import javax.xml.crypto.*; import javax.xml.crypto.dsig.*; import javax.xml.crypto.dom.*; import javax.xml.crypto.dsig.dom.DOMSignContext; import javax.xml.crypto.dsig.keyinfo.*; import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; import java.io.FileOutputStream; import java.io.OutputStream; import java.security.*; import java.util.Collections; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.transform.*; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; import org.w3c.dom.Document; /** * This is a simple example of generating a Detached XML * Signature using the JSR 105 API. The resulting signature will look * like (key and signature values will be different): * *

 * 
 *   
 *     
 *     
 *     
 *       
 *       60NvZvtdTB+7UnlLp/H24p7h4bs=
 *     
 *   
 *   
 *     DpEylhQoiUKBoKWmYfajXO7LZxiDYgVtUtCNyTgwZgoChzorA2nhkQ==
 *   
 *   
 *     
 *       
 *         

* rFto8uPQM6y34FLPmDh40BLJ1rVrC8VeRquuhPZ6jYNFkQuwxnu/wCvIAMhukPBL * FET8bJf/b2ef+oqxZajEb+88zlZoyG8g/wMfDBHTxz+CnowLahnCCTYBp5kt7G8q * UobJuvjylwj1st7V9Lsu03iXMXtbiriUjFa5gURasN8= *

* * kEjAFpCe4lcUOdwphpzf+tBaUds= * * * oe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOWtKXeNK9FS7dWStreDxo2 * SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTELh98mEocsLXkNh24HcH4 * BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqw= * * * pA5NnZvcd574WRXuOA7ZfC/7Lqt4cB0MRLWtHubtJoVOao9ib5ry4rTk0r6ddnOv * AIGKktutzK3ymvKleS3DOrwZQgJ+/BDWDW8kO9R66o6rdjiSobBi/0c2V1+dkqOg * jFmKz395mvCOZGhC7fqAVhHat2EjGPMfgSZyABa7+1k= * *
*
*
*
*
*/ public class GenDetached { // // Synopsis: java GenDetached [output] // // where output is the name of the file that will contain the detached // signature. If not specified, standard output is used. // public static void main(String[] args) throws Exception { // First, create a DOM XMLSignatureFactory that will be used to // generate the XMLSignature and marshal it to DOM. XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); // Create a Reference to an external URI that will be digested // using the SHA1 digest algorithm Reference ref = fac.newReference("http://www.w3.org/TR/xml-stylesheet", fac.newDigestMethod(DigestMethod.SHA1, null)); // Create the SignedInfo SignedInfo si = fac.newSignedInfo( fac.newCanonicalizationMethod (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null), Collections.singletonList(ref)); // Create a DSA KeyPair KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); kpg.initialize(512); KeyPair kp = kpg.generateKeyPair(); // Create a KeyValue containing the DSA PublicKey that was generated KeyInfoFactory kif = fac.getKeyInfoFactory(); KeyValue kv = kif.newKeyValue(kp.getPublic()); // Create a KeyInfo and add the KeyValue to it KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); // Create the XMLSignature (but don't sign it yet) XMLSignature signature = fac.newXMLSignature(si, ki); // Create the Document that will hold the resulting XMLSignature DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); // must be set Document doc = dbf.newDocumentBuilder().newDocument(); // Create a DOMSignContext and set the signing Key to the DSA // PrivateKey and specify where the XMLSignature should be inserted // in the target document (in this case, the document root) DOMSignContext signContext = new DOMSignContext(kp.getPrivate(), doc); // Marshal, generate (and sign) the detached XMLSignature. The DOM // Document will contain the XML Signature if this method returns // successfully. signature.sign(signContext); // output the resulting document OutputStream os; if (args.length > 0) { os = new FileOutputStream(args[0]); } else { os = System.out; } TransformerFactory tf = TransformerFactory.newInstance(); Transformer trans = tf.newTransformer(); trans.transform(new DOMSource(doc), new StreamResult(os)); } }