如何使用apache santuario签署文档,以便签名位于标记内而不是MyXML标记的末尾?
<MyXML>
<SignaturePlace></SignaturePlace>
<DataToSign>BlaBlaBla</DataToSign>
</MyXML>
在标准JSE dsig库中有javax.xml.crypto.dsig.dom.DOMSignContext类,构造函数接受2个参数 - RSA私钥和生成的XMLSignature的父元素的位置。在apache santuario的实现中是否有类似的内容?
答案 0 :(得分:1)
是的,您可以使用Apache Santuario执行此操作。
以下是上述示例XML的示例代码:
// Assume "document" is the Document you want to sign, and that you have already have the cert and the key
// Construct the signature and add the necessary transforms, etc.
XMLSignature signature = new XMLSignature(document, null, XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
final Transforms transforms = new Transforms(document);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
signature.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
// Now insert the signature as the last child of the outermost node
document.getDocumentElement().appendChild(signature.getElement());
// Finally, actually sign the document.
signature.addKeyInfo(x509Certificate);
signature.addKeyInfo(x509Certificate.getPublicKey());
signature.sign(privateKey);
这种情况很简单,因为您希望签名是最外层节点的最后一个子节点。如果要在第3个子节点之前插入签名,首先要获得一个指向要插入签名的节点的节点,然后使用&#34; insertBefore()&#34;方法
final Node thirdChildNode = document.getFirstChild().getNextSibling().getNextSibling();
document.getDocumentElement().insertBefore(signature.getElement(), thirdChildNode);