import javax.xml.crypto.*; import javax.xml.crypto.dsig.*; import javax.xml.crypto.dom.*; import javax.xml.crypto.dsig.dom.DOMSignContext; import javax.xml.crypto.dsig.keyinfo.*; import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; import java.io.FileInputStream; import java.io.FileOutputStream; import java.io.OutputStream; import java.security.*; import java.util.Arrays; import java.util.Collections; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.transform.*; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Document; import org.w3c.dom.Node; /** * This is a simple example of generating an Enveloping XML * Signature using the JSR 105 API. The signature in this case references a * local URI that points to an Object element. * The resulting signature will look like (certificate and * signature values will be different): * * 

 * 
 *   
 *     
 *     
 *     
 *       
 *       7/XTsHaBSOnJ/jXD5v0zL6VKYsk=
 *     
 *   
 *   
 *     RpMRbtMHLa0siSS+BwUpLIEmTfh/0fsld2JYQWZzCzfa5kBTz25+XA==
 *   
 *   
 *     
 *       
 *         

 *           /KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0Imbz
 *           RMqzVDZkVG9xD7nN1kuFw==
 *         

 *         
 *           li7dzDacuo67Jg7mtqEm2TRuOMU=
 *         
 *         
 *           Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMOH
 *           CBiNU0NogpsQW5QvnlMpA==
 *         
 *         
 *           wbEUaCgHZXqK4qLvbdYrAc6+Do0XVcsziCJqxzn4cJJRxwc3E1xnEXHscVgr1Cql9
 *           i5fanOKQbFXzmb+bChqig==
 *         
 *       
 *     
 *   
 *   some text
 * 
 *
 *
*/ public class GenEnveloping { // // Synopis: java GenEnveloping [output] // // where "output" is the name of a file that will contain the // generated signature. If not specified, standard ouput will be used. // public static void main(String[] args) throws Exception { // First, create the DOM XMLSignatureFactory that will be used to // generate the XMLSignature XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); // Next, create a Reference to a same-document URI that is an Object // element and specify the SHA1 digest algorithm Reference ref = fac.newReference("#object", fac.newDigestMethod(DigestMethod.SHA1, null)); // Next, create the referenced Object DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); Document doc = dbf.newDocumentBuilder().newDocument(); Node text = doc.createTextNode("some text"); XMLStructure content = new DOMStructure(text); XMLObject obj = fac.newXMLObject (Collections.singletonList(content), "object", null, null); // Create the SignedInfo SignedInfo si = fac.newSignedInfo( fac.newCanonicalizationMethod (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), Collections.singletonList(ref)); // Create a DSA KeyPair KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); kpg.initialize(512); KeyPair kp = kpg.generateKeyPair(); // Create a KeyValue containing the DSA PublicKey that was generated KeyInfoFactory kif = fac.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(kp.getPublic()); // Create a KeyInfo and add the KeyValue to it KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); // Create the XMLSignature (but don't sign it yet) XMLSignature signature = fac.newXMLSignature(si, ki, Collections.singletonList(obj), null, null); // Create a DOMSignContext and specify the DSA PrivateKey for signing // and the document location of the XMLSignature DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc); // Lastly, generate the enveloping signature using the PrivateKey signature.sign(dsc); // output the resulting document OutputStream os; if (args.length > 0) { os = new FileOutputStream(args[0]); } else { os = System.out; } TransformerFactory tf = TransformerFactory.newInstance(); Transformer trans = tf.newTransformer(); trans.transform(new DOMSource(doc), new StreamResult(os)); } }