You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Sean Mullan <Se...@Sun.COM> on 2007/06/01 15:53:30 UTC
Re: DOMKeyValue and org.jcp.xml.dsig.internal.dom.DOMStructure versus
javax.xml.crypto.dom.DOMStructure
Clifford Johnson wrote:
> I'm attempting to use the 1.4.1 Java reference implementation to process
> an XML KeyInfo element and am running into an issue with the KeyValue
> object returned. At the moment, I can have a DSAKeyValue, an
> RSAKeyValue, or an ECDSAKeyValue element in the KeyValue element. The
> current DOMKeyValue implementation handles the DSA and RSA keys but not
> the ECDSA keys - that's OK.
>
> The problem comes when I attempt to cast the KeyValue object returned to
> a DOMStructure object to get the DOM Node (using DOMStructure.getNode)
> so I can process the ECDSA key myself ... I get a ClassCastException
> because the DOMKeyValue object extends
> org.jcp.xml.dsig.internal.dom.DOMStructure instead of extending
> javax.xml.crypto.dom.DOMStructure.
>
> The DOMKeyValue implementation keeps a reference to the unsupported
> javax.xml.crypto.dom.DOMStructure but doesn't provide a means of
> accessing it and org.jcp.xml.dsig.internal.dom.DOMStructure doesn't
> provide access to the underlying DOM Node.
>
> Short of processing the KeyInfo element myself, does anyone have any
> suggestions for getting around this limitation? [My application is
> targeted at Java 5 -- I'm just trying to use as much "standard" XML code
> as possible at this point.]
Not really, I think you would have to find the ECDSAKeyValue element
yourself.
> I don't know the history of this capability of the library ... am I just
> trying to use this capability of the library too soon? (My expectation
> is that any XMLStructure object returned from a getContents call built
> using a DOM factory would be castable to a DOMStructure object so I can
> make a getNode call.)
Yes. It seems like it should. I'll open an RFE to address this.
--Sean
Re: DOMKeyValue and org.jcp.xml.dsig.internal.dom.DOMStructure versus
javax.xml.crypto.dom.DOMStructure
Posted by Wolfgang Glas <wo...@ev-i.at>.
Sean Mullan schrieb:
> Clifford Johnson wrote:
>> I'm attempting to use the 1.4.1 Java reference implementation to process
>> an XML KeyInfo element and am running into an issue with the KeyValue
>> object returned. At the moment, I can have a DSAKeyValue, an
>> RSAKeyValue, or an ECDSAKeyValue element in the KeyValue element. The
>> current DOMKeyValue implementation handles the DSA and RSA keys but not
>> the ECDSA keys - that's OK.
>>
>> The problem comes when I attempt to cast the KeyValue object returned to
>> a DOMStructure object to get the DOM Node (using DOMStructure.getNode)
>> so I can process the ECDSA key myself ... I get a ClassCastException
>> because the DOMKeyValue object extends
>> org.jcp.xml.dsig.internal.dom.DOMStructure instead of extending
>> javax.xml.crypto.dom.DOMStructure.
>>
>> The DOMKeyValue implementation keeps a reference to the unsupported
>> javax.xml.crypto.dom.DOMStructure but doesn't provide a means of
>> accessing it and org.jcp.xml.dsig.internal.dom.DOMStructure doesn't
>> provide access to the underlying DOM Node.
>>
>> Short of processing the KeyInfo element myself, does anyone have any
>> suggestions for getting around this limitation? [My application is
>> targeted at Java 5 -- I'm just trying to use as much "standard" XML code
>> as possible at this point.]
>
> Not really, I think you would have to find the ECDSAKeyValue element
> yourself.
>
>> I don't know the history of this capability of the library ... am I just
>> trying to use this capability of the library too soon? (My expectation
>> is that any XMLStructure object returned from a getContents call built
>> using a DOM factory would be castable to a DOMStructure object so I can
>> make a getNode call.)
>
>
> Yes. It seems like it should. I'll open an RFE to address this.
Please open a RFE issue at bugzilla, add me to CC and file some test
vectors there. I've recently patched the ECDSA signature engine in order
to verify signatures from the austrian national ID card
(www.buergerkarte.at):
http://issues.apache.org/bugzilla/show_bug.cgi?id=42239
ECDSAKeyValue is definitely unimplemented and I was unable to receive
Testvectors from iaik.tugraz.ac.at. That's the reason, why I did not
tackle this issue at the time I fixed the ECDSA signature validation.
Regards,
Wolfgang