public class SignatureInfo
extends java.lang.Object
This class is the default entry point for XML signatures and can be used for validating an existing signed office document and signing a office document.
Validating a signed office document
OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ); SignatureConfig sic = new SignatureConfig(); sic.setOpcPackage(pkg); SignatureInfo si = new SignatureInfo(); si.setSignatureConfig(sic); boolean isValid = si.validate(); ...
Signing an office document
// loading the keystore - pkcs12 is used here, but of course jks & co are also valid // the keystore needs to contain a private key and it's certificate having a // 'digitalSignature' key usage char password[] = "test".toCharArray(); File file = new File("test.pfx"); KeyStore keystore = KeyStore.getInstance("PKCS12"); FileInputStream fis = new FileInputStream(file); keystore.load(fis, password); fis.close(); // extracting private key and certificate String alias = "xyz"; // alias of the keystore entry Key key = keystore.getKey(alias, password); X509Certificate x509 = (X509Certificate)keystore.getCertificate(alias); // filling the SignatureConfig entries (minimum fields, more options are available ...) SignatureConfig signatureConfig = new SignatureConfig(); signatureConfig.setKey(keyPair.getPrivate()); signatureConfig.setSigningCertificateChain(Collections.singletonList(x509)); OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ_WRITE); signatureConfig.setOpcPackage(pkg); // adding the signature document to the package SignatureInfo si = new SignatureInfo(); si.setSignatureConfig(signatureConfig); si.confirmSignature(); // optionally verify the generated signature boolean b = si.verifySignature(); assert (b); // write the changes back to disc pkg.close();
Implementation notes:
Although there's a XML signature implementation in the Oracle JDKs 6 and higher, compatibility with IBM JDKs is also in focus (... but maybe not thoroughly tested ...). Therefore we are using the Apache Santuario libs (xmlsec) instead of the built-in classes, as the compatibility seems to be provided there.
To use SignatureInfo and its sibling classes, you'll need to have the following libs in the classpath:
Constructor and Description |
---|
SignatureInfo() |
Modifier and Type | Method and Description |
---|---|
void |
confirmSignature()
add the xml signature to the document
|
javax.xml.crypto.dsig.dom.DOMSignContext |
createXMLSignContext(org.w3c.dom.Document document)
Convenience method for creating the signature context
|
javax.xml.crypto.dsig.keyinfo.KeyInfoFactory |
getKeyInfoFactory() |
OPCPackage |
getOpcPackage() |
SignatureConfig |
getSignatureConfig() |
javax.xml.crypto.dsig.XMLSignatureFactory |
getSignatureFactory() |
java.lang.Iterable<SignaturePart> |
getSignatureParts() |
javax.xml.crypto.URIDereferencer |
getUriDereferencer() |
protected void |
initXmlProvider()
Initialize the xml signing environment and the bouncycastle provider
|
void |
postSign(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext,
java.lang.String signatureValue)
Helper method for adding informations after the signing.
|
org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo |
preSign(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext)
Helper method for adding informations before the signing.
|
protected void |
registerEventListener(org.w3c.dom.Document document) |
void |
setKeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory keyInfoFactory) |
void |
setOpcPackage(OPCPackage opcPackage) |
void |
setProvider(java.security.Provider provider) |
void |
setSignatureConfig(SignatureConfig signatureConfig) |
void |
setSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory signatureFactory) |
void |
setUriDereferencer(javax.xml.crypto.URIDereferencer uriDereferencer) |
java.lang.String |
signDigest(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext,
org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo signedInfo)
Sign (encrypt) the digest with the private key.
|
boolean |
verifySignature() |
protected void |
writeDocument(org.w3c.dom.Document document)
Write XML signature into the OPC package
|
public SignatureConfig getSignatureConfig()
public void setSignatureConfig(SignatureConfig signatureConfig)
signatureConfig
- the signature config, needs to be set before a SignatureInfo object is usedpublic void setOpcPackage(OPCPackage opcPackage)
public OPCPackage getOpcPackage()
public javax.xml.crypto.URIDereferencer getUriDereferencer()
public void setUriDereferencer(javax.xml.crypto.URIDereferencer uriDereferencer)
public boolean verifySignature()
public void confirmSignature() throws javax.xml.crypto.dsig.XMLSignatureException, javax.xml.crypto.MarshalException
javax.xml.crypto.dsig.XMLSignatureException
- if the signature can't be calculatedjavax.xml.crypto.MarshalException
- if the document can't be serializedpublic javax.xml.crypto.dsig.dom.DOMSignContext createXMLSignContext(org.w3c.dom.Document document)
document
- the document the signature is based onpublic java.lang.String signDigest(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext, org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo signedInfo)
public java.lang.Iterable<SignaturePart> getSignatureParts()
public org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo preSign(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext) throws javax.xml.crypto.dsig.XMLSignatureException, javax.xml.crypto.MarshalException
confirmSignature()
is sufficient to be used.javax.xml.crypto.dsig.XMLSignatureException
javax.xml.crypto.MarshalException
protected void registerEventListener(org.w3c.dom.Document document)
public void postSign(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext, java.lang.String signatureValue) throws javax.xml.crypto.MarshalException
confirmSignature()
is sufficient to be used.javax.xml.crypto.MarshalException
protected void writeDocument(org.w3c.dom.Document document) throws javax.xml.crypto.MarshalException
document
- the xml signature documentjavax.xml.crypto.MarshalException
- if the document can't be serializedpublic void setProvider(java.security.Provider provider)
public void setSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory signatureFactory)
public javax.xml.crypto.dsig.XMLSignatureFactory getSignatureFactory()
public void setKeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory keyInfoFactory)
public javax.xml.crypto.dsig.keyinfo.KeyInfoFactory getKeyInfoFactory()
protected void initXmlProvider()
Copyright 2021 The Apache Software Foundation or its licensors, as applicable.