I really, really need help.
We are trying to sign and validate XML content. As we needed a Certificate Authority (CA) for testing purposes, one was created using the "Microsoft Certificate Services" (http://www.codeproject.com/KB/WCF/wcf_certificates.aspx). We have a "Windows 2003 Server" for this job.
The problem is that I have to be able to sign XML content using certificates generated by this CA (I've requested and installed one from the CA) and I can't! I've exported the certificate so I could load it using "CertPath" but I'm having problems (obviously).
The big deal is that the only way I know how to sign XML data (at least, the only way I've found how to) is using "XMLSignature.sign" that demands a "DOMSignContext" that demands a private key, but I can't get its private key!
Please, please, please... HELP ME!
Here's how I get the X509Cert certificate from a "pks.p7b" file (exported):
FileInputStream certFileStream = new FileInputStream(PKCS7_CertFile);
// instantiate a CertificateFactory for X.509
CertificateFactory cf = CertificateFactory.getInstance("X.509");
// extract the certification path from
// the PKCS7 SignedData structure
CertPath certPath = cf.generateCertPath(certFileStream, "PKCS7");
// print each certificate in the path
Certificate[] certsInPath = certPath.getCertificates()
.toArray(new Certificate[0]);
X509Certificate X509Cert = null;
for (Certificate cert : certsInPath) {
if (cert instanceof X509Certificate) {
X509Cert = (X509Certificate) cert;
break;
}
}
The rest of the code is as follows:
// Create a DOM XMLSignatureFactory that will be used to generate the
// enveloped signature
XMLSignatureFactory xmlSignFactory = XMLSignatureFactory.getInstance("DOM");
// Create a KeyValue containing the DSA PublicKey that was generated
KeyInfoFactory kInfoFactory = xmlSignFactory.getKeyInfoFactory();
List x509Content = new ArrayList();
x509Content.add(X509Cert.getSubjectX500Principal().getName());
x509Content.add(X509Cert);
X509Data x509Data = kInfoFactory.newX509Data(x509Content);
KeyInfo kInfo = kInfoFactory.newKeyInfo(Collections.singletonList(x509Data));
// Instantiate the document to be signed
DocumentBuilderFactory docBuildFactory = DocumentBuilderFactory.newInstance();
docBuildFactory.setNamespaceAware(true);
Document doc = docBuildFactory.newDocumentBuilder().parse(new FileInputStream(fileToBeSigned));
And the big problem is right here:
// Create a DOMSignContext and specify the DSA PrivateKey and
// location of the resulting XMLSignature's parent element
DOMSignContext dsc = new DOMSignContext(?, doc.getDocumentElement());
Where "?" should be something like "KeyPair.getPrivate()", but I do not create a key pair, it should come in the certificate, shouldn't it?
HELP!!!! I'm loosing it.