{"id":28577553,"url":"https://github.com/mastercard/xmlsignverify-core-java","last_synced_at":"2025-06-11T00:38:55.681Z","repository":{"id":46942429,"uuid":"279832504","full_name":"Mastercard/xmlsignverify-core-java","owner":"Mastercard","description":"This is a reference Java SDK library that demonstrates how customers can digitally sign and verify XML message as per ISO20022 specification","archived":false,"fork":false,"pushed_at":"2023-10-20T23:01:18.000Z","size":49,"stargazers_count":9,"open_issues_count":3,"forks_count":13,"subscribers_count":2,"default_branch":"master","last_synced_at":"2024-04-16T10:43:25.934Z","etag":null,"topics":["iso20022","java","maven","xmlsec"],"latest_commit_sha":null,"homepage":"","language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/Mastercard.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-07-15T10:01:22.000Z","updated_at":"2024-03-12T16:25:35.000Z","dependencies_parsed_at":"2022-09-24T00:12:32.009Z","dependency_job_id":null,"html_url":"https://github.com/Mastercard/xmlsignverify-core-java","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mastercard%2Fxmlsignverify-core-java","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mastercard%2Fxmlsignverify-core-java/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mastercard%2Fxmlsignverify-core-java/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mastercard%2Fxmlsignverify-core-java/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/Mastercard","download_url":"https://codeload.github.com/Mastercard/xmlsignverify-core-java/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/Mastercard%2Fxmlsignverify-core-java/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":259177333,"owners_count":22817349,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["iso20022","java","maven","xmlsec"],"created_at":"2025-06-11T00:38:13.943Z","updated_at":"2025-06-11T00:38:55.636Z","avatar_url":"https://github.com/Mastercard.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"[![](https://img.shields.io/badge/License-Apache%202.0-blue.svg)](https://github.com/Mastercard/ap-bah-crypto-utility/blob/master/LICENSE)\n[![](https://sonarcloud.io/api/project_badges/measure?project=Mastercard_xmlsignverify-core-java\u0026metric=alert_status)](https://sonarcloud.io/dashboard?id=Mastercard_xmlsignverify-core-java)\n[![](https://sonarcloud.io/api/project_badges/measure?project=Mastercard_xmlsignverify-core-java\u0026metric=coverage)](https://sonarcloud.io/dashboard?id=Mastercard_xmlsignverify-core-java)\n[![](https://sonarcloud.io/api/project_badges/measure?project=Mastercard_xmlsignverify-core-java\u0026metric=vulnerabilities)](https://sonarcloud.io/dashboard?id=Mastercard_xmlsignverify-core-java)\n\n\n## Table of Contents\n- [Overview](#overview)\n  * [Compatibility](#compatibility)\n- [Usage](#usage)\n  * [Signing the request](#signrequest)\n  * [Verifying the request](#verifyrequest)\n  * [Adding the Library to Your Project](#adding-the-library-to-your-project)\n  * [Keytool Command to generate public-private key pair](#keytool-command-to-generate-public-private-key-pair)\n\n## Overview \u003ca name=\"overview\"\u003e\u003c/a\u003e\nThis SDK library provides reference implementation of ISO 20022 Digital Signature specification to sign and verify XML messages. \nIt assumes that you have read the specification prior to coming here.\n\nRefer to [ISO20022 Signed Unsigned Message Examples](docs/ISO20022_Example_Signed_Unsigned_Message.md) for understanding the difference between a signed and unsigned message.\n\nIn Signed XML payload, you will see three reference nodes:\n* Resource as uri=\"\" - will get resolved to AppHdr\n* Resource with no uri - will get resolved to Document\n* Resource as uri=\"#id\" - will get resolved to element as per that id value\n\n### Compatibility \u003ca name=\"compatibility\"\u003e\u003c/a\u003e\nJava 11+\n\nMaven 3.6.1+\n\n## Usage \u003ca name=\"usage\"\u003e\u003c/a\u003e\n\n### Signing the request \u003ca name=\"signrequest\"\u003e\u003c/a\u003e\n\nXmlSignUtil.sign(Document document, SignatureInfo signatureInfo, SignatureKeyInfo signatureKeyInfo) signs the XML Document where:\n  * document - the unsigned payload \n  * signatureInfo - signature info which is used in signing the payload\n  * signatureKeyInfo - signature key info which holds private key and ski bytes to be set in X509 Data element\n\nRefer to [detailed message signing flow](docs/MessageSigningFlow.md)\n\n\n### Verifying the request \u003ca name=\"verifyrequest\"\u003e\u003c/a\u003e\n\nXmlSignUtil.verify(Document document, PublicKey publicKey) verifies the signed payload where:\n  *  document - the signed payload\n  *  publicKey - the public key\n\nRefer to [detailed message verification flow](docs/MessageVerificationFlow.md)\n\n\n### Adding the Library to Your Project \u003ca name=\"adding-the-library-to-your-project\"\u003e\u003c/a\u003e\n\n#### Maven\n```xml\n\u003cdependency\u003e\n    \u003cgroupId\u003ecom.mastercard.ap.security\u003c/groupId\u003e\n    \u003cartifactId\u003eap-bah-crypto-utility\u003c/artifactId\u003e\n    \u003cversion\u003e${bah-crypto-utility-version}\u003c/version\u003e\n\u003c/dependency\u003e\n```\n\n### Keytool Command to generate public-private key pair \u003ca name=\"keytool-command-to-generate-public-private-key-pair\"\u003e\u003c/a\u003e\n\nExecute the command from command prompt \n```java\nkeytool -genkey -alias test -keyalg RSA -validity 3060 -keysize 2048 -keystore keystore.jks -storetype JKS\n```\n\nEnter keystore password:\n\n  Re-enter new password:\n  \n  What is your first and last name?\n  \n    [Unknown]:  Test\n\t\n  What is the name of your organizational unit?\n  \n    [Unknown]:  OU\n\t\n  What is the name of your organization?\n  \n    [Unknown]:  O\n\t\n  What is the name of your City or Locality?\n  \n    [Unknown]:  London\n\t\n  What is the name of your State or Province?\n  \n    [Unknown]:  S\n\t\n  What is the two-letter country code for this unit?\n  \n    [Unknown]:  UK\n\t\n  Is CN=Test, OU=OU, O=O, L=London, ST=S, C=UK correct?\n  \n    [no]:  yes\n\n  Enter key password for \u003ctest\u003e \n          (RETURN if same as keystore password):\n\t\t  \n  Re-enter new password:\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmastercard%2Fxmlsignverify-core-java","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fmastercard%2Fxmlsignverify-core-java","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fmastercard%2Fxmlsignverify-core-java/lists"}