Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

Java XML Digital Signature API, how to sign different files

843811May 12 2009 — edited Jul 14 2009
Hello,
I need to sign several files: binary and/or xml (in some cases just part of xml), and to implement digitla signatures in xAdes standard. So I'm looking to use Java XML Digital signature API, but can't find any examples, that would cover issues I encountered:

How to sign binary file?
Just to sign some simple "aaa.png" file and have it's signature in XML. How in right way to create referece?
(should it be something like: Reference ref = fac.newReference("aaa.png", fac.newDigestMethod(DigestMethod.SHA1, null), null, null, null); )

And how to pass file for signing? what to add/change to this code:
Document doc = dbf.newDocumentBuilder().parse(new FileInputStream("aaa.png"));
DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
(I have only found some information about needing to "dereference" or so - but no examples, how to make things work.)

How to sing several different files?
As I wrote before, several files needs to be signed, but in all examples, it's only one Document object (and only one file), how/where to add more files and if API will be capable to deal with such thing?

In one of examples what I have to achive was such code:
<Reference URI="aaa.png" xmlns="http://www.w3.org/2000/09/xmldsig#">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>8rl/xzjAnE4yQQ2LTBvFTU2JH+c=</DigestValue>
</Reference>

If I do write code like: "fac.newReference("aaa.png", <...> );
I'll get an error during signing: signature.sign(dsc);
*"java.net.MalformedURLException: no protocol: aaa.png"*
How to avoid this?

Also, from exmaple (what to reach) above:
<Reference URI="aaa.png" xmlns="http://www.w3.org/2000/09/xmldsig#">
There is additional attribute "xmlns=<...>" - the question is if it is possible to add it by XMLSignatureFactory.newReference ?

Java API adds a lot of prefixes "ds:" , like:
<...>
<ds:Reference URI="file:/D:/try5/SignableMetadata0.xml">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</ds:Transforms>
<...>

Is it possible to avoid them?

Any help on any of these questions would be very appreciated
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on Aug 11 2009
Added on May 12 2009
#other-security-apis-tools-and-issues
11 comments
1,942 views