|
|
Featured White Papers
- Why choose an Open Source BPM?
- 10 FAQs on Business Process Management
- Best Practices for Getting Started with BPM
- Free Your Devs From The Pain Of Java Redeploys
- Increase Velocity 40% by Using JRebel
- What Developers Want: The End of Application Redeploys
- Developer Productivity Report: Java Tools, Tech, Devs, and Data
- Coding with JRebel: Java Forever Changed
- Utilizing Fast Testing to Transform Java Development
- Do You Really Get Classloaders?
- Pragmatic Continuous Delivery with Jenkins, Nexus, and LiveRebel
- Your Next Java Web App: Less XML, No Long Restarts, Fewer Hassles
- Coding with JRebel, Java Forever Changed
- 2012 Developer Productivity Report: Java Tools, Tech, Devs, and Data
Signature verficiation fails
Submitted by errno on Tue, 02/21/2012 - 06:53.
Hi everybody,
I have an issue that my XML signature cannot be verified with an external (e-government) tool. The XML document contains an directive and this causes a problem. if I remove it, an XML is signed and verified correctly as well. The signature can be, however, verified with a simple Java application I wrote (I don't know what's difference between those two tools - but normally it must be verifiable with any tool - right?).
org.apache.xml.security.Init.init();
ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, "ds");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
Document signedDocument = signRequest.getDocument();
Reference ref = fac.newReference("", fac.newDigestMethod(
DigestMethod.SHA1, null), Collections.singletonList(fac
.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null)), null, null);
SignedInfo si = fac
.newSignedInfo(fac.newCanonicalizationMethod(
CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec) null), fac
.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
Collections.singletonList(ref));
X509Certificate cert = (X509Certificate) signRequest.getCertificate();
KeyInfoFactory kif = fac.getKeyInfoFactory();
List x509Content = new ArrayList();
x509Content.add(cert.getSubjectX500Principal().getName());
x509Content.add(cert);
X509Data xd = kif.newX509Data(x509Content);
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
DOMSignContext dsc = new DOMSignContext(signRequest.getPrivateKey(),
signedDocument.getDocumentElement());
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);I tried to use Reference (#my_id or #xpointer(/) in order to sign only root element but the only way I know is to use element id -> #my_id to access an element. And this doesn't work as well :-(.
Thanks for any help.
Regard,
errno