https://stackoverflow.com/questions/15334616
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianI found the solution to be very simple.
Once the document has been parsed, the following will generate an Enveloped Signature (as specified here):
// rootelem contains the root element of the parsed document
XSECProvider prov;
DSIGSignature * sig;
DOMElement * sigNode;
sig = prov.newSignature();
sigNode = sig->createBlankSignature(xercescdom, CANON_C14N_COM, SIGNATURE_HMAC, HASH_SHA1);
// append the signature node to the document's element which is being signed, here
// it is the root element
rootelem->appendChild(xercescdom->createTextNode(MAKE_UNICODE_STRING("\n")));
rootelem->appendChild(sigNode);
rootelem->appendChild(xercescdom->createTextNode(MAKE_UNICODE_STRING("\n")));
// create the envelope reference and the signing key (e.g. HMAC Key)
// set the signing key
sig->setSigningKey(hmackey);
// other steps... Serializing the rootelem will generate an XML document with Enveloped Signature
The following will generate an Enveloping Signature:
XSECProvider prov;
DSIGSignature * sig;
DOMElement * sigNode;
sig = prov.newSignature();
sigNode = sig->createBlankSignature(xercescdom, CANON_C14N_COM, SIGNATURE_HMAC, HASH_SHA1);
// append an "Object" element to the signature object
DSIGObject * object = sig->appendObject();
// in an enveloping signature, the "Object" element contains the data being signed
// so the rootelem can be appended as a child to this object element
object->appendChild(rootelem);
// AND you are done!
// now create the envelope reference and the signing key (e.g. HMAC Key)
// set the signing key
sig->setSigningKey(hmackey);
// Serializing the signature node (sigNode) will give you the required XML with Enveloping Signature.
Similarly a Detached Signature can be generated with some effort.
The above examples cover very simple cases. A little bit of effort will be required for signing multiple data items and subsets of document.
