public class SignatureInfo
extends java.lang.Object
This class is the default entry point for XML signatures and can be used for validating an existing signed office document and signing a office document.
Validating a signed office document
OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ); SignatureConfig sic = new SignatureConfig(); sic.setOpcPackage(pkg); SignatureInfo si = new SignatureInfo(); si.setSignatureConfig(sic); boolean isValid = si.validate(); ...
Signing an office document
// loading the keystore - pkcs12 is used here, but of course jks & co are also valid // the keystore needs to contain a private key and it's certificate having a // 'digitalSignature' key usage char password[] = "test".toCharArray(); File file = new File("test.pfx"); KeyStore keystore = KeyStore.getInstance("PKCS12"); FileInputStream fis = new FileInputStream(file); keystore.load(fis, password); fis.close(); // extracting private key and certificate String alias = "xyz"; // alias of the keystore entry Key key = keystore.getKey(alias, password); X509Certificate x509 = (X509Certificate)keystore.getCertificate(alias); // filling the SignatureConfig entries (minimum fields, more options are available ...) SignatureConfig signatureConfig = new SignatureConfig(); signatureConfig.setKey(keyPair.getPrivate()); signatureConfig.setSigningCertificateChain(Collections.singletonList(x509)); OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ_WRITE); signatureConfig.setOpcPackage(pkg); // adding the signature document to the package SignatureInfo si = new SignatureInfo(); si.setSignatureConfig(signatureConfig); si.confirmSignature(); // optionally verify the generated signature boolean b = si.verifySignature(); assert (b); // write the changes back to disc pkg.close();
Implementation notes:
Although there's a XML signature implementation in the Oracle JDKs 6 and higher, compatibility with IBM JDKs is also in focus (... but maybe not thoroughly tested ...). Therefore we are using the Apache Santuario libs (xmlsec) instead of the built-in classes, as the compatibility seems to be provided there.
To use SignatureInfo and its sibling classes, you'll need to have the following libs in the classpath:
Constructor and Description |
---|
SignatureInfo() |
Modifier and Type | Method and Description |
---|---|
void |
confirmSignature()
add the xml signature to the document
(将xml签名添加到文档)
|
javax.xml.crypto.dsig.dom.DOMSignContext |
createXMLSignContext(org.w3c.dom.Document document)
Convenience method for creating the signature context
(创建签名上下文的便捷方法)
|
javax.xml.crypto.dsig.keyinfo.KeyInfoFactory |
getKeyInfoFactory() |
OPCPackage |
getOpcPackage() |
SignatureConfig |
getSignatureConfig() |
javax.xml.crypto.dsig.XMLSignatureFactory |
getSignatureFactory() |
java.lang.Iterable<SignaturePart> |
getSignatureParts() |
javax.xml.crypto.URIDereferencer |
getUriDereferencer() |
protected void |
initXmlProvider()
Initialize the xml signing environment and the bouncycastle provider
(初始化 xml 签名环境和 bouncycastle 提供程序)
|
void |
postSign(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext, java.lang.String signatureValue)
Helper method for adding informations after the signing.
(签名后添加信息的辅助方法。)
|
org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo |
preSign(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext)
Helper method for adding informations before the signing.
(签名前添加信息的辅助方法。)
|
protected void |
registerEventListener(org.w3c.dom.Document document) |
void |
setKeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory keyInfoFactory) |
void |
setOpcPackage(OPCPackage opcPackage) |
void |
setProvider(java.security.Provider provider) |
void |
setSignatureConfig(SignatureConfig signatureConfig) |
void |
setSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory signatureFactory) |
void |
setUriDereferencer(javax.xml.crypto.URIDereferencer uriDereferencer) |
java.lang.String |
signDigest(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext, org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo signedInfo)
Sign (encrypt) the digest with the private key.
(使用私钥对摘要进行签名(加密)。)
|
boolean |
verifySignature() |
protected void |
writeDocument(org.w3c.dom.Document document)
Write XML signature into the OPC package
(将 XML 签名写入 OPC 包)
|
public SignatureConfig getSignatureConfig()
public void setSignatureConfig(SignatureConfig signatureConfig)
signatureConfig
- the signature config, needs to be set before a SignatureInfo object is used
(signatureConfig - 签名配置,需要在使用 SignatureInfo 对象之前设置)
public void setOpcPackage(OPCPackage opcPackage)
public OPCPackage getOpcPackage()
public javax.xml.crypto.URIDereferencer getUriDereferencer()
public void setUriDereferencer(javax.xml.crypto.URIDereferencer uriDereferencer)
public boolean verifySignature()
public void confirmSignature() throws javax.xml.crypto.dsig.XMLSignatureException, javax.xml.crypto.MarshalException
javax.xml.crypto.dsig.XMLSignatureException
- if the signature can't be calculated
(javax.xml.crypto.dsig.XMLSignatureException - 如果无法计算签名)
javax.xml.crypto.MarshalException
- if the document can't be serialized
(javax.xml.crypto.MarshalException - 如果文档不能被序列化)
public javax.xml.crypto.dsig.dom.DOMSignContext createXMLSignContext(org.w3c.dom.Document document)
document
- the document the signature is based on
(document - 签名所依据的文档)
public java.lang.String signDigest(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext, org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo signedInfo)
public java.lang.Iterable<SignaturePart> getSignatureParts()
public org.apache.jcp.xml.dsig.internal.dom.DOMSignedInfo preSign(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext) throws javax.xml.crypto.dsig.XMLSignatureException, javax.xml.crypto.MarshalException
confirmSignature()
is sufficient to be used.
(签名前添加信息的辅助方法。通常使用 confirmSignature() 就足够了。)
javax.xml.crypto.dsig.XMLSignatureException
(javax.xml.crypto.dsig.XMLSignatureException)
javax.xml.crypto.MarshalException
(javax.xml.crypto.MarshalException)
protected void registerEventListener(org.w3c.dom.Document document)
public void postSign(javax.xml.crypto.dsig.dom.DOMSignContext xmlSignContext, java.lang.String signatureValue) throws javax.xml.crypto.MarshalException
confirmSignature()
is sufficient to be used.
(签名后添加信息的辅助方法。通常使用 confirmSignature() 就足够了。)
javax.xml.crypto.MarshalException
(javax.xml.crypto.MarshalException)
protected void writeDocument(org.w3c.dom.Document document) throws javax.xml.crypto.MarshalException
document
- the xml signature document
(document - xml 签名文档)
javax.xml.crypto.MarshalException
- if the document can't be serialized
(javax.xml.crypto.MarshalException - 如果文档不能被序列化)
public void setProvider(java.security.Provider provider)
public void setSignatureFactory(javax.xml.crypto.dsig.XMLSignatureFactory signatureFactory)
public javax.xml.crypto.dsig.XMLSignatureFactory getSignatureFactory()
public void setKeyInfoFactory(javax.xml.crypto.dsig.keyinfo.KeyInfoFactory keyInfoFactory)
public javax.xml.crypto.dsig.keyinfo.KeyInfoFactory getKeyInfoFactory()
protected void initXmlProvider()
Copyright 2021 The Apache Software Foundation or its licensors, as applicable.