santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Heiner Westphal <Heiner.Westp...@verit.de>
Subject Re: enveloping signature
Date Tue, 01 Feb 2005 17:16:05 GMT
Axelle,

see my comments below.

Axelle wrote:
> Thanks very much for your reply. It actually answers
> my next post too :-)
> 
> So, the way to do it is to use importNode() ?
> However, I'm not really sure to understand the way it
> works:
> 
> 
>>        Document signedDoc =
>>documentBuilder.newDocument();
> 
> 
> Okay, we create the Document object for the signed
> document.
> 
> 
>>        XMLSignature sig = new
>>XMLSignature(signedDoc, baseUri, signatureMethod);
> 
> 
> We initialize the ds:Signature object.
> 
> 
>>        signedDoc.appendChild(sig.getElement());
> 
> 
> We add this so that the signed document includes the
> ds:Signature.
> 
> 
>>        ObjectContainer obj = new
>>ObjectContainer(signedDoc);
> 
> 
> We build a ds:Object object on the signed doc ?? there
> I don't get it... shouldn't the object container
> contain the document to sign (and not the signed
> document).
The <ds:SignedInfo> is signed as well, so this constructor puts
a reference on the enclosing document somewhere to get there later.
This is what I understood when scanning the code. Raul or Berin will
know for sure I guess.
> 
> 
>>signedDoc.importNode(doc.getDocumentElement(),
>>deepCopy);
> 
> 
> Not so sure about this either: we add the document to
> sign in the signed document. Why do we do this ? I
> would have expected to import the ds:Object (which
> contains the document to sign) but not the document to
> sign directly.
The importNode(...) just changes the document a node belongs to.
That is. Make a copy of doc's root element belong to signedDoc.
Javadoc of importNode(...) says: "
  Imports a node from another document to this document. The returned 
node has no parent;
  (parentNode is null). The source node is not altered or removed from 
the original document; this
  method creates a new copy of the source node.
"

In safe distance of xmlsec, I use dom4j to handle XML, because that is
less surprising than the org.w3c.dom stuff.
But xmlsecurity has to use the org.w3c interfaces IIRC.
> 
> 
> 
>>        sig.appendObject(obj);
> 
> 
> We make sure the signature will sign the ds:Object.
> 
> 
>>        sig.sign(privateKey);
> 
> 
> At last, we sign.
> 
> Best regards,
> Axelle.
> 
BTW. my starting point were the examples and test harness classes of
xmlsecurity. There is an
org...samples.signature.CreateEnvelopingSignature.java.

Regards,

Heiner

Mime
View raw message