1

使用 Apache XML 安全库 (xsec) 版本 3.1.1 实现封装和分离签名的正确方法是什么?

我正在寻找一些好的例子,但找不到。apache网站也列出了一个示例,但它仅用于创建信封签名。

4

1 回答 1

0

我发现解决方案非常简单。

一旦文档被解析,以下将生成一个信封签名(如此指定):

// rootelem contains the root element of the parsed document
XSECProvider    prov;
DSIGSignature * sig;
DOMElement    * sigNode;

sig = prov.newSignature();
sigNode = sig->createBlankSignature(xercescdom, CANON_C14N_COM, SIGNATURE_HMAC, HASH_SHA1);

// append the signature node to the document's element which is being signed, here
// it is the root element
rootelem->appendChild(xercescdom->createTextNode(MAKE_UNICODE_STRING("\n")));
rootelem->appendChild(sigNode);
rootelem->appendChild(xercescdom->createTextNode(MAKE_UNICODE_STRING("\n")));

// create the envelope reference and the signing key (e.g. HMAC Key)
// set the signing key

sig->setSigningKey(hmackey);

// other steps... Serializing the rootelem will generate an XML document with Enveloped Signature

以下将生成一个信封签名:

XSECProvider    prov;
DSIGSignature * sig;
DOMElement    * sigNode;

sig = prov.newSignature();
sigNode = sig->createBlankSignature(xercescdom, CANON_C14N_COM, SIGNATURE_HMAC, HASH_SHA1);

// append an "Object" element to the signature object
DSIGObject * object = sig->appendObject();
// in an enveloping signature, the "Object" element contains the data being signed
// so the rootelem can be appended as a child to this object element
object->appendChild(rootelem);

// AND you are done!
// now create the envelope reference and the signing key (e.g. HMAC Key)
// set the signing key

sig->setSigningKey(hmackey);

// Serializing the signature node (sigNode) will give you the required XML with Enveloping Signature.

类似地,可以通过一些努力生成分离签名。

上面的例子涵盖了非常简单的情况。签署多个数据项和文档子集需要一些努力。

于 2013-03-13T07:02:49.620 回答