https://github.com/mastercard/xmlsignverify-core-java
This is a reference Java SDK library that demonstrates how customers can digitally sign and verify XML message as per ISO20022 specification
https://github.com/mastercard/xmlsignverify-core-java
iso20022 java maven xmlsec
Last synced: 12 months ago
JSON representation
This is a reference Java SDK library that demonstrates how customers can digitally sign and verify XML message as per ISO20022 specification
- Host: GitHub
- URL: https://github.com/mastercard/xmlsignverify-core-java
- Owner: Mastercard
- License: apache-2.0
- Created: 2020-07-15T10:01:22.000Z (almost 6 years ago)
- Default Branch: master
- Last Pushed: 2023-10-20T23:01:18.000Z (over 2 years ago)
- Last Synced: 2024-04-16T10:43:25.934Z (about 2 years ago)
- Topics: iso20022, java, maven, xmlsec
- Language: Java
- Homepage:
- Size: 47.9 KB
- Stars: 9
- Watchers: 2
- Forks: 13
- Open Issues: 3
-
Metadata Files:
- Readme: README.md
- Changelog: CHANGELOG.md
- Contributing: CONTRIBUTING.md
- License: LICENSE
Awesome Lists containing this project
README
[](https://github.com/Mastercard/ap-bah-crypto-utility/blob/master/LICENSE)
[](https://sonarcloud.io/dashboard?id=Mastercard_xmlsignverify-core-java)
[](https://sonarcloud.io/dashboard?id=Mastercard_xmlsignverify-core-java)
[](https://sonarcloud.io/dashboard?id=Mastercard_xmlsignverify-core-java)
## Table of Contents
- [Overview](#overview)
* [Compatibility](#compatibility)
- [Usage](#usage)
* [Signing the request](#signrequest)
* [Verifying the request](#verifyrequest)
* [Adding the Library to Your Project](#adding-the-library-to-your-project)
* [Keytool Command to generate public-private key pair](#keytool-command-to-generate-public-private-key-pair)
## Overview
This SDK library provides reference implementation of ISO 20022 Digital Signature specification to sign and verify XML messages.
It assumes that you have read the specification prior to coming here.
Refer to [ISO20022 Signed Unsigned Message Examples](docs/ISO20022_Example_Signed_Unsigned_Message.md) for understanding the difference between a signed and unsigned message.
In Signed XML payload, you will see three reference nodes:
* Resource as uri="" - will get resolved to AppHdr
* Resource with no uri - will get resolved to Document
* Resource as uri="#id" - will get resolved to element as per that id value
Maven 3.6.1+
XmlSignUtil.sign(Document document, SignatureInfo signatureInfo, SignatureKeyInfo signatureKeyInfo) signs the XML Document where:
* document - the unsigned payload
* signatureInfo - signature info which is used in signing the payload
* signatureKeyInfo - signature key info which holds private key and ski bytes to be set in X509 Data element
Refer to [detailed message signing flow](docs/MessageSigningFlow.md)
XmlSignUtil.verify(Document document, PublicKey publicKey) verifies the signed payload where:
* document - the signed payload
* publicKey - the public key
Refer to [detailed message verification flow](docs/MessageVerificationFlow.md)
### Adding the Library to Your Project
#### Maven
```xml
com.mastercard.ap.security
ap-bah-crypto-utility
${bah-crypto-utility-version}
```
### Keytool Command to generate public-private key pair
Execute the command from command prompt
```java
keytool -genkey -alias test -keyalg RSA -validity 3060 -keysize 2048 -keystore keystore.jks -storetype JKS
```
Enter keystore password:
Re-enter new password:
What is your first and last name?
[Unknown]: Test
What is the name of your organizational unit?
[Unknown]: OU
What is the name of your organization?
[Unknown]: O
What is the name of your City or Locality?
[Unknown]: London
What is the name of your State or Province?
[Unknown]: S
What is the two-letter country code for this unit?
[Unknown]: UK
Is CN=Test, OU=OU, O=O, L=London, ST=S, C=UK correct?
[no]: yes
Enter key password for
(RETURN if same as keystore password):
Re-enter new password: