReferences().iterator();
+        for (int j = 0; i.hasNext(); j++) {
+            boolean refValid = i.next().validate(valContext);
+            assertTrue(refValid);
+        }
+    }
+}