You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by def abc <an...@yahoo.fr> on 2005/02/07 15:24:01 UTC
Enveloped signature verification (with enveloped + C14N transform)
Hi all,
Sorry to bother you, but I still can't get it to
work...
My enveloping signature & my detached signature work,
but not the enveloped one. I've been checking the
CreateSignature example - seems pretty close to my
own... Or is it the verification that's wrong in my
case ?
Thanks for any hint...
Regards,
Axelle.
Creating the enveloped signature:
XMLSignature signature;
signature = new XMLSignature(input,
inputURI.toString(),
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
Transforms transforms = new Transforms(input);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
signature.addDocument("", transforms);
signature.sign(prvkey);
Element root = input.getDocumentElement();
root.appendChild(signature.getElement());
XMLUtils.outputDOM(input, output);
========
Verification code:
FileInputStream fis = new
FileInputStream(outputURI.getPath());
Document doc = db.parse(fis);
fis.close();
NodeList dsNodeList =
doc.getElementsByTagName("ds:Signature");
if (dsNodeList.getLength() == 0)
throw new IOException("No signature in file");
Element dsElement = (Element) dsNodeList.item(0);
XMLSignature signature = new XMLSignature(dsElement,
outputURI.toString());
return signature.checkSignatureValue(pubkey);
=============
XML file :
<policy xsi:schemaLocation="http://xxx /home/xxx">
<dsi_policy>
...
</dsi_policy>
<ds:Signature>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>7uZSWomZ8W6sa3GI+e/XCygny2I=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
BaUch43FSfEA4YFrFFp ....
</ds:SignatureValue>
</ds:Signature>
</policy>
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
Re: Enveloped signature verification (with enveloped + C14N transform)
Posted by def abc <an...@yahoo.fr>.
Hi Raul (and all ;-)),
> Change this:
>
transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
>
> for the exclusive c14n and it should work.
Unfortunately, my verification still fails !
I tried it with TRANSFORM_C14N_EXCL_OMIT_COMMENTS
and with TRANSFORM_C14N_EXCL_WITH_COMMENTS
and with TRANSFORM_C14N_WITH_COMMENTS
...
Another guess ? I really do not see the problem... but
maybe it's in how I verify the document ?
Regards,
Axelle.
> > Creating the enveloped signature:
> > XMLSignature signature;
> >
> > signature = new XMLSignature(input,
> > inputURI.toString(),
> > XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
> >
> > Transforms transforms = new Transforms(input);
> >
> >
>
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
> >
> >
>
transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
> >
> > signature.addDocument("", transforms);
> > signature.sign(prvkey);
> >
> > Element root = input.getDocumentElement();
> > root.appendChild(signature.getElement());
> >
> > XMLUtils.outputDOM(input, output);
> >
> > ========
> > Verification code:
> > FileInputStream fis = new
> > FileInputStream(outputURI.getPath());
> > Document doc = db.parse(fis);
> > fis.close();
> >
> > NodeList dsNodeList =
> > doc.getElementsByTagName("ds:Signature");
> > if (dsNodeList.getLength() == 0)
> > throw new IOException("No signature in
> file");
> >
> > Element dsElement = (Element) dsNodeList.item(0);
> >
> > XMLSignature signature = new
> XMLSignature(dsElement,
> > outputURI.toString());
> > return signature.checkSignatureValue(pubkey);
> >
> > =============
> > XML file :
> > <policy xsi:schemaLocation="http://xxx /home/xxx">
> > <dsi_policy>
> > ...
> > </dsi_policy>
> > <ds:Signature>
> > <ds:SignedInfo>
> > <ds:CanonicalizationMethod
> >
>
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> > <ds:SignatureMethod
> >
>
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> > <ds:Reference URI="">
> > <ds:Transforms>
> > <ds:Transform
> >
>
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> > <ds:Transform
> >
>
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> > </ds:Transforms>
> > <ds:DigestMethod
> >
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> >
>
<ds:DigestValue>7uZSWomZ8W6sa3GI+e/XCygny2I=</ds:DigestValue>
> > </ds:Reference>
> > </ds:SignedInfo>
> > <ds:SignatureValue>
> > BaUch43FSfEA4YFrFFp ....
> > </ds:SignatureValue>
> > </ds:Signature>
> > </policy>
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
Re: Enveloped signature verification (with enveloped + C14N transform)
Posted by Raul Benito <ra...@gmail.com>.
Change this:
transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
for the exclusive c14n and it should work.
Regards,
Raul
http://r-bg.com
On Mon, 7 Feb 2005 15:24:01 +0100 (CET), def abc <an...@yahoo.fr> wrote:
> Hi all,
> Sorry to bother you, but I still can't get it to
> work...
> My enveloping signature & my detached signature work,
> but not the enveloped one. I've been checking the
> CreateSignature example - seems pretty close to my
> own... Or is it the verification that's wrong in my
> case ?
> Thanks for any hint...
> Regards,
> Axelle.
>
> Creating the enveloped signature:
> XMLSignature signature;
>
> signature = new XMLSignature(input,
> inputURI.toString(),
> XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
>
> Transforms transforms = new Transforms(input);
>
> transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
>
> transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
>
> signature.addDocument("", transforms);
> signature.sign(prvkey);
>
> Element root = input.getDocumentElement();
> root.appendChild(signature.getElement());
>
> XMLUtils.outputDOM(input, output);
>
> ========
> Verification code:
> FileInputStream fis = new
> FileInputStream(outputURI.getPath());
> Document doc = db.parse(fis);
> fis.close();
>
> NodeList dsNodeList =
> doc.getElementsByTagName("ds:Signature");
> if (dsNodeList.getLength() == 0)
> throw new IOException("No signature in file");
>
> Element dsElement = (Element) dsNodeList.item(0);
>
> XMLSignature signature = new XMLSignature(dsElement,
> outputURI.toString());
> return signature.checkSignatureValue(pubkey);
>
> =============
> XML file :
> <policy xsi:schemaLocation="http://xxx /home/xxx">
> <dsi_policy>
> ...
> </dsi_policy>
> <ds:Signature>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <ds:Reference URI="">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> <ds:Transform
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>7uZSWomZ8W6sa3GI+e/XCygny2I=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> BaUch43FSfEA4YFrFFp ....
> </ds:SignatureValue>
> </ds:Signature>
> </policy>
>
> Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
> Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
>