[Fwd: [jdom-interest] Signing a JDOM Document]
Per Norrman
per.norrman at austers.se
Wed Dec 1 13:26:01 PST 2004
Alistair Young wrote:
> short of writing a JDOM version of XMLSignature, I can't think of any
> other way to do it.
> Alistair
>
Ahem,
I have a half-baked, probably-will-not-ever-finish project, that
I called jdom-dsig. I started it mainly because I wanted to learn
more about the Java security API; I really never had any 'business'
use case for it.
However, pieces of it actually works, such that you can easily sign
and verify the basic-basic stuff. Short, concise code was a primary
design objective:
Verifying:
Document doc = new SAXBuilder().build(...);
XMLSignature sig = XMLSignature.buildFrom(doc);
boolean result = sig.verify();
Enveloped signature with defaults:
Document doc = new Document(...);
PublicKey publicKey = ...
PrivateKey privateKey = ...
KeyPair keyPair = new KeyPair(publicKey, privateKey);
XMLSignature.signEnveloped(doc, keyPair);
A detached signature:
Document doc = ...
Element e = new Element("xyzzy");
Attribute a = new Attribute("id", "dent", Attribute.ID_TYPE);
e.setAttribute(a);
...
XMLSignature sig = new XMLSignature();
Reference ref = Reference.createFor(e, Identifier.DIGEST_SHA1);
ref.addTransform(Transform.newInstance(Transform.C14N_EXC));
sig.addReference(ref);
sig.addPublicKey(publicKey);
doc.getRootElement().addContent(sig.getElement());
sig.sign(privateKey);
Lots and lots of stuff is missing in order to comply to the entire
spec. If anyone is interested in the code, I'll give it away free to use for
anything, anywhere by anyone.
/pmn
More information about the jdom-interest
mailing list