Skip to main content

JAXB + XML Digital Signatures

3 replies [Last post]
jongerrish
Offline
Joined: 2005-11-02

Hi,

I have a schema defined by a government agency, which defines a standard for a certain type of document. Such documents require an XML digital signature, and the schema references the W3C Digital Signature schema. The signature is mandatory element of the schema.

My problem is that when I build up the document, using the JAXB Java objects, I then need to marshal these objects to an DOM, so that my signing utility can sign the document and add in the Digital Signature.

However, when marshalling to a DOM, I get a validation error because at this point I do not yet have the signature element. What I did as a work around was to make the signature element optional, but I would rather not have to modify the schemas, since they are not under our control.

Is there at this moment any way to sign a JAXB object and embed in the signature element?

If not, is there anything that I can put in the binding file (I use an external binding file) that can stop the validation of this element, or indeed validation of any elements?

Otherwise, if anyone has any good suggestions as to how to approach this, it would be really appreciated.

Thanks in advance for you help, Jonathan.

Reply viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.
kohsuke
Offline
Joined: 2003-06-09

Is this 1.0 or 2.0?

In 2.0, marshallers don't produce validation errors. So it shall happily marshal a document without a signature element in it.

In 1.0, maybe you can put a dummy signature element in it to marshal, then replace it with a real one later?

jongerrish
Offline
Joined: 2005-11-02

Its 1.0, I'm using the JWSDP1.6. Most of the sub elements of the "Signature" type are mandatory, so I'd have to add all of those in, and then remove the element from the DOM before signing.

Is there anything I can put in the binding file to avoid the validation, this seems the most logical to me.

Has the API to 2.0 changed greatly, and do I gain anything? If its not such a hassle to switch to 2.0 I'd do it. Are there different dependancies on other components, like I said I am using JWSDP1.6 so have a variety of other jars from there Jaxp etc....

Thanks for the prompt reply, Jonathan

kohsuke
Offline
Joined: 2003-06-09

Hopefully you'll only have to create one dummy signature tree (I think you can even create that by unmarshalling an XML fragment), and use that tree over and over as you marshal each document.

Depending on the way your schema refers to the signature element, you might be able to tweak the property binding to get the result you want. Given what you told me so far, I suspect it might not be practical, but if you can show me the schema fragment that refers to the signature element, I can tell better.

The JAXB API hasn't changed much since 1.0 to 2.0, but the generated code is changed somewhat (and I think you'll like it.) We no longer generate interface/implementation, and we generate simple POJOs. You'll gain a lot faster marshalling and a lot smaller code, among other things.

The only downside is that it requires Java 5.