İçindekiler

Signature Structures

The sample codes are in the package tr.gov.tubitak.uekae.esya.api.xades.example.structures.

Detached Signature

It is the signature where the signed data is separate from the signature document. The code is in Detached. 

// create context with working directory
Context context = createContext();

// create signature according to context,
// with default type (XADES_BES)
XMLSignature signature = new XMLSignature(context);

// add document as reference, but do not embed it
// into the signature (embed=false)
signature.addDocument("./sample.txt", "text/plain", false);

signature.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256);

// false-true gets non-qualified certificates while true-false gets qualified ones
X509Certificate cert = JSmartCardManager.getInstance().getSignatureCertificate(true, false);

// add certificate to show who signed the document
signature.addKeyInfo(new ECertificate(cert.getEncoded()));

// now sign it by using smart card
signature.sign(JSmartCardManager.getInstance().getSigner(PIN, cert));

signature.write(new FileOutputStream(BASE_DIR + SIGNATURE_FILENAME));

Enveloping Signature

It is the signature where the signed data is in the signature document. The code is in Enveloping. 

// create context with working directory
Context context = createContext();

// create signature according to context,
// with default type (XADES_BES)
XMLSignature signature = new XMLSignature(context);

// add document as reference, and keep BASE64 version of data
// in an <Object tag, in a way that reference points to
// that <Object
// (embed=true)
signature.addDocument("./sample.txt", "text/plain", true);

signature.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256);

// false-true gets non-qualified certificates while true-false gets qualified ones
X509Certificate cert = JSmartCardManager.getInstance().getSignatureCertificate(true, false);

// add certificate to show who signed the document
signature.addKeyInfo(new ECertificate(cert.getEncoded()));

// now sign it by using smart card
signature.sign(JSmartCardManager.getInstance().getSigner(PIN, cert));

signature.write(new FileOutputStream(BASE_DIR + SIGNATURE_FILENAME));

Enveloped Signature

It is the signature where the signature is in the signed data. 

// here is our custom envelope XML
Document envelopeDoc = newEnvelope();


// create context with working directory
Context context = createContext();

// define where signature belongs to
context.setDocument(envelopeDoc);


// create signature according to context,
// with default type (XADES_BES)
XMLSignature signature = new XMLSignature(context, false);

// attach signature to envelope
envelopeDoc.getDocumentElement().appendChild(signature.getElement());

// add document as reference,
signature.addDocument("#data1", "text/xml", false);

signature.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256);

// false-true gets non-qualified certificates while true-false gets qualified ones
X509Certificate cert = JSmartCardManager.getInstance().getSignatureCertificate(true, false);

// add certificate to show who signed the document
signature.addKeyInfo(new ECertificate(cert.getEncoded()));

// now sign it by using smart card
signature.sign(JSmartCardManager.getInstance().getSigner(PIN, cert));


// this time we do not use signature.write because we need to write
// whole document instead of signature
Source source = new DOMSource(envelopeDoc);
Transformer transformer = TransformerFactory.newInstance().newTransformer();

// write to file
transformer.transform(source, new StreamResult(new FileOutputStream(BASE_DIR + SIGNATURE_FILENAME)));

Transformed Enveloped Signature

It is created by adding the method transform to an enveloped signature. The code is in EnvelopedTransform. 

Document envelopeDoc = newEnvelope();

Context context = createContext();
context.setDocument(envelopeDoc);

XMLSignature signature = new XMLSignature(context, false);

// attach signature to envelope
envelopeDoc.getDocumentElement().appendChild(signature.getElement());

Transforms transforms = new Transforms(context);
transforms.addTransform(new Transform(context, TransformType.ENVELOPED.getUrl()));

// add whole document(="") with envelope transform, with SHA256
// and don't include it into signature(false)
signature.addDocument("", "text/xml", transforms, DigestMethod.SHA_256, false);

signature.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256);

// false-true gets non-qualified certificates while true-false gets qualified ones
X509Certificate cert = JSmartCardManager.getInstance().getSignatureCertificate(true, false);

// add certificate to show who signed the document
signature.addKeyInfo(new ECertificate(cert.getEncoded()));

// now sign it by using smart card
signature.sign(JSmartCardManager.getInstance().getSigner(PIN, cert));


Source source = new DOMSource(envelopeDoc);
Transformer transformer = TransformerFactory.newInstance().newTransformer();

// write to file
transformer.transform(source, new StreamResult(new FileOutputStream(BASE_DIR + SIGNATURE_FILENAME)));