I need to sign XML document using JSR 105 api. I have already figured out, how to do it using standard provider, but now I need my code to support HSM. And this is problem.
If I initialize signing like this:
XMLSignatureFactory fac;
fac = XMLSignatureFactory.getInstance("DOM");
and if I use private key obtained through HSM (SunPKCS11 provider), I receive this exception / error:
my.exception.InternalServerErrorException: Internal server
error: Create signature problem
Caused by: javax.xml.crypto.dsig.XMLSignatureException:
java.security.InvalidKeyException: No installed provider supports this key: sun.security.pkcs11.P11Key$P11PrivateKey
at
org.apache.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:411) ~[xmlsec-1.5.7.jar:1.5.7]
If I initialize signature factory with SunPkcs11 provider, this way:
XMLSignatureFactory fac;
fac = XMLSignatureFactory.getInstance("DOM", provider);
I'm getting this exception:
Caused by: javax.xml.crypto.NoSuchMechanismException: java.security.NoSuchAlgorithmException: no such algorithm: DOM for provider SunPKCS11-SunPKCS11
I googled a bit and found, that provider used in XML signing must have JSR 105 extension, but SunPkcs11 seems it doesn't have one. If it had one, it would work.
Does anybody know, how to solve this situation using opensource or Java / Oracle provided code?
Thank you, Josef
