en:esya:xades:kod-coklu-imza
İçindekiler
Multiple Signatures
As in paper documents, it is possible for a digital document signed by more than one person.
The samples codes listed here is in the packagetr.gov.tubitak.uekae.esya.api.xades.example.multiple.
esya.api.xmlsignature.SignedDocument.java is created to easily manage multiple signatures. Please first examine this class carefully. It simply creates a signed document in XML format, that can contain one or more signatures.
<?xml version="1.0" encoding="UTF-8" ?>
<ma3:envelope xmlns:ma3="http://uekae.tubitak.gov.tr/xml/signature#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ma3:data>
<ma3:data-item>...</ma3:data-item>
<ma3:data-item>...</ma3:data-item>
...
<ma3:data>
<ma3:signatures>
<ds:signature>...</ds:signature>
<ds:signature>...</ds:signature>
...
</ma3:signatures>
</ma3:envelope>
Parallel Signature
They are independent signature in the same document. In the code below, the data to be signed is added to the signed document first, then two parallel signatures are created.See ParallelEnveloped.
Context context = createContext();
SignedDocument signatures = new SignedDocument(context);
Document doc = Resolver.resolve("./sample.txt", context);
String fragment = signatures.addDocument(doc);
XMLSignature signature1 = signatures.createSignature();
// add document as inner reference
signature1.addDocument("#"+fragment, "text/plain", false);
signature1.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256);
// false-true gets non-qualified certificates while true-false gets qualified ones
X509Certificate cert = JSmartCardManager.getInstance().getSignatureCertificate(true, false);
// add certificate to show who signed the document
signature1.addKeyInfo(new ECertificate(cert.getEncoded()));
// now sign it by using smart card
signature1.sign(JSmartCardManager.getInstance().getSigner(PIN, cert));
XMLSignature signature2 = signatures.createSignature();
// add document as inner reference
signature2.addDocument("#"+fragment, "text/plain", false);
signature2.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256);
// add certificate to show who signed the document
signature2.addKeyInfo(new ECertificate(cert.getEncoded()));
// now sign it by using smart card
signature2.sign(JSmartCardManager.getInstance().getSigner(PIN, cert));
// write combined document
signatures.write(new FileOutputStream(BASE_DIR + SIGNATURE_FILENAME));
Here is an example for creating parallel detached signatures, signing external data. The codes are in ParallelDetached.
Context context = createContext();
SignedDocument signatures = new SignedDocument(context);
XMLSignature signature1 = signatures.createSignature();
// add document as reference, but do not embed it
// into the signature (embed=false)
signature1.addDocument("./sample.txt", "text/plain", false);
signature1.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256);
// false-true gets non-qualified certificates while true-false gets qualified ones
X509Certificate cert = JSmartCardManager.getInstance().getSignatureCertificate(true, false);
// add certificate to show who signed the document
signature1.addKeyInfo(new ECertificate(cert.getEncoded()));
// now sign it by using smart card
signature1.sign(JSmartCardManager.getInstance().getSigner(PIN, cert));
XMLSignature signature2 = signatures.createSignature();
// add document as reference, but do not embed it
// into the signature (embed=false)
signature2.addDocument("./sample.txt", "text/plain", false);
signature2.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256);
// add certificate to show who signed the document
signature2.addKeyInfo(new ECertificate(cert.getEncoded()));
// now sign it by using smart card
signature2.sign(JSmartCardManager.getInstance().getSigner(PIN, cert));
// write combined document
signatures.write(new FileOutputStream(BASE_DIR + SIGNATURE_FILENAME));
Note that the only difference is the use of reference to the data instead of the data itself in XMLSignature.
Counter Signature
It is the signature of another signature. In the example below, the creation of a counter signature over an existing signature is listed. The codes are in CounterDetached.
Context context = createContext(); // read previously created signature, you need to run Detached.java first Document doc = Resolver.resolve(Detached.SIGNATURE_FILENAME, context); XMLSignature signature = XMLSignature.parse(doc, context); // create counter signature XMLSignature counterSignature = signature.createCounterSignature(); counterSignature.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256); // false-true gets non-qualified certificates while true-false gets qualified ones X509Certificate cert = JSmartCardManager.getInstance().getSignatureCertificate(true, false); // add certificate to show who signed the document counterSignature.addKeyInfo(new ECertificate(cert.getEncoded())); // now sign it by using smart card counterSignature.sign(JSmartCardManager.getInstance().getSigner(PIN, cert)); // signature contains itself and counter signature signature.write(new FileOutputStream(BASE_DIR + SIGNATURE_FILENAME));
Now take a look at a more complex scenario in which a counter signature is added to a document that has two parallel signatures. The codes are in CounterParallel.
Context context = createContext(); // read previously created signature Document signatureFile = Resolver.resolve(ParallelDetached.SIGNATURE_FILENAME, context); SignedDocument signedDocument = new SignedDocument(signatureFile, context); // get first signature XMLSignature signature = signedDocument.getSignature(0); // create counter signature to the first one XMLSignature counterSignature = signature.createCounterSignature(); counterSignature.getSignedInfo().setSignatureMethod(SignatureMethod.RSA_SHA256); // false-true gets non-qualified certificates while true-false gets qualified ones X509Certificate cert = JSmartCardManager.getInstance().getSignatureCertificate(true, false); // add certificate to show who signed the document counterSignature.addKeyInfo(new ECertificate(cert.getEncoded())); // now sign it by using smart card counterSignature.sign(JSmartCardManager.getInstance().getSigner(PIN, cert)); // signed doc contains both previous signature and now a counter signature // in first signature signedDocument.write(new FileOutputStream(BASE_DIR + SIGNATURE_FILENAME));
Similar to the previous example,except the parallel signatures contained in the SignedDocument.
en/esya/xades/kod-coklu-imza.txt · Son değiştirilme: 2013/09/11 06:35 Değiştiren: Dindar Öz
Aksi belirtilmediği halde, bu wikinin içeriğinin telif hakları şu lisans ile korunmaktadır: CC Attribution-Share Alike 3.0 Unported
