Masters of EGL ... see my need ...

I need to capture a "public or private signature" in a digital certificate and put it in an XML file.

I got something in JAVA, but in EGL I did not find ..

The necessity:
1) find the file with the digital certificate;
2) read it by finding the public or private key
3) embed a digital signature in an xml file.

See examples in XML and Java:
1) Unsigned XML file

<?xml version="1.0" encoding="UTF-8" standalone="no"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body>  <pedidoDeCompra xmlns="http://teste.com.br/">    <infPedido Id="pedido12345">      <nroPedido>12345</nroPedido>      <vlrTotal>13.95</vlrTotal>      <produtos>       <item>          <nomeProduto>Pão</nomeProduto>          <quantidade>12</quantidade>          <valorUnitario>0.98</valorUnitario>       </item>       <item>          <nomeProduto>Leite</nomeProduto>          <quantidade>1</quantidade>          <valorUnitario>2.19</valorUnitario>       </item>      </produtos>    </infPedido>  </pedidoDeCompra> </soapenv:Body> </soapenv:Envelope>

2) Signed XML file (result)

<?xml version="1.0" encoding="UTF-8" standalone="no"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"> <soapenv:Body> <pedidoDeCompra xmlns="http://teste.com.br/">  <infPedido Id="pedido12345">    <nroPedido>12345</nroPedido>    <vlrTotal>13.95</vlrTotal>    <produtos>     <item>       <nomeProduto>Pão</nomeProduto>       <quantidade>12</quantidade>       <valorUnitario>0.98</valorUnitario>     </item>     <item>       <nomeProduto>Leite</nomeProduto>       <quantidade>1</quantidade>       <valorUnitario>2.19</valorUnitario>     </item>    </produtos>  </infPedido>  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">  <SignedInfo>    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>     <Reference URI="#pedido12345">    <Transforms>      <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>       <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>     </Transforms>    <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>    <DigestValue>MeAffeccY54DFefdS=</DigestValue>  </SignedInfo>  <SignatureValue>ZSrLF8Uafjloo58asdf8ujnzleFa=</SignatureValue>  <KeyInfo>  <X509Data><X509Certificate>NBAsMAFEdsPJesiivApzclUPsEexVZfe                   ...cortei os dados do certificado </X509Certificate>  </X509Data>  </KeyInfo>   </Signature> </pedidoDeCompra> </soapenv:Body> </soapenv:Envelope>

3) Java source
3.1) some java commands (? Egl?) I did not find in EGL ..

public class Main {     public static void main(String[] args) throws Exception {   InputStream in = new FileInputStream(new File("C://xmlSemAssinatura.xml"));   OutputStream os = new FileOutputStream(new File("C://xmlAssinado.xml"));  //elemento que deve ser assinado  String tagName="pedidoDeCompra";  String elementoID = "pedido12345";  //chave(certificado)  String pathCertificado = "C://Certificado_digital.pfx";  String senhaCertificado = "changeit";  String alias = "???";  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();   dbf.setNamespaceAware(true);  org.w3c.dom.Document doc = dbf.newDocumentBuilder().parse(in);   InputStream entrada = new FileInputStream(pathCertificado);  KeyStore ks = KeyStore.getInstance("pkcs12");   try {     ks.load(entrada, senhaCertificado.toCharArray());                            if (ks.getEntry(alias, new KeyStore.PasswordProtection(senhaCertificado.toCharArray()))==null){      throw new Exception("Alias existe?");    }           } catch (IOException e) {     throw new Exception("Senha do Certificado Digital incorreta ou Certificado inválido.");  }  KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry)      ks.getEntry(alias, new KeyStore.PasswordProtection(senhaCertificado.toCharArray()));  DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getElementsByTagName(tagName).item(0));  //Assembling the XML Signature  XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");  List transforms = new ArrayList();  transforms.add(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null));  transforms.add(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, (C14NMethodParameterSpec) null));  Reference ref = fac.newReference("#" + elementoID, //                       fac.newDigestMethod(DigestMethod.SHA1, null),//                       transforms, null, null);  SignedInfo si = fac.newSignedInfo(//                      fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE, //                     (C14NMethodParameterSpec) null), //                      fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),//                      Collections.singletonList(ref));  KeyInfoFactory kif = fac.getKeyInfoFactory();  List x509Content = new ArrayList();  x509Content.add(keyEntry.getCertificate());  X509Data kv = kif.newX509Data(x509Content);  KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));  XMLSignature signature = fac.newXMLSignature(si, ki);  signature.sign(dsc);  TransformerFactory tf = TransformerFactory.newInstance();  Transformer trans = tf.newTransformer();   //salva resultado no arquivo de saída   trans.transform(new DOMSource(doc), new StreamResult(os));  }}

Thank you for your attention ..

Osvaldo Menezes

Guys

I share the conclusion of a digital certificate project.

The purpose of the project was:
Capture information in SQL repositories, generate XML in third-party standards with digital signature, and send them through third-party webservices.

What did I do:
1) I created records in XML format, obtained from the third;
2) I imported the wsdl from the third one, creating the biding;
3) I signed the XML files, using native java;
4) I accessed the webservice of the third party with native java;

In case you need more information I am at your disposal.

Osvaldo Menezes