I am using the test code included in the XAdES4j package, I am doing a basic enveloped signature that includes the <ds:KeyInfo> element, but the code uses the KeyingDataProvider Object that doesn't allow me to set an ID, so when I create the DataObjectReference I don't know which URI to set.
Java original code:
Document doc = getTestDocument();
Element elemToSign = doc.getDocumentElement();
SignerEPES signer = (SignerEPES)new XadesEpesSigningProfile(keyingProviderMy, policyInfoProvider).newSigner();
new Enveloped(signer).sign(elemToSign);
How my code looks like:
Document doc = getTestDocument();
Element elemToSign = doc.getDocumentElement();
SignerEPES signer = (SignerEPES) new XadesEpesSigningProfile(
keyingProviderMy, policyInfoProvider).newSigner();
DataObjectDesc obj1 = new DataObjectReference(
"http://uri.etsi.org/01903#SignedProperties");
DataObjectDesc obj2 = new DataObjectReference(
"#KeyInfo");
SignedDataObjects dataObjs = new SignedDataObjects()
.withSignedDataObject(obj1).withSignedDataObject(obj2);
signer.sign(dataObjs, elemToSign);
outputDocument(doc, "document.signed.epes.xml");
What should I do to sign the keyinfo?
Currently there's no way to sign the whole KeyInfo
element. You can, however, set xades4j to sign the X509Certificate
element within KeyInfo
that contains the signing certificate. This is configured using BasicSignatureOptionsProvider
.