Assembling the XML Signature
GENENVELOPED
E
XAMPLE
229
· A single
Transform
, the enveloped
Transform
, which is required for
enveloped signatures so that the signature itself is removed before calcu-
lating the signature value
Reference ref = fac.newReference
("", fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList
(fac.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)), null, null);
Next, we create the
SignedInfo
object, which is the object that is actually
signed, as shown below. When creating the
SignedInfo
, we pass as parameters:
· The
CanonicalizationMethod
(we use inclusive and preserve comments)
· The
SignatureMethod
(we use DSA)
· A list of
References
(in this case, only one)
SignedInfo si = fac.newSignedInfo
(fac.newCanonicalizationMethod
(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
Collections.singletonList(ref));
Next, we create the optional
KeyInfo
object, which contains information that
enables the recipient to find the key needed to validate the signature. In this
example, we add a
KeyValue
object containing the public key. To create
KeyInfo
and its various subtypes, we use a
KeyInfoFactory
object, which can be
obtained by invoking the
getKeyInfoFactory
method of the
XMLSignature-
Factory
, as follows:
KeyInfoFactory kif = fac.getKeyInfoFactory();
We then use the
KeyInfoFactory
to create the
KeyValue
object and add it to a
KeyInfo
object:
KeyValue kv = kif.newKeyValue(kp.getPublic());
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
Finally, we create the
XMLSignature
object, passing as parameters the
Signed-
Info
and
KeyInfo
objects that we created earlier:
XMLSignature signature = fac.newXMLSignature(si, ki);
