请参阅下面的xml。我被要求对文件片段进行数字签名:
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="XYZAssertion" IssueInstant="2014-12-09T18:56:16.636Z" Version="2.0">
完成此操作后,目前标记的标记为:
<Reference URI="">
应该成为:
<Reference URI="#XYZAssertion">
我正在使用Apache Santuario并且发现了很多示例来完整地签署xml文档,但没有用于片段和使用Java设置Reference URI。鉴于这种环境,我如何签署片段?
这里是完整签署文档的基本代码:
// Instantiate the document to be signed
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(new FileInputStream(fileNameIn));
DOMSignContext dsc = new DOMSignContext(privateKey, doc.getDocumentElement());
XMLSignature signature = fac.newXMLSignature(si, ki);
// Marshal, generate (and sign) the enveloped signature
signature.sign(dsc);
XML:
<?xml version="1.0" encoding="UTF-8"?>
<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol" ID="XYZResponse" IssueInstant="2014-12-26T11:40:12.901-06:00" Version="2.0">
<saml:Issuer xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion">ComEdRRTPAssertion</saml:Issuer>
<samlp:Status>
<samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
</samlp:Status>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="XYZAssertion" IssueInstant="2014-12-09T18:56:16.636Z" Version="2.0">
<saml:Issuer>ComEdRRTP</saml:Issuer>
<saml:Subject>
<saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">user's RRTPID</saml:NameID>
<saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
<saml:SubjectConfirmationData NotOnOrAfter="2014-12-26T17:40:12.901-06:00" Recipient="https://test.amplifinity.net/ee/sso/HandleSamlLoginResponse" />
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Conditions NotBefore="2014-12-26T11:40:12.901-06:00" NotOnOrAfter="2014-12-26T17:40:12.901-06:00">
<saml:AudienceRestriction>
<saml:Audience>sso:sp:amplifinity</saml:Audience>
</saml:AudienceRestriction>
</saml:Conditions>
<saml:AuthnStatement AuthnInstant="2014-12-26T11:40:12.901-06:00" SessionIndex="1">
<saml:AuthnContext>
<saml:AuthnContextClassRef>urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified</saml:AuthnContextClassRef>
</saml:AuthnContext>
</saml:AuthnStatement>
<saml:AttributeStatement>
</saml:AttributeStatement>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>Xq7+w0EUWGyM1dsJqKsIlV1hPO0=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>VNPKl2vfj62PLCgcDxvGHL1R8noreaeOuHK0cKcTOOsNJ2SZ9q9n9A==</SignatureValue>
<KeyInfo>
<KeyValue>
<DSAKeyValue>
<P>...</P>
<Q>...</Q>
<G>.../G>
<Y>...</Y>
</DSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</saml:Assertion>
</samlp:Response>
答案 0 :(得分:0)
DOMSignContext接受一个XML元素及其子元素,然后XMLSignature对其进行签名。因此,您只需将其替换为您选择的XML元素,而不是使用doc.getDocumentElement()。该元素及其子女将签署。
请注意,我还没有亲自使用过该API,但这是文档所指示的内容。你试过吗?