Transform XSLT to xmlsignature Java?

Java

I have an XML document I am using xmlsignature to sign part of the document Before I find the summary, I want to apply an XSLT transformation As I read, XSLT transforms XML documents into another format (or XML) Now I'm confused. Where can I use the converted new document? If I want to display it to the user, how can I retrieve the value from this newly created document?

<r1>
 <user>asd</user>
 <person>ghi</person>
</r1>

Transformation code

Transform t=fac.newTransform(Transform.XPATH,new XPathFilterParameterSpec("/r1/user"));

According to the XPath transformation, XML signature should not be validated whenever the value of a user element changes If the value of the person element changes, the signature should be verified But when I change the value of the person element, the signature is not verified Why?

Solution

The XSLT transformation used when signing a document is related to how to select nodes in the source XML when calculating the signature

This question / answer is part of the XML document signed by Dave using XPath 2 The link to Sean mullans' post in the answer indicates that XPath 2 is more suitable for signing part of the document because the evaluation of XPath expressions is done for each node

Therefore, based on sun DSig example, you can replace the reference creation with the following command:

List<XPathType> xpaths = new ArrayList<XPathType>();
xpaths.add(new XPathType("//r1/user",XPathType.Filter.INTERSECT));

Reference ref = fac.newReference
  ("",fac.newDigestMethod(DigestMethod.SHA1,null),Collections.singletonList
          (fac.newTransform(Transform.XPATH2,new XPathFilter2ParameterSpec(xpaths))),null,null);

This allows / / R1 / user to be protected while modifying the rest of the document

The problem with XPath / XPath 2 selection is that you can generate a / yes / no / nonexistent signature for / some / node / You are the object of modifying the test document and make sure that the signature works as you expect

You can test the document in the test program by generating a signature before validation and then tampering with the XML node:

NodeList nlt = doc.getElementsByTagName("user");
nlt.item(0).getFirstChild().setTextContent("Something else");

A more reliable alternative to XPath selectors might be to put together the IDs of the XML document elements you want to sign:

<r1>
 <user id="sign1">asd</user>
 <person>ghi</person>
</r1>

This ID is then referenced as the URI in the first parameter of the envelope transmission:

Reference ref = fac.newReference
  ("#sign1",Collections.singletonList
      (fac.newTransform(Transform.ENVELOPED,(TransformParameterSpec) null)),null);

For output, the signature operation adds a new signature element to the DOM you load in memory You can output through the following transformations:

TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.setOutputProperty(OutputKeys.INDENT,"yes");

trans.transform(new DOMSource(doc),new StreamResult(System.out));
The content of this article comes from the network collection of netizens. It is used as a learning reference. The copyright belongs to the original author.
THE END
分享
二维码
< <上一篇
下一篇>>