Search code examples
xmlsecxades4j

Adding SignedDataObjects (and consequently add proofOfApproval property) to an enveloped signature


I'm creating an Enveloped signature with xades4j following this statements:

Element elemToSign = doc.getDocumentElement();
XadesSigner signer = new XadesTSigningProfile(...).newSigner();
new Enveloped(signer).sign(elemToSign);

But I need to put in the signature also other properties like ProofOfApprova etc...

I see that in xades4j examples the proofOfApprovalProperties are addedto enveloped signature using different statements of signature, for example:

AllDataObjsCommitmentTypeProperty globalCommitment = AllDataObjsCommitmentTypeProperty.proofOfApproval();
CommitmentTypeProperty commitment = CommitmentTypeProperty.proofOfCreation();

DataObjectDesc obj1 = new DataObjectReference('#' + elemToSign.getAttribute("Id"))
    .withTransform(new EnvelopedSignatureTransform())
    .withDataObjectFormat(new DataObjectFormatProperty("text/xml", "MyEncoding")
    .withDescription("Isto é uma descrição do elemento raiz")
    .withDocumentationUri("http://doc1.txt")
    .withDocumentationUri("http://doc2.txt"))
    .withIdentifier("http://elem.root"))
    .withCommitmentType(commitment)
    .withDataObjectTimeStamp(dataObjsTimeStamp)

SignedDataObjects dataObjs = new SignedDataObjects(obj1)
    .withCommitmentType(globalCommitment);

signer.sign(dataObjs, elemToSign);

I see here that another procedure of signature is used, more specificately the statement in which I create a DataObjectreference saying that I use "Id" attibute fo root tag is unusable for me because in input I can have any kind of xml document and I cannot know what kind of attribute (if present) I can use foe define root tag.

Briefly, can I have some examp'le code where I create an Enveloped signature and put a proofOfApproval property using "new Enveloped(signer).sign(elemToSign);", or anyway whitout knowing the xml source structure?

Thanks

M.


Solution

  • The proofOfApproval property has to be applied to data objects being signed, hence the need to use the SignedDataObjects class.

    The Enveloped class is just a helper for straightforward scenarios. If I understood correctly you want to sign the whole XML document. The XML-Signatures spec defines that an empty URI on a reference (URI="") means exactly that. If you check the code on the Enveloped class you'll see that it adds a DataObjectReference with an empty uri.

    To sum up, you'll need something like:

    DataObjectDesc obj1 = new DataObjectReference("")
        .withTransform(new EnvelopedSignatureTransform())
        .withCommitmentType(CommitmentTypeProperty.proofOfApproval());
    signer.sign(new SignedDataObjects(obj1), elemToSign);