All geek questions in one place

How to extract "original" content using an xml-signed file

I am dealing with an XML signature. As you know, there are three types of XML signatures: envelopes, envelopes, detached.

I found some good tutorials on how to use the standard Java API to sign / verify a file, but I would like to know how to extract the (almost) "source" content data. In particular:

1) After checking the Enveloped XML-signed file, what is the correct way to “get” the XML content without a signature?

2) After checking the Enveloping XML file, which is the correct way to “get” the “Object” node?

For "get" I mean writing to a separate physical file, clearing the signature (with a standard API, if possible).

Thanks in advance,

benevolently.

Mirko

+4
source share
2 answers

Designated signature

<yourxml>
   ...
   <Signature>....</Signature>
</yourxml>

A signature is a node of an XML document. After verifying the XML signature, find the node, remove it from the DOM structure and save the document.

// Instantiate the document to be signed.
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(new FileInputStream(xml));

// Find Signature element.
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");

//... XML Signature validation

//remove signature node from DOM
nl.item(0).getParentNode().removeChild(nl.item(0));

//write to file.
OutputStream os = new FileOutputStream(outputFileName);
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(doc), new StreamResult(os));

Envelope signature

<Signature>
   <Object Id="object">
      <yourxml>...</yourxml>
    </Object>
 </Signature>

You can apply the same technique. Find Objectnode and save the first file in a file. But in this case, XMLSignatureprovides a method getObjectsfor getting signed objects

//XMLSignature result of validation process
XMLSignature signature = ...

//Gets the node
XMLObject xmlObject = (XMLObject)signature.getObjects().get(0);
Node yourXmlNode = ((DOMStructure)xmlObject.getContent().get(0)).getNode();

//Save to file
OutputStream os = new FileOutputStream(outputFileName);
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(yourXmlNode), new StreamResult(os));
+3
source

@pedrofb , XML. node, :

NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Object");
if (nl.getLength() == 0) {
    throw new Exception("*** Cannot find Object element");
}
final String data = nl.item(0).getTextContent();

try {
    File target = new File("/path/output.dat");

    FileWriter writer = new FileWriter(target);
    BufferedWriter bufferedWriter = new BufferedWriter(writer, 8192);
    bufferedWriter.write(data);

    //flush & close writers
    //...

} catch (Exception e) {
    //...

}
+1

Source: https://habr.com/ru/post/1659800/

More articles:


All Articles