santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From def abc <anon742...@yahoo.fr>
Subject Re: Verify signature: bad for enveloped, ok for enveloping and detached.
Date Wed, 02 Feb 2005 17:35:06 GMT
 --- Sean Mullan <Sean.Mullan@Sun.COM> a écrit : 
> Close, but you are still creating a detached
> signature since the file: 
> URI is over content that is external to the document
> containing the 
> signature element. Change your Reference URI to "".

Okay, I understand the problem: the URI of my
reference references the initial document, whereas the
signed document should reference itself.
However, what do you suggest by 'change your Reference
URI to ""' ? I'm afraid I haven't understood.

I tried out this: 
- signature.addDocument(outputURI.toString(),
transforms); 
==> this fails with several exceptions (see below)

- signature.addDocument("", transforms) : is that what
you're suggesting ? 
==> still does not verify okay...

regards,

Axelle.

**** 
XMLSignature signature;
		
signature = new XMLSignature(input,
inputURI.toString(),
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
		
Transforms transforms = new Transforms(input);
     
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
        
signature.addDocument(outputURI.toString(),
transforms);
signature.sign(prvkey);
				
Element root = input.getDocumentElement();
		root.appendChild(signature.getElement());
				
XMLUtils.outputDOM(input, output);


*****
java.lang.NullPointerException
[MyXMLSigner] at
org.apache.xml.security.signature.XMLSignatureInput.getNodeSet(Unknown
Source)
[MyXMLSigner] at
org.apache.xml.security.signature.XMLSignatureInput.getNodeSet(Unknown
Source)
[MyXMLSigner] at
org.apache.xml.security.transforms.implementations.TransformEnvelopedSignature.enginePerformTransform(Unknown
Source)
[MyXMLSigner] at
org.apache.xml.security.transforms.TransformSpi.enginePerformTransform(Unknown
Source)
[MyXMLSigner] at
org.apache.xml.security.transforms.Transform.performTransform(Unknown
Source)
[MyXMLSigner] at
org.apache.xml.security.transforms.Transforms.performTransforms(Unknown
Source)
[MyXMLSigner] at
org.apache.xml.security.signature.Reference.getContentsAfterTransformation(Unknown
Source)
[MyXMLSigner] at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
Source)
[MyXMLSigner] at
org.apache.xml.security.signature.Reference.calculateDigest(Unknown
Source)
[MyXMLSigner] at
org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
Source)
[MyXMLSigner] at
org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
Source)
[MyXMLSigner] at
org.apache.xml.security.signature.XMLSignature.sign(Unknown
Source)
[MyXMLSigner] at
mysamples.MyXMLSigner.doEnvelopedSignature(Unknown
Source)






> 
> --Sean
> 
> def abc wrote:
> >  --- Jesse Pelton <jsp@PKC.com> a écrit : 
> > 
> >>You need to include the enveloped signature
> >>transformation specifically.  This serves to
> remove
> >>the signature element from the document before
> >>signing and verification.  This is required
> because
> >>the signature element changes during signing; if
> the
> >>original signature element were part of the signed
> >>content, the final signature would be invalid,
> >>because part of the signed content (the signature)
> >>would be different.  See
> >>
> > 
> >
>
http://www.w3.org/TR/xmldsig-core/#sec-EnvelopedSignature
> > 
> >>and
> >>http://www.w3.org/TR/xmldsig-core/#sec-Transforms.
> > 
> > 
> > Yep. You're right. 
> > The transform is within the Reference element,
> isn't
> > it ? And I get a different signature value,
> because
> > now the Transform element gets signed too, right ?
> > 
> > I've added the transform, but my signature still
> does
> > not validate...
> > 
> > I now have: 
> > 
> > <ds:SignedInfo>
> > <ds:CanonicalizationMethod
> >
>
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> > <ds:SignatureMethod
> >
>
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> >  <ds:Reference 
> > URI="file:/G:/prog/xml-security-1_2_0/misc.xml">
> >    <ds:Transforms>
> >      <ds:Transform
> >
>
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> >    </ds:Transforms>
> >    <ds:DigestMethod
> >
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> >
>
<ds:DigestValue>7uZSWomZ8W6sa3GI+e/XCygny2I=</ds:DigestValue>
> >  </ds:Reference>
> > </ds:SignedInfo>
> > 
> > ******************
> > This is how I sign it:
> > XMLSignature signature;
> > 		
> > signature = new XMLSignature(input,
> > inputURI.toString(),
> > XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
> > 		
> > Transforms transforms = new Transforms(input);
> >        
> >
>
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
> >         
> > signature.addDocument(inputURI.toString(),
> > transforms);
> > signature.sign(prvkey);
> > 
> > **************
> > This is how I verify it:
> > NodeList dsNodeList =
> > doc.getElementsByTagName("ds:Signature");
> > if (dsNodeList.getLength() == 0)
> > 	throw new IOException("No signature in file");
> > 		
> > Element dsElement = (Element) dsNodeList.item(0);
> > 				
> > XMLSignature signature = new
> XMLSignature(dsElement,
> > outputURI.toString());
> > return signature.checkSignatureValue(pubkey);
> > 
> > -- Axelle.
> > 
> > 
> > 
> > 
> > 	
> > 
> > 	
> > 		
> > Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace
> de stockage pour vos mails ! 
> > Créez votre Yahoo! Mail sur
> http://fr.mail.yahoo.com/
> 
>  


	

	
		
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails ! 
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/

Mime
View raw message