You are viewing a plain text version of this content. The canonical link for it is here.
Posted to java-user@axis.apache.org by Andrius <an...@kada.lt> on 2004/08/17 13:35:14 UTC
XML signature
Hi,
I'm using a client side handler to sign a SOAP message before it is
sent to the axis web. Which seems to work fine, I can verify the
signature validity after signing it. But when the web service
receives this message it fails to validate the signature and throws
a NullPointerException. My server side handler code looks like this:
public class VerificationHandler extends BasicHandler
{
static
{
org.apache.xml.security.Init.init();
}
public void invoke(MessageContext ctx) throws AxisFault
{
try
{
String BaseURI = "http://xml-security";
Message req_msg = ctx.getRequestMessage();
Document doc=req_msg.getSOAPEnvelope().getAsDocument();
Element nsctx = doc.createElement("nsctx");
nsctx.setAttribute("xmlns:ds", Constants.SignatureSpecNS);
Element signatureElem=(Element)XPathAPI.selectSingleNode(doc,"//ds:Signature",nsctx);
if(signatureElem==null)
{
System.out.println("The document is not signed");
throw new RemoteException("Document is not signed!");
}
XMLSignature sig=new XMLSignature(signatureElem, BaseURI);
SignedInfo sinfo = sig.getSignedInfo();
PublicKey pubkey = sig.getKeyInfo().getPublicKey();
System.out.println("checking...");
boolean valid=sig.checkSignatureValue(pubkey); // <---FAILS HERE---
System.out.println("done");
if(!valid)
{
System.out.println("The document signature was forged!");
throw new RemoteException("The document signature was forged!");
}
else System.out.println("The document signature is VALID!");
}
catch(Exception e)
{
throw AxisFault.makeFault(e);
}
}
}
The strange thing is that sometimes it works and sometimes it throws
an exception, I spent a whole day debuging but couldn't figure out
what makes it behave like that. Anyone has any ideas? Thanks in advance.
Andrius