You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by gain knowledge <ga...@yahoo.com> on 2006/03/30 05:12:07 UTC

JCR10.5

I tried the XML signature with JSR10.5 (JWSDP).It doesn't use any keystore.I don't undestand how it generates a private to sign the document..But it pulls the URI content from the origianl place in the XML and pushs along with the signature element.It doesn't retain the content where it was in the XML file.
  Has any one explored JSR10.5 to see how it gets the private key?
  If so can you share your experience pls

		
---------------------------------
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.

Re: JCR10.5

Posted by Sean Mullan <Se...@Sun.COM>.

Hi,

Thanks for trying out JSR 105.

gain knowledge wrote:
> I tried the XML signature with JSR10.5 (JWSDP).It doesn't use any 
> keystore.I don't undestand how it generates a private to sign the 
> document..

Can you be more specific? It does not generate the signing key. It is up 
to the application to specify what key is used to sign the data. You can 
do this by specifying a Key parameter in the DOMSignContext object. 
Alternatively you can specify a KeySelector. You would need to implement 
a subclass of KeySelector that selected the appropriate signing key, 
perhaps by getting it from your KeyStore.

> But it pulls the URI content from the origianl place in the 
> XML and pushs along with the signature element.It doesn't retain the 
> content where it was in the XML file.

I'm not sure I understand what you mean. It should not move the 
referenced content. Can you provide some more details about what type of 
signature you are trying to create?

> Has any one explored JSR10.5 to see how it gets the private key?
> If so can you share your experience pls
> 
> ------------------------------------------------------------------------
> Yahoo! Messenger with Voice. Make PC-to-Phone Calls 
> <http://us.rd.yahoo.com/mail_us/taglines/postman1/*http://us.rd.yahoo.com/evt=39663/*http://voice.yahoo.com> 
> to the US (and 30+ countries) for 2¢/min or less.

--Sean

Re: JCR10.5

Posted by Sean Mullan <Se...@Sun.COM>.

gain knowledge wrote:
>  
>  
> Here is the sample code.Does any one have any thoughts on this

Yes, you haven't signed the document yet. After creating the KeyInfo, 
add the following lines:

XMLSignature sig = fac.newXMLSignature(si, ki, 
Collections.singletonList(obj), null, null);

sig.sign(new DOMSignContext(kp.getPrivate(), doc.getDocumentElement()));

HTH,
Sean

>  
> String providerName = System.getProperty("jsr105Provider", 
> "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
> XMLSignatureFactory fac = 
> XMLSignatureFactory.getInstance("DOM",(Provider) 
> Class.forName(providerName).newInstance());
> 
> // Create a Reference to the enveloped document (in this case we are
> // signing the whole document, so a URI of "" signifies that) and
> // also specify the SHA1 digest algorithm and the ENVELOPED Transform.
> Reference ref = fac.newReference ("#main", 
> fac.newDigestMethod(DigestMethod.SHA1, null),
> Collections.singletonList(fac.newTransform(Transform.ENVELOPED, 
> (TransformParameterSpec) null)),null, null);
> 
> 
> XMLStructure content = new DOMStructure(conElement);
> XMLObject obj = fac.newXMLObject
> (Collections.singletonList(content), "main", null, null);
> 
> 
> // Create the SignedInfo
> Signe dInfo si = 
> fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,(C14NMethodParameterSpec) 
> null),fac.newSignatureMethod(SignatureMethod.RSA_SHA1, 
> null),Collections.singletonList(ref));
> 
> // Create a DSA KeyPair
> KeyPairGenerator kpg = 
> KeyPairGenerator.getInstance("RSA");kpg.initialize(512);
> KeyPair kp = kpg.generateKeyPair();
> 
> // Create a KeyValue containing the DSA PublicKey that was generated
> KeyInfoFactory kif = fac.getKeyInfoFactory();
> KeyValue kv = kif.newKeyValue(kp.getPublic());
> 
> // Create a KeyInfo and add the KeyValue to it
> KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
> 
> /*NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, 
> "SignDocument");
> if (nl.getLength() == 0) {
> throw new Exception("Cannot find Signature element");
> }*/
> 
> //System.out.println("signature node found"+nl.item(0));
> 
> 
> */gain knowledge <ga...@yahoo.com>/* wrote:
> 
>     I tried the XML signature with JSR10.5 (JWSDP).It doesn't use any
>     keystore.I don't undestand how it generates a private to sign the
>     document..But it pulls the URI content from the origianl place in
>     the XML and pushs along with the signature element.It doesn't retain
>     the content where it was in the XML file.
>     Has any one explored JSR10.5 to see how it gets the private key?
>     If so can you share your experience pls
>     ------------------------------------------------------------------------
>     Yahoo! Messenger with Voice. Make PC-to-Phone Calls
>     <http://us.rd.yahoo.com/mail_us/taglines/postman1/*http://us.rd.yahoo.com/evt=39663/*http://voice.yahoo.com>
>     to the US (and 30+ countries) for 2¢/min or less.
> 
> 
> ------------------------------------------------------------------------
> Yahoo! Messenger with Voice. Make PC-to-Phone Calls 
> <http://us.rd.yahoo.com/mail_us/taglines/postman1/*http://us.rd.yahoo.com/evt=39663/*http://voice.yahoo.com> 
> to the US (and 30+ countries) for 2¢/min or less.

Re: JCR10.5

Posted by gain knowledge <ga...@yahoo.com>.

 
   
  Here is the sample code.Does any one have any thoughts on this
   
  String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",(Provider) Class.forName(providerName).newInstance());

// Create a Reference to the enveloped document (in this case we are
// signing the whole document, so a URI of "" signifies that) and
// also specify the SHA1 digest algorithm and the ENVELOPED Transform.
Reference ref = fac.newReference ("#main", fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList(fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)),null, null);


XMLStructure content = new DOMStructure(conElement);
XMLObject obj = fac.newXMLObject
(Collections.singletonList(content), "main", null, null);


// Create the SignedInfo
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,(C14NMethodParameterSpec) null),fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),Collections.singletonList(ref));

// Create a DSA KeyPair
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();

// Create a KeyValue containing the DSA PublicKey that was generated
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(kp.getPublic());

// Create a KeyInfo and add the KeyValue to it
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));

/*NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "SignDocument");
if (nl.getLength() == 0) {
throw new Exception("Cannot find Signature element");
}*/

//System.out.println("signature node found"+nl.item(0));


gain knowledge <ga...@yahoo.com> wrote:
    I tried the XML signature with JSR10.5 (JWSDP).It doesn't use any keystore.I don't undestand how it generates a private to sign the document..But it pulls the URI content from the origianl place in the XML and pushs along with the signature element.It doesn't retain the content where it was in the XML file.
  Has any one explored JSR10.5 to see how it gets the private key?
  If so can you share your experience pls
    
---------------------------------
  Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.

		
---------------------------------
Yahoo! Messenger with Voice. Make PC-to-Phone Calls to the US (and 30+ countries) for 2¢/min or less.