advertisement
javaboutique
Search Tips
Articles  |   Tutorials  |   Reviews  |   Tools  |   by Category  |   by Date  |   by Name  |   Submit  |   Source  |   Forums  |  
javaboutique
Browse DevX


Partners & Affiliates


advertisement

Tutorials : Tighten Data Security with the Java XML Digital Signature API :

Generate an Enveloping XML Signature

An enveloping XML signature signs data that is inside the <Signature> element itself.

Developing an enveloping XML signature is also pretty much the same as on Page 2. In this case, however, the URI passed to the Reference object must indicate data inside the <Signature> object. Listing 5 shows an application that proves an enveloping XML signature. 

<?xml version="1.0" encoding="UTF-8" standalone=
"no"?><Signature xmlns=
"http://www.w3.org/2000/09/xmldsig#">
<SignedInfo><CanonicalizationMethod Algorithm=
"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#object"><DigestMethod Algorithm=
"http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>y85+7ckjeb4JvGJnD81UiTLh1k8=</DigestValue>
</Reference></SignedInfo><SignatureValue>
Isi06fnZ69O4kMOMwfI6lq2MWO5GFZU8hb77Bs9VRf6HjbhP+HuJ7peYzwus03eLSFEgy/4wwcua
Ge3kt92uCA==
</SignatureValue><KeyInfo><KeyValue>
<RSAKeyValue><Modulus>
kvoOQ/jfN0hGlxYjn9uZ0LwUL5DF2v2ayAUg3P/DwhO0T/8MvYeynNoTC0zHj+518Slo2XFk8TFW
4BYZdcTraw==</Modulus><Exponent>AQAB</Exponent>
</RSAKeyValue></KeyValue></KeyInfo>
<Object Id="object">This is a text node...
</Object></Signature>

Validate an XML Signature

To validate an XML signature, follow these steps:
  1. Find the <Signature> Element: A common way to do this is to use DOM to extract the corresponding Document object and then call the getElementsByTagNameNS method.

  2. Create a DOMValidateContext Object: First, obtain a KeySelector object. Next, pass the KeySelector and a reference to the <Signature> element to the DOMValidateContext constructor.

  3. Unmarshal the Signature: Call the XMLSignatureFactory.unmarshalXMLSignature method and pass to it the DOMValidateContext object.

  4. Validate the Signature: Call the XMLSignature.validate method by passing to it the DOMValidateContext instance. This method will return the success/insuccess of the validation process into a boolean value.
Step 2 mentions the KeySelector object. You need to know that KeySelector is an abstract class used for finding a key using the data managed by a KeyInfo object. Implementing this class isn't easy and there are many methods of doing so, depending on your needs. Listing 6 and Listing 7 demonstrate two simple implementations of this class.

Note: In order to preserve the content of your data, enable the reference caching for DOMValidateContext. To do this, set the javax.xml.crypto.dsig.cacheReference property to Boolean.TRUE. The content of data may be altered by transforms before it is signed.

Listing 6, ValidateXMLSignature.java, is applicable to XML signatures generated by using the KeyPairGenerator class.

Listing 7, ValidateXMLSignatureCertificate.java is applicable to XML signatures generated by using X509 certificates (do not use this example in production without making it more secure).

What You Need to Get Started

By studying these examples, you can gain enough knowledge to not only develop a skeleton for an application based on XML signatures, but also to generate and validate those signatures. Of course, to create a commercial application that's ready to deal with all the possible security problems, you'll need to get deeper into this API and its possibilities.

Home / Articles / Tighten Data Security with the Java XML Digital Signature API / 1 / 2 / 3 / 4 /

How to Add Java Applets to Your Site

New on the Java Boutique:

New Review:

Time Management Made Easy with the Quartz Enterprise Job Scheduler
Why not just use the Java timer API? This open source scheduling API boasts simplicity, ease-of-integration, a well-rounded feature set, and it's free!

New Applet:

Reverse Complement
Reverse Complement is a simple applet that converts DNA or RNA sequences into three useful formats.

Elsewhere on internet.com:

WebDeveloper Java
Lots of Java information on webdeveloper.com

WDVL Java
Thorough Java resource at the Web Developer's Virtual Library.

ScriptSearch Java
Hundreds of free Java code files to download.

jGuru: Your View of the Java Universe
Customizable portal with online training, FAQs, regular news updates, and tutorials.

 Avaya DevConnect Center
 Service Component Architecture/Service Data Objects Solution Center
 Intel Go Parallel Portal
 Internet.com eBook Library
 IBM Software Construction Toolbox
 Microsoft RIA Development Center
 Destination .NET
XML error: not well-formed (invalid token) at line 53
advertisement
Receive Articles via our XML/RSS feed
Receive Articles via our XML/RSS feed

JavaBytes
Internet Cyclone
This powerful, easy-to-use, internet optimizer is for Windows 95, 98, ME, NT, 2000 and XP. It's designed to automatically optimize your Windows settings, boosting your Internet connection up to 200%.

Latest Linux Hits Networking Flaws
Metasploit 3.2 Offers More 'Evil Deeds'
'Thank You Apple. Seriously.'
The Buzz: BlackBerry App Store Seen Next
Is .NET on Linux Finally Ready?
Red Hat Takes on HPC Market, Microsoft
Python's New Release Bridges the Gap
No Flash Seen on iPhone Horizon
Apple Yields to Complaints Over iPhone NDA
Microsoft Shows Some Ankle With Visual Studio

Use Explicit Conversion Functions to Avert Reckless Implicit Conversions
Polyglot Programming: Building Solutions by Composing Languages
Automated testing for .NET by Ben Hall
"Supply Chain" SOA with SKOS
Service Component Architecture in Real Life
C++Ox: The Dawning of a New Standard
Getting Started with Virtualization
Master Complex Builds with MSBuild
eCryptfs: Single-File Encryption in Linux
CCXML in Action: A CCXML Auto Attendant

Advertising Info  |   Member Services  |   Contact Us  |   Help  |   Feedback  |   Site Map  |   Network Map  |   About



JupiterOnlineMedia

internet.comearthweb.comDevx.commediabistro.comGraphics.com

Search:

Jupitermedia Corporation has two divisions: Jupiterimages and JupiterOnlineMedia

Jupitermedia Corporate Info


Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Advertise | Newsletters | Tech Jobs | Shopping | E-mail Offers
Solutions
Whitepapers and eBooks
IBM Whitepaper: Innovative Collaboration to Advance Your Business
Internet.com eBook: Real Life Rails
Avaya Article: Call Control XML - Powerful, Standards-Based Call Control
Tripwire Whitepaper: Seven Practical Steps to Mitigate Virtualization Security Risks
Internet.com eBook: The Pros and Cons of Outsourcing
Go Parallel Article: Scalable Parallelism with Intel(R) Threading Building Blocks
Internet.com eBook: Best Practices for Developing a Web Site
IBM CXO Whitepaper: The 2008 Global CEO Study "The Enterprise of the Future"
Avaya Article: Call Control XML in Action - A CCXML Auto Attendant
Go Parallel Article: James Reinders on the Intel Parallel Studio Beta Program
IBM CXO Whitepaper: Unlocking the DNA of the Adaptable Workforce--The Global Human Capital Study 2008
Adobe Acrobat Connect Pro: Web Conferencing and eLearning Whitepapers
Go Parallel Article: Getting Started with TBB on Windows
HP eBook: Storage Networking , Part 1
MORE WHITEPAPERS, EBOOKS, AND ARTICLES
Webcasts
Go Parallel Video: Intel(R) Threading Building Blocks: A New Method for Threading in C++
HP Video: Is Your Data Center Ready for a Real World Disaster?
Microsoft Partner Portal Video: Microsoft Gold Certified Partners Build Successful Practices
HP On Demand Webcast: Virtualization in Action
Go Parallel Video: Performance and Threading Tools for Game Developers
 Rackspace Hosting Center: Customer Videos
Intel vPro Developer Virtual Bootcamp
HP Disaster-Proof Solutions eSeminar
HP On Demand Webcast: Discover the Benefits of Virtualization
MORE WEBCASTS, PODCASTS, AND VIDEOS
Downloads and eKits
Microsoft Download: Silverlight 2 Software Development Kit Beta 2
30-Day Trial: SPAMfighter Exchange Module
Red Gate Download: SQL Toolbelt
Iron Speed Designer Application Generator
Microsoft Download: Silverlight 2 Beta 2 Runtime
MORE DOWNLOADS, EKITS, AND FREE TRIALS
Tutorials and Demos
IBM IT Innovation Article: Green Servers Provide a Competitive Advantage
Microsoft Article: Expression Web 2 for PHP Developers--Simplify Your PHP Applications
 Featured Algorithm: Intel Threading Building Blocks - parallel_reduce
MORE TUTORIALS, DEMOS AND STEP-BY-STEP GUIDES