Examples for Using Digital Signatures
Digitally Signing a Document
The following examples show how to digitally sign a document using the digital signature interfaces for XML. The data to sign is contained in the file input.xml . The private key used to sign is located in the DEFAULT keystore view, under the alias sign_test .
Creating an Object From the Data
Before you can sign the data, you must create an object using the interface ISsfData as shown in the example below.
Code Example for Creating an Object for the Data to Sign
// open test data file
FileInputStream fis = null;
try {
fis = new FileInputStream("input.xml");
} catch (FileNotFoundException e) {
System.out.println("Error while opening input file " + e);
System.exit(1);
}
// create object of ssf data
ISsfData data = null;
try {
data = new SsfDataXML(fis);
} catch (Exception e) {
System.out.println("Error while reading input file " + e);
System.exit(1);
}
Obtaining the Profile and Signing the Data
Once you have an object for the data, you must obtain the private key to use for signing, which is contained in the designated profile. The example below shows how to obtain the profile, which is stored in the DEFAULT keystore view, alias sign_test . It also shows how to use the sign method to sign the data. It writes the signed data to the file output.xml .
Code Example for Obtaining the Profile and Signing the Data
// get profile from keystore service of AS Java
InitialContext ctx = ctx = new InitialContext();
Object o = (Object) ctx.lookup("keystore");
KeystoreManager manager = (KeystoreManager) o;
keyStore = manager.getKeystore("DEFAULT");
String alias = "sign_test";
try {
profile = new SsfProfileKeyStore(keyStore, alias, null);
} catch (Exception e) {
throw new SecurityException("Error while accessing keystore " + e);
}
// sign the data
try {
res = data.sign(profile);
} catch (SsfInvalidKeyException e) {
System.out.println("Error while signing data " + e);
System.exit(1);
}
if (!res) {
System.out.println("Creation of signature failed");
System.exit(1);
}
// write the signed data
FileOutputStream fos = null;
try {
fos = new FileOutputStream("output.xml");
data.writeTo(fos);
} catch (Exception e) {
System.out.println("Error while opening output file " + e);
System.exit(1);
}
System.out.println("Created output file OK");
Verifying the Digital Signature
The following example shows how to verify a digital signature. The signed data is contained in the file output.xml . First, we create an object for this data. Then, we obtain the public address book, which is also located in the keystore view DEFAULT , alias verify_test . The public address book contains the public-key certificate belonging to the signer that is used to verify. Then, we show how to use the verify method to verify the digital signature.
Code Example for Obtaining the Profile and Signing the Data
// open signed data file
FileInputStream fis = null;
try {
fis = new FileInputStream("output.xml");
} catch (FileNotFoundException e) {
System.out.println("Error while opening signed file " + e);
System.exit(1);
} // create object of ssf data
ISsfData data = null;
try {
data = new SsfDataXML(fis);
} catch (Exception e) {
System.out.println("Error while reading signed file " + e);
System.exit(1);
}
// get pab from keystore service of AS Java
InitialContext ctx = new InitialContext();
Object o = (Object) ctx.lookup("keystore");
KeystoreManager manager = (KeystoreManager) o;
keyStore = manager.getKeystore("DEFAULT");
String alias = "verify_test";
try {
pab = new SsfPabKeyStore(keyStore);
} catch (Exception e) {
throw new SecurityException("Error while accessing keystore " + e);
}
// verify the data
SsfSigRcpList signer = new SsfSigRcpList();
try {
res = data.verify(pab, signer);
} catch (SsfInvalidDataException e) {
System.out.println("Error while verifying data " + e);
System.exit(1);
}
// print result of verification
if (res) {
System.out.println("Verification of data OK");
if (signer.get(0).rc == SsfSigRcpInfo.SSF_OK) {
X509Certificate cert = signer.get(0).cert;
System.out.println("Signer: " + cert.getSubjectDN().getName());
}
} else {
System.out.println("Verification of data FAILED");
}