프로그래밍/JAVA2010.03.17 15:28
다음과 같은 XML 파일을 Apache Xml Security를 이용하여 Eveloped-Signature를 생성하는 과정은 다음과 같다.


1. 원본 XML의 내용
<?xml version="1.0" encoding="UTF-8"?>
<Book>
	<Title>XML 전자서명</Title>
	<Author>이연복</Author>
	<Price>10000</Price>
	<Publisher>SNUT</Publisher>
</Book>

2. 전자서명 코드
package org.sopt.dev;

import java.security.PrivateKey;
import java.security.cert.X509Certificate;

import javax.xml.XMLConstants;

import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;

public class XMLSigner {

	private Document document = null;
	
	private PrivateKey privatekey = null;
	
	private X509Certificate x509Cert = null;
	
	public XMLSigner(Document document, PrivateKey privatekey, X509Certificate x509Cert) {
		this.document = document;
		this.privatekey = privatekey;
		this.x509Cert = x509Cert;
	}
	
	public Document sign() throws XMLSecurityException {
		XMLSignature sig = new XMLSignature(document, 
				XMLConstants.XMLNS_ATTRIBUTE_NS_URI,
				"http://www.w3.org/2000/09/xmldsig#rsa-sha1",
				"http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
		
		NodeList nodeList = document.getElementsByTagName("Book");
		Element bookElement = (Element)nodeList.item(0);
		nodeList = document.getElementsByTagName("Title");
		bookElement.insertBefore(sig.getElement(), (Element)nodeList.item(0));
		
		Transforms transforms = new Transforms(document);
		transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature");
		transforms.addTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
		sig.addDocument("", transforms, "http://www.w3.org/2000/09/xmldsig#sha1");
		
		sig.addKeyInfo(x509Cert);
		sig.sign(privatekey); 
		
		return document;
	}
	
}

3. 전자서명 결과
<?xml version="1.0" encoding="UTF-8"?>
<Book>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>eJGWkV4mDEzNaQebWXTmAGFP20Q=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
vURLd5SJnYi85UDMGutu9Czmh4SuxR56iC7Wv5znKlev0ubUCqhvZrN+9mp3H10IaW1ZJxaGu0V1
/Rg576FwVR1GVr6d3at2SLkbUZDN2DdtNPYIvBGlmRNVmdSDtDB6QhG1lhv3WmStI6Huo4lk75Ig
yyDz5PJy8OlH+R5nk+k=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIFSTCCBDGgAwIBAgIECkDV5DANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQGEwJrcjEQMA4GA1UE
CgwHeWVzc2lnbjEVMBMGA1UECwwMQWNjcmVkaXRlZENBMRIwEAYDVQQDDAl5ZXNzaWduQ0EwHhcN
MDkxMTE3MTUwMDAwWhcNMTAxMTE4MTQ1OTU5WjCBqTELMAkGA1UEBhMCa3IxEDAOBgNVBAoMB3ll
c3NpZ24xEzARBgNVBAsMCnhVc2U0RXNlcm8xDDAKBgNVBAsMA0tNQjEcMBoGA1UECwwTU0FNSlVO
RyBEQVRFU0VSVklDRTFHMEUGA1UEAww+7IK87KCV642w7J207YOA7ISc67mE7IqkKChTQU1KVU5H
IERBVEVTRVJWSUNFKTAwMDQ2ODg3MDA0MDY2NDMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AMHbMPCKVTKMVkZe4s1tW/wTDzqijdU7Oe2rGlfOuKNcdAjDxkLj77IOgLou/DIwJ0imN6xWcfd1
1stHDfl3Yi6Ehz91gaQCXENXhyhsOFP7Gie06emxstSE3tn725+U6A2w1s7Ty311k0l7U4Bf1LNJ
Db8Imp5XAaPWg+zk2U7LAgMBAAGjggJZMIICVTCBjwYDVR0jBIGHMIGEgBRK+70zLYux0YyUa//g
QjZfHJHLCKFopGYwZDELMAkGA1UEBhMCS1IxDTALBgNVBAoMBEtJU0ExLjAsBgNVBAsMJUtvcmVh
IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IENlbnRyYWwxFjAUBgNVBAMMDUtJU0EgUm9vdENBIDGC
AidgMB0GA1UdDgQWBBTH8Zj4a7Qm0qa80rc6wvATAZ694jAOBgNVHQ8BAf8EBAMCBsAwegYDVR0g
AQH/BHAwbjBsBgoqgxqMmkUBAQYIMF4wLgYIKwYBBQUHAgIwIh4gx3QAIMd4yZ3BHLKUACCs9cd4
x3jJncEcACDHhbLIsuQwLAYIKwYBBQUHAgEWIGh0dHA6Ly93d3cueWVzc2lnbi5vci5rci9jcHMu
aHRtMGgGA1UdEQRhMF+gXQYJKoMajJpECgEBoFAwTgwZ7IK87KCV642w7J207YOA7ISc67mE7Iqk
KDAxMC8GCiqDGoyaRAoBAQEwITAHBgUrDgMCGqAWBBSlWn1wqt/tN4hKoAVB0RQKp7gj/jByBgNV
HR8EazBpMGegZaBjhmFsZGFwOi8vZHMueWVzc2lnbi5vci5rcjozODkvb3U9ZHAzcDM3OTgzLG91
PUFjY3JlZGl0ZWRDQSxvPXllc3NpZ24sYz1rcj9jZXJ0aWZpY2F0ZVJldm9jYXRpb25MaXN0MDgG
CCsGAQUFBwEBBCwwKjAoBggrBgEFBQcwAYYcaHR0cDovL29jc3AueWVzc2lnbi5vcmc6NDYxMjAN
BgkqhkiG9w0BAQUFAAOCAQEAB9Im0fBWHNmU8ROrlGnsAPINOvBpOu1IG7CSfxgsrSqW4DVnjuT+
+ShEccR0+IpHuBDp1a/IYzWMln69Fh7Uso+Ac60btXoPKJh8+HtlkQfaVgfdAk2zihpuB05Gg1p2
qJIk6wQgkAgreDRYMCKz00je7DD2v4tNfBmslJ4CkMXO3IVHdyudoHChDoLjuYBWDKu0JIlUiO0m
ydvyKT48SrVgNxVCA52BOsTc5XDT0f/lVRIDQ90KYA6UA1l8oZ5P6GEIwWNDnH97NGblobyhoFfT
s5ERFjKsZjygZxAdQroBWH8TNFZvLxMoOionBy/A3SGyMkmrWcr+rb/u1wC5YA==
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature>

	<Title>XML 전자서명</Title>
	<Author>이연복</Author>
	<Price>10000</Price>
	<Publisher>SNUT</Publisher>
</Book>
위 코드는 입력된 XML파일의 모든 노드셋을 대상으로 c14n 정규화 알고리즘을 적용한 후 sha1 알고리즘으로 digest value를 생성한다. 이후 CanonicalizationMethod와 SignatureMethod에 명시된 알고리즘에 따라 SignedInfo를 정규화하고, 서명을 수행한다.

 KeyInfo 노드는 서명을 제3 자가 서명을 검증할수 있도록 검증키(공개키)를 포함한다.

XMLSigner의 privatekey와 x509Cert는 각각 공인인증서의 개인키(signPri.key)와 공개키(signCert.der)이다.

신고

'프로그래밍 > JAVA' 카테고리의 다른 글

Jersey와 Spring으로 RESTful 웹 서비스 구축하기  (0) 2011.02.14
Javadoc  (1) 2010.04.30
이클립스에서 JUnit 사용하기  (0) 2010.04.22
Java 어노테이션(Annotation)  (0) 2010.04.21
Java Decompiler jad  (2) 2010.03.17
Apache Xml Security을 이용한 XML 전자서명  (1) 2010.03.17
MSSQL with JDBC  (0) 2010.02.03
JavaMail 첨부파일 읽기  (0) 2010.01.28
JavaMail with IMAP  (0) 2010.01.27
JavaMail을 이용하며 메일전송  (0) 2010.01.15
RSA 암호화  (0) 2010.01.15
Posted by devop