How can i sign hash of xml file and integrate signature in original file

Is there a way to sign the hash of an xml file and then integrate this signed hash into the original file.

For the PDF signature I use iText and it works very well.

UPDATE 1 : Sign Original XML FILE

public class SignXML {

static String fileToSign = "B:/tmp/client/032936.xml";
static String signedFile = "B:/tmp/client/Signed-032936.xml";
static String certificate = "C:/lp7command/tools/certificate.p12";
static String password = "123456";

public static void main(String[] args) throws Exception{
	XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");       
	Transform exc14nTranform = fac.newTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315", 
			(TransformParameterSpec) null);
	    Transform envTransform = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null);

	    List<Transform> transformList = new ArrayList();
	    transformList.add(exc14nTranform);
	    transformList.add(envTransform);

	    Reference ref = fac.newReference("#evidence", fac.newDigestMethod(DigestMethod.SHA1, null), transformList,null, null);

	    SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,
	    		(C14NMethodParameterSpec) null),fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));

	    KeyStore ks = KeyStore.getInstance("PKCS12");
	    ks.load(new FileInputStream(certificate), password.toCharArray());
	    KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) ks.getEntry ("mykey", 
	    		new KeyStore.PasswordProtection(password.toCharArray()));     
	    X509Certificate cert = (X509Certificate) keyEntry.getCertificate();

	    KeyInfoFactory kif = fac.getKeyInfoFactory();
	    List x509Content = new ArrayList();

	    X509IssuerSerial issuer = kif.newX509IssuerSerial(cert.getIssuerDN().toString(), cert.getSerialNumber());
	    //System.out.println(cert.getSubjectAlternativeNames().toString());
	    x509Content.add(cert.getSubjectX500Principal().getName());
	    x509Content.add(issuer);
	    x509Content.add(cert);

	    X509Data xd = kif.newX509Data(x509Content);
	    KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));

	    DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
	    dbf.setNamespaceAware(true);
	    Document doc = dbf.newDocumentBuilder().parse(new FileInputStream(fileToSign));
	    XMLStructure content = new DOMStructure(doc.getDocumentElement());
	    
	    XMLObject obj = fac.newXMLObject(Collections.singletonList(content), "evidence", null, null);

	    DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc);
	    XMLSignature signature = fac.newXMLSignature(si, ki, Collections.singletonList(obj), null, null);
	    
	    signature.sign(dsc);

	    OutputStream os = new FileOutputStream(signedFile);
	    TransformerFactory tf = TransformerFactory.newInstance();
	    Transformer trans = tf.newTransformer();
	    trans.transform(new DOMSource(doc), new StreamResult(os));
}
}

what I want to do is calculate the hash of the original XML file and send it for signature to another server (B) which will sign the hash and return signed hash which I will then integrate into the original file which is in server A.

Yes there is a way to do that. Have a look at for example https://www.w3.org/TR/xmldsig-core/ at (one) standard way to that. Depending on your technology there are several libraries that support you with that. You mentioned iText, so for Java it is integrated in the JRE for a while now. See https://docs.oracle.com/en/java/javase/13/docs/api/java.xml.crypto/javax/xml/crypto/dsig/package-summary.html as a starting point.

You are looking for an enveloped XML-Signature, where the Signature is not included in hash calculation, so that it can be included in the original document.

UPDATE 1: So you are looking for including a remote signing service into xml documents. That is also possible, did that on a previous job, though a bit more complicated.

In general you have to plug in where the signature is created, get the hash, send it to server get the signature value and include it into the respective XML node.

Then and there we provided our own Java Crypto Provider, (https://docs.oracle.com/javase/8/docs/technotes/guides/security/crypto/HowToImplAProvider.html) which would override the Private Key Object to do the remote signing magic. In retrospect I would rather recommend looking into Apache Santuario http://santuario.apache.org/, which might be a bit more flexible, when extending or the EU-DSS library https://ec.europa.eu/cefdigital/DSS/webapp-demo/doc/dss-documentation.html#_other_implementations.

The short answer is you can check my repo: https://github.com/chenhuang511/xml-dsig-sign-hash/blob/main/src/main/java/vn/softdreams/xml/signhash/HashOperator.java

The long answer is you have to create the signed XML manually, step by step with Java built-in XML library:

Firstly, you prepare the content of the XML Signature tag, as it can be done in the way you sign the whole file directly. The key point is the SignatureValue tag is empty at this step, we can fulfill it later. You must define manually the hash algorithm, the XML transform algorithm inside the content of SignedInfo tag:

        //signedInfo node
    Element signedInfo = doc.createElement("SignedInfo");
    //signedInfo-canonicalizationMethod node
    Element canonicalizationMethod = doc.createElement("CanonicalizationMethod");
    canonicalizationMethod.setAttribute("Algorithm", usingNS ? "http://www.w3.org/2001/10/xml-exc-c14n#" : "http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
    signedInfo.appendChild(canonicalizationMethod);
    //signedInfo-SignatureMethod node
    Element signatureMethod = doc.createElement("SignatureMethod");
    signatureMethod.setAttribute("Algorithm", hashAlgo.getSignatureMethod());
    signedInfo.appendChild(signatureMethod);

    //SignedInfo-Reference node
    Element reference = doc.createElement("Reference");
    reference.setAttribute("URI", "#" + signingTagId);
    signedInfo.appendChild(reference);
    Element transforms = doc.createElement("Transforms");
    Element transform1 = doc.createElement("Transform");
    transform1.setAttribute("Algorithm", "http://www.w3.org/2000/09/xmldsig#enveloped-signature");
    transforms.appendChild(transform1);
    if (usingNS) {
        Element transform2 = doc.createElement("Transform");
        transform2.setAttribute("Algorithm", "http://www.w3.org/2001/10/xml-exc-c14n#");
        transforms.appendChild(transform2);
    }

    reference.appendChild(transforms);

    Element digestMethod = doc.createElement("DigestMethod");
    digestMethod.setAttribute("Algorithm", hashAlgo.getHashMethod());
    reference.appendChild(digestMethod);
    
    Element digestValue = doc.createElement("DigestValue");
    digestValue.setTextContent(getDigestForRemote());
    reference.appendChild(digestValue);
    signedInfo.appendChild(reference);
    sigElement.appendChild(signedInfo);

    //signatureValue node (empty right now)
    Element signatureValue = doc.createElement("SignatureValue");
    sigElement.appendChild(signatureValue);

The DigestValue can be calculated by getting the whole node value you want to sign. This node often presents in the document with the given signing node id.

private String getDigestForRemote() throws Exception {
    Node nodeToBeHash = inputDoc.getElementsByTagName(signingTagName).item(0);

    //transform
    Canonicalizer c14n = usingNS ?
            Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS) : Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
    byte[] transformed = c14n.canonicalizeSubtree(nodeToBeHash);

    //hash
    return Base64.getEncoder().encodeToString(DigestCreator.digest(transformed, hashAlgo));
}

Next step, when the SignedInfo is done, the hash for signing is calculated by transform and create the digest of SignedInfo content. Remember you have to use algorithms you defined in 1st step for canonicalization and hash operation.

Node signedInfo = signature.getElementsByTagName("SignedInfo").item(0);
    Element signedInfoEle = (Element) doc.importNode((Element) signedInfo, true);
    signedInfoEle.setAttribute("xmlns", "http://www.w3.org/2000/09/xmldsig#");
    doc.appendChild(signedInfoEle);

    //transform
    Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
    byte[] transformed = c14n.canonicalizeSubtree(doc);
    //hash
    byte[] hash = DigestCreator.digest(transformed, hashAlgo);

Another key point is when you compute the signature from the hash in Java, you may need to add Digest Info into the hash if you want the final XML document can be validated correctly.

public byte[] signHashWithInfo(byte[] hash, PrivateKey privateKey, DigestAlgorithm algo) throws Exception {
        Provider provider = new BouncyCastleProvider();
        Security.addProvider(provider);

        ASN1ObjectIdentifier oidObject = new ASN1ObjectIdentifier(algo.getOid());

        AlgorithmIdentifier identifier = new AlgorithmIdentifier(oidObject, null);
        DigestInfo di = new DigestInfo(identifier, hash);

        Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding", provider);
        cipher.init(Cipher.ENCRYPT_MODE, privateKey);
        return cipher.doFinal(di.getEncoded());
    }

XML digital signature is the standard Java API which is different from the classic method of digesting | encrypting | decrypting hash value. The gist is first to canonicalize | reference(URI) | embed the signature algorithm and then receiver verifies both reference and signature.

> Is the KeyValue successfully created from the Array in your codes?

        List x509Content = new ArrayList();

        X509IssuerSerial issuer = kif.newX509IssuerSerial(cert.getIssuerDN().toString(), cert.getSerialNumber());
        //System.out.println(cert.getSubjectAlternativeNames().toString());
        x509Content.add(cert.getSubjectX500Principal().getName());
        x509Content.add(issuer);
        x509Content.add(cert);

        X509Data xd = kif.newX509Data(x509Content);
        KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));

>> The KeyValue is the equivalent of a Public Key. The code is as simple as:

	        KeyInfoFactory kif = fac.getKeyInfoFactory();
	        KeyValue kv = kif.newKeyValue(kp.getPublic());

	        // wrap the value in the KeyInfo
 	        KeyInfo ki = kif.newKeyInfo(List.of(kv));

>> NOTE: Each element of the XML signature result is required to canonicalise the signature and algorithm.
>>
>> Upon a valid XML digital signature created, it looks like this:

<national-treasure>
.......
    </Banff-highlights>
      <Banff-revenue>CAD$6 billion per annum
    </Banff-revenue>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
        <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
        <SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
        <Reference URI="">
            <Transforms>
                <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            </Transforms>
            <DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <DigestValue>3tiwE7fdQxZ.....lU99kmkHAg/Bi6fESM=</DigestValue>
        </Reference>
    </SignedInfo>
    <SignatureValue>AZMlxFBjoZxmy8.....YOO3qINqG/wHoJPg==
    </SignatureValue>
    <KeyInfo>
        <KeyValue>
            <RSAKeyValue>
                <Modulus>sLQ+W9fT18Okqf.....tQ==
                </Modulus>
                <Exponent>AQAB</Exponent>
            </RSAKeyValue>
        </KeyValue>
    </KeyInfo>
</Signature>
</national-treasure>

> A pristine XML signature shall meet below requirements :
> > - Signed element has not been manipulated
> > - Digest method | value | algorithm shall match among canonicalized, encrypt and decrypt stages
> >
> > Put that into context, the method of direct decoding key bytes and sending hash over the App servers quite defeats the purpose of secure signature receipt. There are options to buttress DS validation, mitigate risks(alter document construct), and prevent signature repudiation through Java API:
>> - Enable secure Signature process which can restrict XSLT transforms document | cross reference URI in App server.
>> - Aggregate security property to enforce restrictions. e.g. increased XML signature key length for validation.
>> In the realm of NoSQL/document store, like MarkLogic, there are sophisticated security features to explore and to protect PII data: element security, SSL signed certificates, document redaction.
>
> Unless the original document, public key and signature are ALL compromised the same time, Java crypto API shall detect the tampering. Core signature (header |value | key value) or reference element can be effortlessly unmarshalled then validated.

> The gist of my application is: Generate the keypair, create XML DOM sign context with the private key and XML signed node; DOM signature factory, referencing the enveloped/transformed document with the digested algorithm, then canonicalized the aforesaid reference, finally create the RSA keyvalue/keyinfo and sign the XML. The logic is the concrete implementation of Oracle Java XMLSignatureFactory | KeyInfoFactory which conforms to W3C XML required algorithms.
> > - For although I encourage creative thinking, (No pun intended) I am not keen to sign and toss the hash. ( conceivably it has certain beauty: Cipher short message in mobile communication…etc ). I don’t see how you can hash a heavy-weight XML.
> > - 2ndly, it is critical to get the Keyvalue/keyinfo when you develop and plug in X509 transform and algorithm. I ask if the correct keyvalue/info has been retrieved.
> > - 3rdly, by what context did you specify the DOM signature instance and create the reference?