Validating the Lotus Forms XML digital signature with Java

Source: Internet
Author: User
Tags sha1 xpath

Introduction to the Lotus Forms XML digital Signature

This article focuses on verifying the signed Lotus Forms document using the JSR-the API, without relying on the Lotus Forms API (download the source code, see download section). This approach simplifies the process of integrating products purchased from other vendors with Lotus Forms by using standard JAVA™API calls and XML signature implementations from other vendors.

For this article, the form refers to an XML document that contains tags that are described using the extensible Forms Description Language (XFDL), and extensible Forms Description Language (XFDL) is A glossary that uses standard XML format to describe the Lotus Forms document. Within the XFDL form, the user interface control is called an item, and the item uses XML element and attribute encoding. Items are typically bound to data in an XForms instance and are organized as one or more visual pages.

XML signatures are included in the XFDL document, so they are encapsulated signatures. According to the Model-view-controller (MVC) concept, an XML digital signature is part of the data model in an XForms instance, because the generation of digital signatures is an information creation behavior that is done by users with private keys. After the signature is generated, any modifications to the XFDL document will cause signature verification to fail. XML signatures can also selectively ignore parts of a signed document so that multi-step workflows can perform operations on these neglected parts without affecting the validity of digital signatures. The two advantages of this arrangement are that multiple-step signatures are allowed for forms, and signatures can overlap each other.

Listing 1 shows an example of an XML signature in the XForms model. Note that the name space URI of the XForms, DS, and dsxp is defined in the form's <XFDL> document element, and is not shown here. The complete form sample can be found in the download section.




Listing 1. XForms instance containing unsigned XML signature


&lt;xforms:model&gt;


&lt;xforms:instance xmlns= "" id= "generated" &gt;


&lt;data&gt;


&lt;page1&gt;


&lt;customer&gt;


&lt;firstname1&gt;John&lt;/firstname1&gt;


&lt;middlename1&gt;M&lt;/middlename1&gt;


&lt;lastname1&gt;Smith&lt;/lastname1&gt;


&lt;ssn1&gt;123456789&lt;/ssn1&gt;


&lt;streetaddress1&gt;1000 Main street&lt;/streetaddress1&gt;


&lt;city1&gt;La&lt;/city1&gt;


&lt;state&gt;California&lt;/state&gt;


&lt;zipcode&gt;10080&lt;/zipcode&gt;


&lt;gender1&gt;M&lt;/gender1&gt;


&lt;dateofbirth1&gt;1980-01-02&lt;/dateofbirth1&gt;


&lt;workphone1&gt;1001234567&lt;/workphone1&gt;


&lt;homephone1&gt;1001236789&lt;/homephone1&gt;


&lt;/customer&gt;


&lt;signature1&gt;


&lt;ds:Signature&gt;


&lt;ds:SignedInfo&gt;


&lt;ds:canonicalizationmethod algorithm= "http://www.w3.org/TR/2001/


rec-xml-c14n-20010315 "&gt;&lt;/ds:CanonicalizationMethod&gt;


&lt;ds:signaturemethod algorithm= "http://www.w3.org/2000/09/xmldsig#


rsa-sha1 "&gt;&lt;/ds:SignatureMethod&gt;


&lt;ds:Reference&gt;


&lt;ds:Transforms&gt;


&lt;ds:transform algorithm= "http://www.w3.org/2002/06/


Xmldsig-filter2 "&gt;


&lt;dsxp:xpath filter= "Subtract" &gt;/xfdl:xfdl/xfdl:globalpage/


xfdl:global/xfdl:xformsmodels/xforms:model[1]/


xforms:instance [@id = "generated"]/data/page1/signature1/


ds:signature


&lt;/dsxp:XPath&gt;


&lt;/ds:Transform&gt;


&lt;/ds:Transforms&gt;


&lt;ds:digestmethod algorithm= "http://www.w3.org/2000/09/xmldsig#


SHA1 "&gt;&lt;/ds:DigestMethod&gt;


&lt;ds:DigestValue&gt;&lt;/ds:DigestValue&gt;


&lt;/ds:Reference&gt;


&lt;ds:reference uri= "" &gt;


&lt;ds:Transforms&gt;


&lt;ds:transform algorithm= "http://www.w3.org/2002/06/


Xmldsig-filter2 "&gt;


&lt;dsxp:xpath filter= "intersect" &gt;here ()/ancestor::


Ds:signature[1]/ds:object [sigmeta:metadata]&lt;/dsxp:xpath&gt;


&lt;/ds:Transform&gt;


&lt;/ds:Transforms&gt;


&lt;ds:digestmethod algorithm= "http://www.w3.org/2000/09/xmldsig#


SHA1 "&gt;&lt;/ds:DigestMethod&gt;


&lt;ds:DigestValue&gt;&lt;/ds:DigestValue&gt;


&lt;/ds:Reference&gt;


&lt;/ds:SignedInfo&gt;


&lt;ds:SignatureValue&gt;&lt;/ds:SignatureValue&gt;


&lt;ds:Object&gt;


&lt;sigmeta:metadata&gt;


&lt;sigmeta:timestamp&gt;


&lt;sigmeta:signtime&gt;&lt;/sigmeta:signtime&gt;


&lt;sigmeta:dst&gt;&lt;/sigmeta:dst&gt;


&lt;sigmeta:date&gt;&lt;/sigmeta:date&gt;


&lt;/sigmeta:timestamp&gt;


&lt;/sigmeta:metadata&gt;


&lt;/ds:Object&gt;


&lt;/ds:Signature&gt;


&lt;/signature1&gt;


&lt;/page1&gt;


&lt;/data&gt;


&lt;/xforms:instance&gt;


&lt;/xforms:model&gt;

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.