|
In order to understand this example, it is recommended that first you understand the previously seen example: XML Signature Generation
This request differs from the generation of an XML signature, in that, it generates a second enveloped signature on top of an already existing one i.e. it produces a multiple signature.
Firstly, we have a previously generated signature (dss:Signature), enveloped in its original document (dss:Document) and added to the signature request. In turn, the dss:SignRequest element indicates that a second signature is going to be generated for the previous document; the css:NodeToSign element is used to specify exactly which node is to be signed.
Once the signature has been produced, the css:SignaturePlacement element indicates the place where the second signature is to be stored. In particular, the dss:XPathAfter element indicates that the second signature will be inserted after the XPath stated in the element.
<?xml version="1.0" encoding="UTF-8"?><SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
<SOAP-ENV:Header><wsse:Security><wsse:UsernameToken wsu:Id="SecurityToken-1457840732060495738"><wsse:Username>dave</wsse:Username><wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-profile-1.0#PasswordText">trustedx</wsse:Password></wsse:UsernameToken></wsse:Security></SOAP-ENV:Header>
<SOAP-ENV:Body wsu:Id="Id-69570538112913540">
<dss:SignRequest xmlns:css="http://www.safelayer.com/TWS" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:dss="http://www.docs.oasis-open.org/dss/2004/06/oasis-dss-1.0-core-schema-wd-27.xsd" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:xades="http://uri.etsi.org/01903/v1.2.2#" Profile="urn:safelayer:tws:dss:1.0:profiles:xades:1.0:sign" RequestID="Id-5129704712964592321">
<dss:OptionalInputs><dss:KeySelector><ds:KeyInfo><ds:KeyName>OZ2TqG3hRs8Us0o31K0adALV5lc=</ds:KeyName></ds:KeyInfo></dss:KeySelector><css:SignaturePlacement><dss:XPathAfter>//*[local-name()='trustedx']//*[local-name()='Signature']</dss:XPathAfter></css:SignaturePlacement><css:SignatureForm>urn:oasis:names:tc:dss:1.0:profiles:XAdES:forms:BES</css:SignatureForm><css:MultiNodeToSign><css:NodeToSign XPath="//*[local-name()='description']"/></css:MultiNodeToSign></dss:OptionalInputs><dss:InputDocuments><dss:Document><dss:XMLData><trustedx Id="data"><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="Id1452579148481055247813686571">
<dsig:SignedInfo Id="Id16235371999996583111692422618">
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<dsig:Reference Id="Id24625076518919930151275204355" URI="#node2">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>6b3DhEVRv/oYhBnHP0ysMR9LKiA=</dsig:DigestValue>
</dsig:Reference>
<dsig:Reference Id="Id17799400471511988877421715387" Type="http://uri.etsi.org/01903/V1.2.2#SignedProperties" URI="#Id8487219301084502172113869269">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>FKj8nbH0zblsn5ROHRvvGpzuUuY=</dsig:DigestValue>
</dsig:Reference>
</dsig:SignedInfo>
<dsig:SignatureValue Id="Id1002787075617221228838486575">rHTp3Z92FHGPDZaGCCURcyHgc6Nnw6US6UkQdzqYzD5eQ9gyv7ajx7iTL4mFbfvXt7JYmPTuRL0LqgZc/TYroaZ+PQpzZQPRg+8QsZO4WwLjH7PdFWvDHLgVvwpuD4H5URxXkIyEZL0JCi99a6Iq3EHNlHR/skEB9Jut2CE3HmE=</dsig:SignatureValue>
<dsig:KeyInfo>
<dsig:X509Data>
<dsig:X509Certificate>MIIEMDCCAxigAwIBAgICAtgwDQYJKoZIhvcNAQEFBQAwbjFBMD8GA1UEChM4U2FmZWxheWVyIFNlY3VyZSBDb21tdW5pY2F0aW9ucywgUy5BLiBbQy5JLkYuIEE2MTkzMDA0Nl0xKTAnBgNVBAMTIFNhZmVsYXllciAtIENsYXNzIDEgUm9vdCBDQSBEZW1vMB4XDTA2MDkyMDEyMjEyN1oXDTEwMDkyMDEyMjEyN1owQjELMAkGA1UEBhMCRVMxETAPBgNVBAoTCFRydXN0ZWRYMQ0wCwYDVQQLEwREZW1vMREwDwYDVQQDEwh0cnVzdGVkeDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAzIjPAUlSH07+Dxb9zc5dGIQlgU//OmeK1WZpURFj7lBgDE7pliTy4TXnUhtcKFxYKxsZaow2pC52/taetMikRzEgMB4aGmtp62mwwnZu2xrU5Xp0T/KpzonyCuYSAlPk9PzpuCDHDDej8QXHVmXjD/kxnFEvdNgEfW8xiIYTOIMCAwEAAaOCAYYwggGCMAwGA1UdEwEB/wQCMAAwDgYDVR0PAQH/BAQDAgPIMB0GA1UdJQQWMBQGCCsGAQUFBwMCBggrBgEFBQcDBDARBglghkgBhvhCAQEEBAMCBaAwHQYDVR0OBBYEFCf1f0WIk7ZGcFX67wAT4pFQJULNMIGYBgNVHSMEgZAwgY2AFDRJmwQZBEIAj9D2eJvE143AF+00oXKkcDBuMUEwPwYDVQQKEzhTYWZlbGF5ZXIgU2VjdXJlIENvbW11bmljYXRpb25zLCBTLkEuIFtDLkkuRi4gQTYxOTMwMDQ2XTEpMCcGA1UEAxMgU2FmZWxheWVyIC0gQ2xhc3MgMSBSb290IENBIERlbW+CAQEwOAYIKwYBBQUHAQEELDAqMCgGCCsGAQUFBzABhhxodHRwOi8vdmEuc2FmZWxheWVyLmNvbTo4MDk0MDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9kZW1vLnNhZmVsYXllci5jb20vY3Jscy9jcmxEZW1vcy5jcmwwDQYJKoZIhvcNAQEFBQADggEBAJeN/5+BGurR+bk/8U1G5oy046cZQ3y0mV0lFhYy52+PR8X5pYeEfsOKk3RBDQ6FS0Ab2BlHeXFgE+DwUbuBKjv4HIn+24D3DAfWcA1ZRl8BxuboI5y0CQDSxqG4XqczT2MVsMfZfXkbTF7B5gQblra6S/n2ERfg1+rncIXW/v/9bbIPom347zkUj7COzrv6Aucr+EhZYnmDAELzaXRCuZMJJ87KqWZ2e1v0bo+LDSlwxtHp/OLBVhpV91vHGWlacUylLAUztzecxKId1moJQZcSS34w3a3d/Z2L/FjBKY/gJLfNh/jd/Xu8x++oOJp3KRyXHUFoBY+SHk/2K1ldPfE=</dsig:X509Certificate>
</dsig:X509Data>
</dsig:KeyInfo>
<dsig:Object Id="Id889791531378380350401396573">
<xades:QualifyingProperties Target="Id1452579148481055247813686571" xmlns:xades="http://uri.etsi.org/01903/v1.2.2#">
<xades:SignedProperties Id="Id8487219301084502172113869269" xmlns:xades="http://uri.etsi.org/01903/v1.2.2#">
<xades:SignedSignatureProperties>
<xades:SigningTime>2007-11-14T16:14:55Z</xades:SigningTime>
</xades:SignedSignatureProperties><xades:SignedDataObjectProperties/>
</xades:SignedProperties>
</xades:QualifyingProperties></dsig:Object></dsig:Signature><example Id="node1">Simple xml file</example><description Id="node2" format="text">XMLDSig/XAdES TrustedX signatures</description></trustedx></dss:XMLData></dss:Document></dss:InputDocuments></dss:SignRequest>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>
| | | | | | | |
The following explanation refers to the response that the TrustedX platform obtains once the request has been sent. Therefore, you should press the "try" button (above) to generate this response.
As we can see in the response, now there is a document that contains two signatures stored in parallel.
|
(1)