Java：如何使用从单独的私钥和公共证书创建的x509签名对xml进行签名

我需要签署一个xml文档。我有私钥的路径和证书的路径。我看到的示例都是从密钥库中获取的，但是我不想将它们放入密钥库中。

调用是这样的：

buildSignatureBlock(privateKeyPath,certificatePath);

我的代码正在soap标头中创建一个签名块，如下所示：

<KeyInfo>
      <KeyValue>
        <RSAKeyValue>
          <Modulus>4om2CA8VG4...</Modulus>
          <Exponent>AQAB</Exponent>
        </RSAKeyValue>
      </KeyValue>
    </KeyInfo>

但我需要它看起来更像这样：

<KeyInfo>
                <X509Data>
                    <X509IssuerSerial>
                        <X509IssuerName>E=mari...</X509IssuerName>
                        <X509SerialNumber>00 eb 8e 89 7c .. .. .. ..</X509SerialNumber>
                    </X509IssuerSerial>
                    <X509Certificate>MIIC3jCCAke...</X509Certificate>
                </X509Data>
            </KeyInfo>

这是产生它的代码：

private void buildSignatureBlock(String privateKeyPath, String publicKeyPath) {

    BufferedReader br;
    XMLSignature signature = null;
    try {
        br = new BufferedReader(new FileReader(privateKeyPath));
        Security.addProvider(new BouncyCastleProvider());
        PEMParser pp = new PEMParser(br);
        PEMKeyPair pemKeyPair = (PEMKeyPair) pp.readObject();
        KeyPair kp = new JcaPEMKeyConverter().getKeyPair(pemKeyPair);
        pp.close();

        DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), securityNode);

        XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");

        // Create a Reference to the enveloped document (in this case,
        // you are signing the whole document, so a URI of "" signifies
        // that, and also specify the SHA1 digest algorithm and
        // the ENVELOPED Transform.
        Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null),
                Collections.singletonList(fac.newTransform(Transform.ENVELOPED,
                        (TransformParameterSpec) null)), null, null);

        //create the SignedInfo object, which is the object that is actually signed
        SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod
            (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
            (C14NMethodParameterSpec) null),
            fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
            Collections.singletonList(ref));

        //create the optional KeyInfo object, which contains info that enables the recipient 
        //to find the key needed to validate the signature.
        KeyInfoFactory kif = fac.getKeyInfoFactory();

        //use the KeyInfoFactory to create the KeyValue object and add it to a KeyInfo object
        KeyValue kv = kif.newKeyValue(kp.getPublic());
        KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));

        //Finally, we create the XMLSignature object
        signature = fac.newXMLSignature(si, ki);

        //generate the signature
        signature.sign(dsc);

        //The resulting document now contains a signature, 
        //which has been inserted as the last child element of the root element.
    } catch (IOException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (NoSuchAlgorithmException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (InvalidKeyException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (KeyException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (InvalidAlgorithmParameterException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (MarshalException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    } catch (XMLSignatureException e) {
        // TODO Auto-generated catch block
        e.printStackTrace();
    }
}

如何修改它以产生正确的签名块？