Examples
for Using Digital Signatures
Digitally Signing a
Document
The following
examples show how to digitally sign a document using the digital signature
interfaces for XML. The data to sign is contained in the file input.xml. The private key used to sign is located in the
DEFAULT keystore view, under the alias sign_test.
Creating
an Object From the Data
Before you can sign
the data, you must create an object using the interface ISsfData as shown in the example below.
Code Example for
Creating an Object for the Data to Sign
// open test data file
FileInputStream fis = null;
try {
fis = new FileInputStream("input.xml");
} catch (FileNotFoundException e) {
System.out.println("Error while opening input file "+e);
System.exit(1);
}
// create object of ssf data
ISsfData data = null;
try {
data = new SsfDataXML(fis);
} catch (Exception e) {
System.out.println("Error while reading input file "+e);
System.exit(1);
}
|
Obtaining
the Profile and Signing the Data
Once you have an
object for the data, you must obtain the private key to use for signing, which
is contained in the designated profile. The example below shows how to obtain
the profile, which is stored in the DEFAULT keystore view, alias sign_test. It also shows how to use the sign method to sign the data. It writes the signed data
to the file output.xml.
Code Example for
Obtaining the Profile and Signing the Data
// get profile from keystore service of AS
Java
InitialContext ctx = ctx = new InitialContext();
Object o = (Object) ctx.lookup("keystore");
KeystoreManager manager = (KeystoreManager) o;
keyStore = manager.getKeystore("DEFAULT");
String alias = "sign_test";
try {
profile = new SsfProfileKeyStore(keyStore, alias, null);
} catch (Exception e) {
throw new SecurityException("Error while accessing keystore "+e);
}
// sign the data
try {
res = data.sign(profile);
} catch (SsfInvalidKeyException e) {
System.out.println("Error while signing data "+e);
System.exit(1);
}
if (!res) {
System.out.println("Creation of signature failed");
System.exit(1);
}
// write the signed data
FileOutputStream fos = null;
try {
fos = new FileOutputStream("output.xml");
data.writeTo(fos);
} catch (Exception e) {
System.out.println("Error while opening output file "+e);
System.exit(1);
}
System.out.println("Created output file OK");
|
Verifying the Digital
Signature
The following
example shows how to verify a digital signature. The signed data is contained
in the file output.xml. First, we create an object for this data.
Then, we obtain the public address book, which is also located in the keystore
view DEFAULT, alias verify_test. The public address book contains the
public-key certificate belonging to the signer that is used to verify. Then,
we show how to use the verify method to verify the digital signature.
Code Example for
Obtaining the Profile and Signing the Data
// open signed data file
FileInputStream fis = null;
try {
fis = new FileInputStream("output.xml");
} catch (FileNotFoundException e) {
System.out.println("Error while opening signed file "+e);
System.exit(1);
}
// create object of ssf data
ISsfData data = null;
try {
data = new SsfDataXML(fis);
} catch (Exception e) {
System.out.println("Error while reading signed file "+e);
System.exit(1);
}
// get pab from keystore service of AS
Java
InitialContext ctx = new InitialContext();
Object o = (Object) ctx.lookup("keystore");
KeystoreManager manager = (KeystoreManager) o;
keyStore = manager.getKeystore("DEFAULT");
String alias = "verify_test";
try {
pab = new SsfPabKeyStore(keyStore);
} catch (Exception e) {
throw new SecurityException("Error while accessing keystore "+e);
}
// verify the data
SsfSigRcpList signer = new SsfSigRcpList();
try {
res = data.verify(pab,signer);
} catch (SsfInvalidDataException e) {
System.out.println("Error while verifying data "+e);
System.exit(1);
}
// print result of verification
if (res) {
System.out.println("Verification of data OK");
if (signer.get(0).rc == SsfSigRcpInfo.SSF_OK) {
X509Certificate cert = signer.get(0).cert;
System.out.println("Signer: "+cert.getSubjectDN().getName());
}
} else {
System.out.println("Verification of data FAILED");
}
|