You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by m2 r2sj <m2...@gmail.com> on 2006/03/31 21:32:35 UTC

Sign & Validation Help Needed

Hi All.


I downloded the apache java tool kit and executed the signing and validation
example programs .I was able to sign and validate.I then tried the
following.
1)devleoped my own xml document
2)parsed the document
3)did Envelope sign using DSA and appended the signed content to the soure
node.

When i tried to validate , i got the message that the signature is in valid.

Can any one suggest me what i am doing wrong.


my XML with singed content :
<Data>

<Name id="1">Doe</Name>

<Address>900 N. Michigan Ave</Address>

<City>Chicago</City>

Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
  <CanonicalizationMethod Algorithm="
http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
  <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />

<Reference URI="">
<Transforms>
  <Transform Algorithm="
http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
  <Transform Algorithm="
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
  </Transforms>
  <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
  <DigestValue>76zcPvLBWmU4TOU1sOWkC4JDhoA=</DigestValue>
  </Reference>
  </SignedInfo>

<SignatureValue>Kb/sxAEihzsGdglrn18vZiJDYoJtRVwLoAm6p7dj8h90ZN/O909+Wg==</SignatureValue>

KeyInfo>
<X509Data>

<X509Certificate>MIIDDjCCAssCBD9OHkgwCwYHKoZIzjgEAwUAMGwxEDAOBgNVBAYTB1Vua25vd24xEDAOBgNVBAgT
B1Vua25vd24xEDAOBgNVBAcTB1Vua25vd24xEDAOBgNVBAoTB1Vua25vd24xEDAOBgNVBAsTB1Vu
a25vd24xEDAOBgNVBAMTB1Vua25vd24wHhcNMDMwODI4MTUyMjQ4WhcNMDMxMTI2MTUyMjQ4WjBs
MRAwDgYDVQQGEwdVbmtub3duMRAwDgYDVQQIEwdVbmtub3duMRAwDgYDVQQHEwdVbmtub3duMRAw
DgYDVQQKEwdVbmtub3duMRAwDgYDVQQLEwdVbmtub3duMRAwDgYDVQQDEwdVbmtub3duMIIBuDCC
ASwGByqGSM44BAEwggEfAoGBAP1/U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7
WT2NWPq/xfW6MPbLm1Vs14E7gB00b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E
+4P208UewwI1VBNaFpEy9nXzrith1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUC
gYEA9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6Ewo
FhO3zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWf
BpKLZl6Ae1UlZAFMO/7PSSoDgYUAAoGBAM3ggtd5Nk+c3yDnQWtejbjnKPMyxcWZq3zbgFeTsKz2
KuWHtX3kyYT75noYqwNHptP4tvW1S6ayNF1yKVWg/28XwT4KAMNj8dBJQ4K6xHcGP19SkfnGlBoh
hniQ8m6r6E8CX87VrcXAA3NwyfqxvVqsic1haEeTnnjdij1jKPCyMAsGByqGSM44BAMFAAMwADAt
AhUAhN8q+NKUhQNkM/4cTEHQvrl4xI0CFCbgfHawM6hvjAUWzcm2q231Jvfa</X509Certificate>

  </X509Data>
<KeyValue>
<DSAKeyValue>

<P>/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA
HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
K2HXKu/yIgMZndFIAcc=</P>
  <Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</Q>

<G>9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL
Zl6Ae1UlZAFMO/7PSSo=</G>

<Y>zeCC13k2T5zfIOdBa16NuOco8zLFxZmrfNuAV5OwrPYq5Ye1feTJhPvmehirA0em0/i29bVLprI0
XXIpVaD/bxfBPgoAw2Px0ElDgrrEdwY/X1KR+caUGiGGeJDybqvoTwJfztWtxcADc3DJ+rG9WqyJ
zWFoR5OeeN2KPWMo8LI=</Y>
  </DSAKeyValue>
  </KeyValue>
  </KeyInfo>
  </Signature>
</Data>

       String keystoreType = "JKS";
      String keystoreFile = "keystore.jks";
      String keystorePass = "xmlsecurity";
      String privateKeyAlias = "test";
      String privateKeyPass = "xmlsecurity";
      String certificateAlias = "test";
      File signatureFile = new File("signature.xml");


      File signatureFile = new File("signature.xml");
      KeyStore ks = KeyStore.getInstance(keystoreType);
      FileInputStream fis = new FileInputStream(keystoreFile);
      ks.load(fis, keystorePass.toCharArray());
      PrivateKey privateKey = (PrivateKey) ks.getKey(privateKeyAlias,
                                             privateKeyPass.toCharArray());
      javax.xml.parsers.DocumentBuilderFactory dbf =
      javax.xml.parsers.DocumentBuilderFactory.newInstance();
     javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();

      org.w3c.dom.Document doc  = db.parse(signatureFile );
      Element  sourceElement = doc.getDocumentElement();
       String BaseURI = signatureFile.toURL().toString();
      XMLSignature sig = new XMLSignature(doc, BaseURI ,
                                          XMLSignature.ALGO_ID_SIGNATURE_DSA
);
      sourceElement.appendChild(sig.getElement());
      Transforms transforms = new Transforms(doc);
      transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
      transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
      sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
        X509Certificate cert =
            (X509Certificate) ks.getCertificate(certificateAlias);

         sig.addKeyInfo(cert);
         sig.addKeyInfo(cert.getPublicKey());
         System.out.println("Start signing");
         sig.sign(privateKey);
         System.out.println("Finished signing");

      FileOutputStream f = new FileOutputStream(signatureFile);

      XMLUtils.outputDOMc14nWithComments(doc, f);