Adding SignedDataObjects (and consequently add proofOfApproval property) to an enveloped signature

StackOverflow https://stackoverflow.com/questions/12108373

  •  28-06-2021
  •  | 
  •  

Question

I'm creating an Enveloped signature with xades4j following this statements:

Element elemToSign = doc.getDocumentElement();
XadesSigner signer = new XadesTSigningProfile(...).newSigner();
new Enveloped(signer).sign(elemToSign);

But I need to put in the signature also other properties like ProofOfApprova etc...

I see that in xades4j examples the proofOfApprovalProperties are addedto enveloped signature using different statements of signature, for example:

AllDataObjsCommitmentTypeProperty globalCommitment = AllDataObjsCommitmentTypeProperty.proofOfApproval();
CommitmentTypeProperty commitment = CommitmentTypeProperty.proofOfCreation();

DataObjectDesc obj1 = new DataObjectReference('#' + elemToSign.getAttribute("Id"))
    .withTransform(new EnvelopedSignatureTransform())
    .withDataObjectFormat(new DataObjectFormatProperty("text/xml", "MyEncoding")
    .withDescription("Isto é uma descrição do elemento raiz")
    .withDocumentationUri("http://doc1.txt")
    .withDocumentationUri("http://doc2.txt"))
    .withIdentifier("http://elem.root"))
    .withCommitmentType(commitment)
    .withDataObjectTimeStamp(dataObjsTimeStamp)

SignedDataObjects dataObjs = new SignedDataObjects(obj1)
    .withCommitmentType(globalCommitment);

signer.sign(dataObjs, elemToSign);

I see here that another procedure of signature is used, more specificately the statement in which I create a DataObjectreference saying that I use "Id" attibute fo root tag is unusable for me because in input I can have any kind of xml document and I cannot know what kind of attribute (if present) I can use foe define root tag.

Briefly, can I have some examp'le code where I create an Enveloped signature and put a proofOfApproval property using "new Enveloped(signer).sign(elemToSign);", or anyway whitout knowing the xml source structure?

Thanks

M.

Was it helpful?

Solution

The proofOfApproval property has to be applied to data objects being signed, hence the need to use the SignedDataObjects class.

The Enveloped class is just a helper for straightforward scenarios. If I understood correctly you want to sign the whole XML document. The XML-Signatures spec defines that an empty URI on a reference (URI="") means exactly that. If you check the code on the Enveloped class you'll see that it adds a DataObjectReference with an empty uri.

To sum up, you'll need something like:

DataObjectDesc obj1 = new DataObjectReference("")
    .withTransform(new EnvelopedSignatureTransform())
    .withCommitmentType(CommitmentTypeProperty.proofOfApproval());
signer.sign(new SignedDataObjects(obj1), elemToSign);
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top