public class SignatureInfo extends Object implements SignatureConfig.SignatureConfigurable
This class is the default entry point for XML signatures and can be used for validating an existing signed office document and signing a office document.
Validating a signed office document
OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ); SignatureConfig sic = new SignatureConfig(); sic.setOpcPackage(pkg); SignatureInfo si = new SignatureInfo(); si.setSignatureConfig(sic); boolean isValid = si.validate(); ...
Signing an office document
// loading the keystore - pkcs12 is used here, but of course jks & co are also valid // the keystore needs to contain a private key and it's certificate having a // 'digitalSignature' key usage char password[] = "test".toCharArray(); File file = new File("test.pfx"); KeyStore keystore = KeyStore.getInstance("PKCS12"); FileInputStream fis = new FileInputStream(file); keystore.load(fis, password); fis.close(); // extracting private key and certificate String alias = "xyz"; // alias of the keystore entry Key key = keystore.getKey(alias, password); X509Certificate x509 = (X509Certificate)keystore.getCertificate(alias); // filling the SignatureConfig entries (minimum fields, more options are available ...) SignatureConfig signatureConfig = new SignatureConfig(); signatureConfig.setKey(keyPair.getPrivate()); signatureConfig.setSigningCertificateChain(Collections.singletonList(x509)); OPCPackage pkg = OPCPackage.open(..., PackageAccess.READ_WRITE); signatureConfig.setOpcPackage(pkg); // adding the signature document to the package SignatureInfo si = new SignatureInfo(); si.setSignatureConfig(signatureConfig); si.confirmSignature(); // optionally verify the generated signature boolean b = si.verifySignature(); assert (b); // write the changes back to disc pkg.close();
Implementation notes:
Although there's a XML signature implementation in the Oracle JDKs 6 and higher, compatibility with IBM JDKs is also in focus (... but maybe not thoroughly tested ...). Therefore we are using the Apache Santuario libs (xmlsec) instead of the built-in classes, as the compatibility seems to be provided there.
To use SignatureInfo and its sibling classes, you'll need to have the following libs in the classpath:
Constructor and Description |
---|
SignatureInfo()
Constructor initializes xml signature environment, if it hasn't been initialized before
|
Modifier and Type | Method and Description |
---|---|
void |
confirmSignature()
add the xml signature to the document
|
DOMSignContext |
createXMLSignContext(Document document)
Convenience method for creating the signature context
|
SignatureConfig |
getSignatureConfig() |
Iterable<SignaturePart> |
getSignatureParts() |
void |
postSign(DOMSignContext xmlSignContext,
String signatureValue)
Helper method for adding informations after the signing.
|
DOMSignedInfo |
preSign(DOMSignContext xmlSignContext)
Helper method for adding informations before the signing.
|
void |
setSignatureConfig(SignatureConfig signatureConfig) |
String |
signDigest(DOMSignContext xmlSignContext,
DOMSignedInfo signedInfo)
Sign (encrypt) the digest with the private key.
|
boolean |
verifySignature() |
public SignatureInfo()
public SignatureConfig getSignatureConfig()
public void setSignatureConfig(SignatureConfig signatureConfig)
setSignatureConfig
in interface SignatureConfig.SignatureConfigurable
signatureConfig
- the signature config, needs to be set before a SignatureInfo object is usedpublic boolean verifySignature()
public void confirmSignature() throws XMLSignatureException, MarshalException
public DOMSignContext createXMLSignContext(Document document)
document
- the document the signature is based onpublic String signDigest(DOMSignContext xmlSignContext, DOMSignedInfo signedInfo)
digest
- the hashed inputpublic Iterable<SignaturePart> getSignatureParts()
public DOMSignedInfo preSign(DOMSignContext xmlSignContext) throws XMLSignatureException, MarshalException
confirmSignature()
is sufficient to be used.public void postSign(DOMSignContext xmlSignContext, String signatureValue) throws MarshalException
confirmSignature()
is sufficient to be used.MarshalException
Copyright © 2010 - 2020 Adobe. All Rights Reserved