The objective of this example is to sign a text document using the TrustedX signature service. In order to understand this example, it is recommended that first you understand the previously seen example: X509 certificate validation.

To try this example, you must download the file called sampleAxis2.zip and follow the instructions in Configuration of the Environment.

As in the previous example, the first step is to define the necessary constants.

Afterwards, the connection with the digital signature Web service must be initialized.

TWSDSLocator locatorDs = new TWSDSLocator();
locatorDs.setDigitalSignatureEndpointAddress(host);
DigitalSignatureType dst = locatorDs.getDigitalSignature();
DSBindingStub bindingDs = (DSBindingStub) dst;
UtilTrustedX.ssl_conf();

Unlike the certificate validation example, in order to produce a signature, a signature request must be created via a SignRequest object. In this case, the profile of the request is CMS/PKCS#7.
And again, the authentication, user and password parameters must be specified.

SignRequest sr = new SignRequest();
sr.setProfile(new URI(PROF_SIGN_CMS));
UtilTrustedX.addUsernameToken(bindingDs, user, password);

This example intends to produce the signature for the data in the file called HelloWorld.txt, and so the data is included encoded in Base64. To include this data in the request, an InputDocuments object containing a Document object with the encoded data must be created.

InputDocuments idoc = new InputDocuments();
Document doc = new Document();
Base64Data b64data = new Base64Data();
b64data.set_value(Util.readBinaryFile(path_in + filename));
doc.setBase64Data(b64data);
idoc.setDocument(doc);
sr.setInputDocuments(idoc);

The certificate which will be used to sign the data is selected from the user’s distinguished name. This is an optional parameter and so it must be included in the OptionalInputs object; the key is selected with a KeySelector object and the value and format of the data is indicated – in this case, the distinguished name (or DN).

OptionalInputs opt = new OptionalInputs();
KeySelector ks = new KeySelector();
com.safelayer.www.TWS.KeySelector ks2 = new com.safelayer.www.TWS.KeySelector();
NameIdentifierType nit = new NameIdentifierType(distinguishedName);
nit.setFormat(new URI(URI_DN));
ks2.setName(nit);
ks.setKeySelector(ks2);
opt.setKeySelector(ks);
sr.setOptionalInputs(opt);

Finally, this instruction indicates that the signature format must be CMS.

opt.setSignatureType(new URI(TYPE_CMS));

Once all the data have been entered in the request, the sign() operation is invoked; this operation sends the signature request to the host and collects the response in a SignResponse object.

SignResponse srs = bindingDs.sign(sr);

Once the request has been sent, we can check if it has been processed correctly by consulting the response parameters. The functions of the UtilTrustedX auxiliary class are used for this. If all goes well, the signature is retrieved from the response and is stored in a file. In the CMS/PKCS#7 signature validation example, you will see how the validity of the generated signature must be checked. In the case of the CMS/PKCS#7 profile, the getBase64Signature() method must be used to retrieve the signature.

if (UtilTrustedXAxis.check(srs.getResult(), bindingDs)) {
   byte[] data = srs.getSignatureObject().getBase64Signature().get_value();
   String destFilename = path_out + filename + ".p7d";
   Util.writeBinaryFile(destFilename, data);
}

After executing the example, we obtain a response, such as the one below, and a file with the signature.

File saved successfully on: data/output/HelloWorld.txt.p7d

Go to discussion forum (1)