I already know other questions which proposes the proxy app solution.
#paulsm4 Thanks for your comment. This works for me.
"You can always read the Microsoft docs for the .Net dll assembly format, and parse relevant bytes from the binary file in Java manually."
Is there any way to make XAdES signature using Google Cloud KMS? I cannot find any info about it.
Wow, XAdES is a maze of twisty standards documents, it's tough to find what is supported. From what I can tell, XMLDSIG originally supported DSA and RSA-SHA1 which are now pretty dated and neither is supported by Cloud KMS's algorithms.
In 2013 XML Signature Syntax and Processing Version 1.1 which specified some more algorithms, including an RSA algorithm with SHA-256 which should be compatible with Cloud KMS's RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256 and RSA_SIGN_PKCS1_4096_SHA256. and I believe its ECDSAwithSHA384 should be compatible with Cloud KMS's EC_SIGN_P384_SHA384.
There may have been further developments since then with other supported algorithms. I suspect that particular XAdES implementations or interoperability groups may only support a selection of algorithms, so you may need to check with those for interoperable algorithms.
All that said, Cloud KMS does not provide the tooling to encode the documents for signing nor encode the signatures in a way compatible with XAdES, so while I believe, if you had algorithmic compatibility, you could implement signing with keys stored in Cloud KMS, but it would take a chunk of work to do the various format conversions.
Thanks for using GCP and Cloud KMS. If you have more info on what you wish it could do, I'd be happy to get the request.
My server is written in Java (on GAE). It includes some data classes that I share with an Android client, and would now like to also share with a Dart web client.
By 'share' I mean that I serialize them to JSON and use HTTP or GCM to sync them between client and server.
So, I'm looking for a tool that will generate Dart equivalents for the relevant Java classes, so I don't have to create them manually.
Google Cloud Endpoints does this (converts data classes from GAE languages to client languages) but Dart is not currently amongst the support languages.
I guess GCE could be used to generate js, which could then be used in Dart app, but that is not ideal. So I think this is a possible solution but not an adequate one.
The other problem with this is that the code conversion of is tightly bound to the GCE service - it can't be used independently of GCE and the only way to get GCE to convert your classes is to include them in a GCE interface.
(If they added Dart support to GCE, made the code translator more independent of GCE, and added some features such as an #Ignore attribute, I think it would be very useful!)
The "ad-hoc Java-to-Dart translator" was "written in three days" by Stefan Matthias Aust (last revised on 2014-01-03). The author notes that "there might be errors", and that "I didn't cover annotations and some esotheric[sic] generics syntax."
He provides some useful guidelines for keeping your Java code dart friendly:
"Because Dart doesn't support overloading methods, I strongly recommend to first rename (using your favorite IDE) those methods in Java. I also noticed that Dart doesn't like if types, fields, or methods have the same name. Again, I recommend to rename all such occurrences before translating. He also notes that Dart doesn't support a character type.
You can use this package to generate Dart client code for Google Cloud Endpoints http://pub.dartlang.org/packages/discovery_api_client_generator.
I also successfully used Protocol Buffers for a similar scenario
- http://pub.dartlang.org/search?q=protobuf
- http://pub.dartlang.org/packages/protobuf_builder
See also https://developers.google.com/protocol-buffers/
Does Java have a built in XML library for generating and parsing documents? If not, which third party one should I be using?
The Sun Java Runtime comes with the Xerces and Xalan implementations that provide the ability to parse XML (via the DOM and SAX intefaces), and also perform XSL transformations and execute XPath queries.
However, it is better to use the JAXP API to work on XML, since JAXP allows you to not worry about the underlying implementation used (Xerces or Crimson or any other). When you use JAXP, at runtime the JRE will use the service provider it can locate, to perform the needed operations. As indicated previously, Xerces/Xalan will be used since it is shipped with the Sun JRE (not others though), so you dont have to download and install a specific provider (say, a different version of Xerces, or Crimson).
A basic JAXP tutorial can be found in The J2EE 1.4 tutorial (Its from the J2EE tutorial, but it will help).
Do note that the Xerces/Xalan implementations provided by the Sun JRE, will not be found in the org.apache.xerces.* or org.apache.xalan.* packages. Instead, they will be present in the internal com.sun.org.apache.xerces.* and com.sun.org.apache.xalan.* packages.
By the way, JDOM is not an XML parser - it will use the parser provided to it by JAXP in order to provide you with an easier abstraction to work with.
Yes. It has a two options in the javax.xml package: DOM builds documents in memory, and SAX is an event-based approach.
You may also want to look at JDOM, which is a 3rd party library that offers a combination of the two, and can be easier to use.
Yes. Java contains javax.xml library. You can checkout some samples at Sun's Java API for XML Code Samples.
However, I personally like using JDOM library.
javax.xml package contains Java's native XML solution which is actually a special version of Xerces. You can do what you asked with it, however using 3rd party libraries such as JDOM makes the whole process a lot easier.
Have a look at JAX-B This is increasingly the "standard" way to do XML processing. Uses Java annotations to simplify the programming model. The reference gives sample code for reading and writing XML.
Java does come with a large set of packages and classes to handle XML. These are part of the Standard Edition JDK, and located under the javax.xml package.
Aside from reading XML and writing it with DOM or SAX, these packages also perform XSL transformations, JAX-B object marshalling and unmarshalling, XPath processing and web services SOAP handling. I advise you to read more about these online in Sun's excellent tutorials.
I can't tell you which one to use (few requirements specified, and there
are a dozen libraries), but I would seriously consider XOM (here).
Written by Eliotte Rusty Harold, it is quite complete in terms of the XML
spec, and generally excellent. I have found it very easy to use. See the
link above for Harold's motivation and criticism of other solutions.
You could have a look to the javax.xml package, which contains everything you need to work with XML documents in Java...
Java API for XML Processing (JAXP) is part of standard library JavaSE. JAXP allows you to code against standard interface and lets you pick the parser implementation later if needed.
The Java API for XML Processing, or
JAXP for short, enables applications
to parse and transform XML documents
using an API that is independent of a
particular XML processor
implementation. JAXP also provides a
pluggability feature which enables
applications to easily switch between
particular XML processor
implementations.
You can use StAX (streaming API for XML)
http://en.wikipedia.org/wiki/StAX
http://www.xml.com/pub/a/2003/09/17/stax.html
https://sjsxp.dev.java.net/
StAx is optimized to process large xml files, without causing OOM (out of memory) problem :)
As is said above... Java's SDK now comes with Xerces and Xalan. Xalan only implements version 1.0 of the XSLT API, so if you want 2.0, you should look at Saxon from Michael Kay.
Right now I'm using BinaryNotes to parse ASN.1 files for use in a Java project. It takes an ASN.1 definition and produces Java class(s) that let me manipulate ASN.1 files.
I've hit a wall with extension markers (...) because it doesn't support them. The source forge project page says they're coming in the next release, but the last release was nearly 2 years ago so I fear the project is dead.
Can anyone recommend an easy (and $free) replacement that does a similar thing and does support extension markers?
Have you tried Bouncy Castle.
From the site:
Bouncy Castle Crypto APIs for Java consist of the following:
A lightweight cryptography API.
A provider for the Java Cryptography Extension and the Java Cryptography Architecture.
A clean room implementation of the JCE 1.2.1.
A library for reading and writing encoded ASN.1 objects.
...
Binary Notes is unsupported, but you can try jASN1 from OpenMuc. It appears to be based in part on Binary Notes and is currently active. The jASN1 libraries are available for download on their home page, and on JCenter and Maven Central under the group org.openmuc