Axelle,
see my comments below.
Axelle wrote:
Thanks very much for your reply. It actually answers my next post too :-)
So, the way to do it is to use importNode() ? However, I'm not really sure to understand the way it works:
Document signedDoc = documentBuilder.newDocument();
Okay, we create the Document object for the signed document.
XMLSignature sig = new XMLSignature(signedDoc, baseUri, signatureMethod);
We initialize the ds:Signature object.
signedDoc.appendChild(sig.getElement());
We add this so that the signed document includes the ds:Signature.
ObjectContainer obj = new ObjectContainer(signedDoc);
We build a ds:Object object on the signed doc ?? there I don't get it... shouldn't the object container contain the document to sign (and not the signed document).
The <ds:SignedInfo> is signed as well, so this constructor puts a reference on the enclosing document somewhere to get there later. This is what I understood when scanning the code. Raul or Berin will know for sure I guess.
The importNode(...) just changes the document a node belongs to.
signedDoc.importNode(doc.getDocumentElement(), deepCopy);
Not so sure about this either: we add the document to sign in the signed document. Why do we do this ? I would have expected to import the ds:Object (which contains the document to sign) but not the document to sign directly.
That is. Make a copy of doc's root element belong to signedDoc.
Javadoc of importNode(...) says: "
Imports a node from another document to this document. The returned node has no parent;
(parentNode is null). The source node is not altered or removed from the original document; this
method creates a new copy of the source node.
"
In safe distance of xmlsec, I use dom4j to handle XML, because that is less surprising than the org.w3c.dom stuff. But xmlsecurity has to use the org.w3c interfaces IIRC.
sig.appendObject(obj);
We make sure the signature will sign the ds:Object.
sig.sign(privateKey);
At last, we sign.
Best regards, Axelle.
BTW. my starting point were the examples and test harness classes of xmlsecurity. There is an org...samples.signature.CreateEnvelopingSignature.java.
Regards,
Heiner
