public class SignatureInfo
extends java.lang.Object
This class is the default entry point for XML signatures and can be used for validating an existing signed office document and signing a office document.
Validating a signed office document
OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ); SignatureConfig sic = new SignatureConfig(); sic.setOpcPackage(pkg); SignatureInfo si = new SignatureInfo(); si.setSignatureConfig(sic); boolean isValid = si.validate(); ...
Signing an office document
// loading the keystore - pkcs12 is used here, but of course jks & co are also valid
// the keystore needs to contain a private key and it's certificate having a
// 'digitalSignature' key usage
char password[] = "test".toCharArray();
File file = new File("test.pfx");
KeyStore keystore = KeyStore.getInstance("PKCS12");
FileInputStream fis = new FileInputStream(file);
keystore.load(fis, password);
fis.close();
// extracting private key and certificate
String alias = "xyz"; // alias of the keystore entry
Key key = keystore.getKey(alias, password);
X509Certificate x509 = (X509Certificate)keystore.getCertificate(alias);
// filling the SignatureConfig entries (minimum fields, more options are available ...)
SignatureConfig signatureConfig = new SignatureConfig();
signatureConfig.setKey(keyPair.getPrivate());
signatureConfig.setSigningCertificateChain(Collections.singletonList(x509));
OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ_WRITE);
signatureConfig.setOpcPackage(pkg);
// adding the signature document to the package
SignatureInfo si = new SignatureInfo();
si.setSignatureConfig(signatureConfig);
si.confirmSignature();
// optionally verify the generated signature
boolean b = si.verifySignature();
assert (b);
// write the changes back to disc
pkg.close();
Implementation notes:
Although there's a XML signature implementation in the Oracle JDKs 6 and higher, compatibility with IBM JDKs is also in focus (... but maybe not thoroughly tested ...). Therefore we are using the Apache Santuario libs (xmlsec) instead of the built-in classes, as the compatibility seems to be provided there.
To use SignatureInfo and its sibling classes, you'll need to have the following libs in the classpath:
| Constructor and Description |
|---|
SignatureInfo() |
| Modifier and Type | Method and Description |
|---|---|
void |
confirmSignature()
add the xml signature to the document
|
javax.xml.crypto.dsig.dom.DOMSignContext |
createXMLSignContext(org.w3c.dom.Document document)
Convenience method for creating the signature context
|
javax.xml.crypto.dsig.keyinfo.KeyInfoFactory |
getKeyInfoFactory() |
OPCPackage |
getOpcPackage() |
SignatureConfig |
getSignatureConfig() |
javax.xml.crypto.dsig.XMLSignatureFactory |
getSignatureFactory() |
java.lang.Iterable<SignaturePart> |
getSignatureParts() |
javax.xml.crypto.URIDereferencer |
getUriDereferencer() |
protected void |
initXmlProvider()
Initialize the xml signing environment and the bouncycastle provider
|
void |
postSign(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext,
java.lang.String signatureValue)
Helper method for adding informations after the signing.
|
org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo |
preSign(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext)
Helper method for adding informations before the signing.
|
protected void |
registerEventListener(org.w3c.dom.Document document) |
void |
setKeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory keyInfoFactory) |
void |
setOpcPackage(OPCPackage opcPackage) |
void |
setProvider(java.security.Provider provider) |
void |
setSignatureConfig(SignatureConfig signatureConfig) |
void |
setSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory signatureFactory) |
void |
setUriDereferencer(javax.xml.crypto.URIDereferencer uriDereferencer) |
java.lang.String |
signDigest(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext,
org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo signedInfo)
Sign (encrypt) the digest with the private key.
|
boolean |
verifySignature() |
protected void |
writeDocument(org.w3c.dom.Document document)
Write XML signature into the OPC package
|
public SignatureConfig getSignatureConfig()
public void setSignatureConfig(SignatureConfig signatureConfig)
signatureConfig - the signature config, needs to be set before a SignatureInfo object is usedpublic void setOpcPackage(OPCPackage opcPackage)
public OPCPackage getOpcPackage()
public javax.xml.crypto.URIDereferencer getUriDereferencer()
public void setUriDereferencer(javax.xml.crypto.URIDereferencer uriDereferencer)
public boolean verifySignature()
public void confirmSignature()
throws javax.xml.crypto.dsig.XMLSignatureException,
javax.xml.crypto.MarshalException
javax.xml.crypto.dsig.XMLSignatureException - if the signature can't be calculatedjavax.xml.crypto.MarshalException - if the document can't be serializedpublic javax.xml.crypto.dsig.dom.DOMSignContext createXMLSignContext(org.w3c.dom.Document document)
document - the document the signature is based onpublic java.lang.String signDigest(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext,
org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo signedInfo)
public java.lang.Iterable<SignaturePart> getSignatureParts()
public org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo preSign(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext)
throws javax.xml.crypto.dsig.XMLSignatureException,
javax.xml.crypto.MarshalException
confirmSignature() is sufficient to be used.javax.xml.crypto.dsig.XMLSignatureExceptionjavax.xml.crypto.MarshalExceptionprotected void registerEventListener(org.w3c.dom.Document document)
public void postSign(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext,
java.lang.String signatureValue)
throws javax.xml.crypto.MarshalException
confirmSignature() is sufficient to be used.javax.xml.crypto.MarshalExceptionprotected void writeDocument(org.w3c.dom.Document document)
throws javax.xml.crypto.MarshalException
document - the xml signature documentjavax.xml.crypto.MarshalException - if the document can't be serializedpublic void setProvider(java.security.Provider provider)
public void setSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory signatureFactory)
public javax.xml.crypto.dsig.XMLSignatureFactory getSignatureFactory()
public void setKeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory keyInfoFactory)
public javax.xml.crypto.dsig.keyinfo.KeyInfoFactory getKeyInfoFactory()
protected void initXmlProvider()
Copyright 2021 The Apache Software Foundation or its licensors, as applicable.