2

Below is the XML Signature keyinfo I need to generate in Java.

<ds:KeyInfo Id="idhere">
<wsse:SecurityTokenReference wsse11:TokenType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1" wsu:Id="idhere" xmlns:wsse11="http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd">
<wsse:Reference URI="#X509" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509PKIPathv1"/>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>

Below is how far I have got so far in Java. How do I add a Security Token Reference to a Key Info?

KeyInfoFactory kif = fac.getKeyInfoFactory(); 

KeyInfo ki = kif.newKeyInfo(Collections.singletonList(Whatgoeshere?));  


XMLSignature signature = fac.newXMLSignature(si, ki,null,"id-2FC89B275743456788xtdcfyvg9014",null);

Any extra info needed feel free to ask. Thank you!

Cheeso
  • 189,189
  • 101
  • 473
  • 713
Ant s
  • 31
  • 1
  • 1
  • 5

1 Answers1

2

I have been struggling a bit myself with this today, but found a solution. For generating the security token reference I used an additional library besides the javax.xml.crypto namely org.apache.ws.security. The idea is to generate a security token reference with the needed keyinfo and then using the keyinfofactory to create the keyinfo object.

See example:

   import org.apache.ws.security.message.token.DOMX509Data;
   import org.apache.ws.security.message.token.DOMX509IssuerSerial;
   import org.apache.ws.security.message.token.SecurityTokenReference;

   import javax.xml.crypto.XMLStructure;
   import javax.xml.crypto.dom.DOMStructure;
   import javax.xml.crypto.dsig.keyinfo.*;

   SecurityTokenReference secRef = new SecurityTokenReference(doc);
               secRef.addWSSENamespace();

   String issuer = "issuer information";
   BigInteger serialNumber = new BigInteger("issuer serial number");
   DOMX509IssuerSerial domIssuerSerial = new DOMX509IssuerSerial(doc, issuer, serialNumber);
   DOMX509Data domX509Data = new DOMX509Data(doc, domIssuerSerial);
   secRef.setX509Data(domX509Data);

   XMLStructure structure = new DOMStructure(secRef.getElement());
   KeyInfo keyInfo = keyInfoFac.newKeyInfo(java.util.Collections.singletonList(structure), "key-info");

This would generate the keyinfo as followed:

<ds:KeyInfo Id="key-info">
    <wsse:SecurityTokenReference>
        <ds:X509Data>
            <ds:X509IssuerSerial>
                <ds:X509IssuerName>issuer information</ds:X509IssuerName>
                <ds:X509SerialNumber>issuer serial number</ds:X509SerialNumber>
            </ds:X509IssuerSerial>
        </ds:X509Data>
    </wsse:SecurityTokenReference>
</ds:KeyInfo>
piet.t
  • 11,718
  • 21
  • 43
  • 52
javamu
  • 21
  • 2