santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Raul Benito <raul.benito.gar...@gmail.com>
Subject Re: Canonicalization problem of XML containing a XML signature
Date Wed, 09 Feb 2005 09:56:13 GMT
Sorry for the delay answering,
I think that your problems will be solved if you include an exclusive
tranformation in your reference digesting.

Regards,

Raul
http://r-bg.com

On Tue, 25 Jan 2005 17:07:28 +0100, Cédric POTHIN
<cedric.pothin@cegetel.fr> wrote:
> Sorry I forget to say that I use the last source code
> from CVS and the associated library.
> 
> Cédric
> 
> -----Message d'origine-----
> De : Cédric POTHIN [mailto:cedric.pothin@cegetel.fr]
> Envoyé : mardi 25 janvier 2005 15:54
> À : security-dev@xml.apache.org
> Objet : Canonicalization problem of XML containing a XML signature
> 
> Hi all,
> 
> I have a strange issue regarding the canoncicalization
> of a XML Document containing a XML signature. This
> canonicalization is required to insert a signature
> value of the whole document at the end of the document.
> 
> If I don't insert the XML signature in my document
> the canonicalization is ok. If I insert the XML
> signature the canonicalization failed : some parts
> of the document is not canonicalized.
> 
> Here is the input/output of the canonicalization.
> 
> And also the code that do the exclusive c14n canonicalization.
> and the xml signature
> 
> Any clue ?
> 
> Thanks in advance for any answers/help.
> 
> Cédric
> 
> Input of the canonicalization :
> -----------------------------------
> 
> <?xml version="1.0" encoding="UTF-8"?>
> <roap:roResponse status="Success"
>     xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
>     xmlns:o-dd="http://odrl.net/1.1/ODREL-DD"
>     xmlns:o-ex="http://odrl.net/1.1/ODREL-EX"
>     xmlns:roap="urn:oma:bac:dldrm:roap-1.0"
>     xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> xmlns:xsi="http://www/w3.org/2001/XMLSchema-instance">
>     <deviceID>
>         <keyIdentifier xsi:type="roap:X509SPKIHash">
>             <hash>DegpKHcvpl96B92Vw/5jkUyXRd4=</hash>
>         </keyIdentifier>
>     </deviceID>
>     <riID>
>         <keyIdentifier xsi:type="roap:X509SPKIHash">
>             <hash>sk+4JImZCG+IV4/c+Pw9FeAbhuc=</hash>
>         </keyIdentifier>
>     </riID>
>     <Nonce>327612312</Nonce>
>     <protectedRO>
>         <ro id="1" stateful="true" version="1.0">
>             <riID>
>                 <keyIdentifier xsi:type="roap:X509SPKIHash">
>                     <hash>sk+4JImZCG+IV4/c+Pw9FeAbhuc=</hash>
>                 </keyIdentifier>
>             </riID>
>             <o-ex:rights o-ex:id="REL0">
>                 <o-ex:context>
>                     <o-dd:version>2.0</o-dd:version>
>                 </o-ex:context>
>                 <o-ex:agreement>
>                     <o-ex:asset>
>                         <o-ex:context>
>                             <o-dd:version>2.0</o-dd:version>
>                             <o-dd:uid>cid:591426543@vodafone.com</o-dd:uid>
>                         </o-ex:context>
>                         <o-ex:digest>
>                             <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> 
> <ds:DigestValue>OV1+vvou4r5fEKDBvpI3eztkYNM=</ds:DigestValue>
>                         </o-ex:digest>
>                         <ds:KeyInfo>
>                             <xenc:EncryptedKey>
>                                 <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"/>
>                                 <xenc:CipherData>
> 
> <xenc:CipherValue>Epp1k8KfMBqg+SYNCiZSwr1OVmuZHZiP</xenc:CipherValue>
>                                 </xenc:CipherData>
>                             </xenc:EncryptedKey>
>                             <ds:RetrievalMethod
> ds:URI="K_REK_and_K_MAC_984511788"/>
>                         </ds:KeyInfo>
>                     </o-ex:asset>
>                     <o-ex:permission>
>                         <o-dd:play>
>                             <o-ex:constraint>
>                                 <o-dd:count>3</o-dd:count>
>                             </o-ex:constraint>
>                         </o-dd:play>
>                     </o-ex:permission>
>                 </o-ex:agreement>
>             </o-ex:rights>
>             <encKey id="K_REK_and_K_MAC_984511788">
>                 <xenc:EncryptionMethod
> Algorithm="http://www.rsasecurity.com/rsalabs/xmlpkcs-1#rsaes-kem-kdf2-kw-ae
> s128"/>
>                 <ds:KeyInfo>
>                     <roap:X509SPKIHash>
>                         <hash>DegpKHcvpl96B92Vw/5jkUyXRd4=</hash>
>                     </roap:X509SPKIHash>
>                 </ds:KeyInfo>
>                 <xenc:CipherData>
> 
> <xenc:CipherValue>LV+KUMGjcr/f8QejPkUcYjHw5mRvxxE+thVnweQgk/Kv28qPZZ9XrEXbKj
> 48YkefWHXviZWKon7Wc9dbTft+Rdib2HuFb5l8N50hXAQXFfQAf/BpGdz+sVna8UODthK4Ftp4yw
> 3ciVmFUCg31NmkUYgl8ItSwvPKBTZrLLUb8wnRUXRoyy7WBxUt75Q8sWVj2reZBoQJN3l8gJx5nj
> bZ60iiDTf5gyzx</xenc:CipherValue>
>                 </xenc:CipherData>
>             </encKey>
>         </ro>
>         <ds:Signature>
>             <ds:SignedInfo>
>                 <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>                 <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
>                 <ds:Reference URI="#1">
>                     <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> 
> <ds:DigestValue>IRoycDtXfjqE/ZW+oeoxyvKaej8=</ds:DigestValue>
>                 </ds:Reference>
>             </ds:SignedInfo>
> 
> <ds:SignatureValue>jggZZU/GpMAI/Sg0dcIYiMdeNL8=</ds:SignatureValue>
>             <ds:KeyInfo>
>                 <ds:RetrievalMethod URI="#K_REK_and_K_MAC_984511788"/>
>             </ds:KeyInfo>
>         </ds:Signature>
>     </protectedRO>
>     <certificateChain>
> 
> <certificate>MIICXTCCAcYCAQIwDQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCZnIxETAPBgN
> VBAgTCEdSRU5PQkxFMRMwEQYDVQQHEwpNT05UQk9OTk9UMREwDwYDVQQKEwhJTk9WQVRFTDEQMA4
> GA1UECxMHRFJNVEVBTTEfMB0GA1UEAxMWU1VCIENBIEZPUiBSSSBPTUFEUk1WMjAeFw0wNDA1Mjg
> wODQ1MjhaFw0xNTA1MDEwODQ1MjhaMHMxCzAJBgNVBAYTAkZSMREwDwYDVQQIEwhHUkVOT0JMRTE
> TMBEGA1UEBxMKTU9OVEJPTk5PVDEQMA4GA1UEChMHRFJNVEVBTTELMAkGA1UECxMCUkkxHTAbBgN
> VBAMTFENFUi4gRk9SIFJJIE9NQURSTVYyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMYTY
> jrPe8/lvp+5mdefXNnji23soZAe+oNJK8+5JBeJ6mNKWvjzgr4BJAnXaCwLncyOJxBeovAiAPXFk
> D/54FrWMOpO9Oa5oZliCseEAQL082VDnAMN0rrPgt5aREjd2DIpO96dieMYbyvDXIMrLf+iGVH+K
> UKVyN51gw0O4v1QIDAQABMA0GCSqGSIb3DQEBBQUAA4GBAI7s6ZygePOS21yWxUZflLvTe96BERl
> Qbroj6Hiic3jLyE4nYuvbuoDoXRiiuzcNbWPRSqJkabBvcB8+8yi1NuIe6/SoiKjNpCZKNl8wX47
> cAiBv+DEBnBkH/9LpFOllD1hDRqNj2Tx5k9l53DR7+qb6WHrrB6vLTCESU2wqlm/q</certifica
> te>
> 
> <certificate>MIIC4zCCAcsCAQEwDQYJKoZIhvcNAQEFBQAweDELMAkGA1UEBhMCRlIxETAPBgN
> VBAgTCEdSRU5PQkxFMRMwEQYDVQQHEwpNT05UQk9OTk9UMQwwCgYDVQQKEwNTRlIxETAPBgNVBAs
> TCElOT1ZBVEVMMSAwHgYDVQQDExdST09UIENBIEZPUiBSSSBPTUFEUk1WMjAeFw0wNDA1MjgwODQ
> xMDVaFw0xNTA1MDkwODQxMDVaMHsxCzAJBgNVBAYTAmZyMREwDwYDVQQIEwhHUkVOT0JMRTETMBE
> GA1UEBxMKTU9OVEJPTk5PVDERMA8GA1UEChMISU5PVkFURUwxEDAOBgNVBAsTB0RSTVRFQU0xHzA
> dBgNVBAMTFlNVQiBDQSBGT1IgUkkgT01BRFJNVjIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoG
> BANUS8I0gXPWIPTVnj2BotBNht+EdZh1MhSZ1DCKPeV7EOk7pCi2IGJRByTxIV6PAAabo1BKo+LD
> dfw9bfj20K3sdExd6KIm3lk0eFTw4mg7al8I0wUzIvUqJl/yxiiYfSjEAEhM0VhcgokqMkVCZ8Za
> XceWUXIhohX6dafJfPKdFAgMBAAEwDQYJKoZIhvcNAQEFBQADggEBAA5Kfglfd6z0phqk56Y758S
> /XhPa18jy2VvnIxk27G/Wp5OZvmtL5kyppJBZISkNrKbFtKmyoJkGjDj/wxCTFyb3nuxXZBBtjEr
> x8YsopGPs+dXe7v/gAaCYkDAAIuiAxa5FigPKkbZi/62MkHWcqE06Gf7b9O9cHx7xfKn9Snjvkwk
> jpbrMKZhpHI8ar1AgNy9UHxUsT5n0paHv7h3qnNEkQlTH7IYsfb6QsXADw1qswrI4xapyy7VszS0
> 1S3i1H1WhxytC/R7qzoP0c8kQW+T0H/vTAwTojsoNeOq9H6exRUSogz2jD4PNREt9bQyCfqARFhm
> QKZ5ipLL/DbXL/tg=</certificate>
>     </certificateChain>
> </roap:roResponse>
> 
> Output of the canonicalization :
> ----------------------------------
> 
> <roap:roResponse xmlns:roap="urn:oma:bac:dldrm:roap-1.0"
> status="Success"><deviceID><keyIdentifier
> xsi:type="roap:X509SPKIHash"><hash>DegpKHcvpl96B92Vw/5jkUyXRd4=</hash></keyI
> dentifier></deviceID><riID><keyIdentifier
> xsi:type="roap:X509SPKIHash"><hash>sk+4JImZCG+IV4/c+Pw9FeAbhuc=</hash></keyI
> dentifier></riID><Nonce>327612312</Nonce><protectedRO><ro
id="1"
> stateful="true" version="1.0"><riID><keyIdentifier
> xsi:type="roap:X509SPKIHash"><hash>sk+4JImZCG+IV4/c+Pw9FeAbhuc=</hash></keyI
> dentifier></riID><o-ex:rights xmlns:o-ex="http://odrl.net/1.1/ODREL-EX"
> o-ex:id="REL0">
>     <o-ex:context>
>         <o-dd:version
> xmlns:o-dd="http://odrl.net/1.1/ODREL-DD">2.0</o-dd:version>
>     </o-ex:context>
>     <o-ex:agreement>
>         <o-ex:asset>
>             <o-ex:context>
>                 <o-dd:version
> xmlns:o-dd="http://odrl.net/1.1/ODREL-DD">2.0</o-dd:version>
>                 <o-dd:uid
> xmlns:o-dd="http://odrl.net/1.1/ODREL-DD">cid:591426543@vodafone.com</o-dd:u
> id>
>             </o-ex:context>
>             <o-ex:digest>
>                 <ds:DigestMethod
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
>                 <ds:DigestValue
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">OV1+vvou4r5fEKDBvpI3eztkYNM=</
> ds:DigestValue>
>             </o-ex:digest>
>             <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>                 <xenc:EncryptedKey
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
>                     <xenc:EncryptionMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#kw-aes128"></xenc:EncryptionMeth
> od>
>                     <xenc:CipherData>
> 
> <xenc:CipherValue>Epp1k8KfMBqg+SYNCiZSwr1OVmuZHZiP</xenc:CipherValue>
>                     </xenc:CipherData>
>                 </xenc:EncryptedKey>
>                 <ds:RetrievalMethod
> ds:URI="K_REK_and_K_MAC_984511788"></ds:RetrievalMethod>
>             </ds:KeyInfo>
>         </o-ex:asset>
>         <o-ex:permission>
>             <o-dd:play xmlns:o-dd="http://odrl.net/1.1/ODREL-DD">
>                 <o-ex:constraint>
>                     <o-dd:count>3</o-dd:count>
>                 </o-ex:constraint>
>             </o-dd:play>
>         </o-ex:permission>
>     </o-ex:agreement>
> </o-ex:rights><encKey id="K_REK_and_K_MAC_984511788"><xenc:EncryptionMethod
> Algorithm="http://www.rsasecurity.com/rsalabs/xmlpkcs-1#rsaes-kem-kdf2-kw-ae
> s128"></xenc:EncryptionMethod><ds:KeyInfo><roap:X509SPKIHash><hash>DegpKHcvp
> l96B92Vw/5jkUyXRd4=</hash></roap:X509SPKIHash></ds:KeyInfo><xenc:CipherData>
> <xenc:CipherValue>LV+KUMGjcr/f8QejPkUcYjHw5mRvxxE+thVnweQgk/Kv28qPZZ9XrEXbKj
> 48YkefWHXviZWKon7Wc9dbTft+Rdib2HuFb5l8N50hXAQXFfQAf/BpGdz+sVna8UODthK4Ftp4yw
> 3ciVmFUCg31NmkUYgl8ItSwvPKBTZrLLUb8wnRUXRoyy7WBxUt75Q8sWVj2reZBoQJN3l8gJx5nj
> bZ60iiDTf5gyzx</xenc:CipherValue></xenc:CipherData></encKey></ro><ds:Signatu
> re xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMet
> hod>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"></ds:SignatureMethod
> >
> <ds:Reference URI="#1">
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>IRoycDtXfjqE/ZW+oeoxyvKaej8=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>jggZZU/GpMAI/Sg0dcIYiMdeNL8=</ds:SignatureValue>
> <ds:KeyInfo>
> <ds:RetrievalMethod URI="#K_REK_and_K_MAC_984511788"></ds:RetrievalMethod>
> </ds:KeyInfo>
> </ds:Signature></protectedRO><certificateChain><certificate>MIICXTCCAcYCAQIw
> DQYJKoZIhvcNAQEFBQAwezELMAkGA1UEBhMCZnIxETAPBgNVBAgTCEdSRU5PQkxFMRMwEQYDVQQH
> EwpNT05UQk9OTk9UMREwDwYDVQQKEwhJTk9WQVRFTDEQMA4GA1UECxMHRFJNVEVBTTEfMB0GA1UE
> AxMWU1VCIENBIEZPUiBSSSBPTUFEUk1WMjAeFw0wNDA1MjgwODQ1MjhaFw0xNTA1MDEwODQ1Mjha
> MHMxCzAJBgNVBAYTAkZSMREwDwYDVQQIEwhHUkVOT0JMRTETMBEGA1UEBxMKTU9OVEJPTk5PVDEQ
> MA4GA1UEChMHRFJNVEVBTTELMAkGA1UECxMCUkkxHTAbBgNVBAMTFENFUi4gRk9SIFJJIE9NQURS
> TVYyMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDMYTYjrPe8/lvp+5mdefXNnji23soZAe+o
> NJK8+5JBeJ6mNKWvjzgr4BJAnXaCwLncyOJxBeovAiAPXFkD/54FrWMOpO9Oa5oZliCseEAQL082
> VDnAMN0rrPgt5aREjd2DIpO96dieMYbyvDXIMrLf+iGVH+KUKVyN51gw0O4v1QIDAQABMA0GCSqG
> SIb3DQEBBQUAA4GBAI7s6ZygePOS21yWxUZflLvTe96BERlQbroj6Hiic3jLyE4nYuvbuoDoXRii
> uzcNbWPRSqJkabBvcB8+8yi1NuIe6/SoiKjNpCZKNl8wX47cAiBv+DEBnBkH/9LpFOllD1hDRqNj
> 2Tx5k9l53DR7+qb6WHrrB6vLTCESU2wqlm/q</certificate><certificate>MIIC4zCCAcsCA
> QEwDQYJKoZIhvcNAQEFBQAweDELMAkGA1UEBhMCRlIxETAPBgNVBAgTCEdSRU5PQkxFMRMwEQYDV
> QQHEwpNT05UQk9OTk9UMQwwCgYDVQQKEwNTRlIxETAPBgNVBAsTCElOT1ZBVEVMMSAwHgYDVQQDE
> xdST09UIENBIEZPUiBSSSBPTUFEUk1WMjAeFw0wNDA1MjgwODQxMDVaFw0xNTA1MDkwODQxMDVaM
> HsxCzAJBgNVBAYTAmZyMREwDwYDVQQIEwhHUkVOT0JMRTETMBEGA1UEBxMKTU9OVEJPTk5PVDERM
> A8GA1UEChMISU5PVkFURUwxEDAOBgNVBAsTB0RSTVRFQU0xHzAdBgNVBAMTFlNVQiBDQSBGT1IgU
> kkgT01BRFJNVjIwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBANUS8I0gXPWIPTVnj2BotBNht
> +EdZh1MhSZ1DCKPeV7EOk7pCi2IGJRByTxIV6PAAabo1BKo+LDdfw9bfj20K3sdExd6KIm3lk0eF
> Tw4mg7al8I0wUzIvUqJl/yxiiYfSjEAEhM0VhcgokqMkVCZ8ZaXceWUXIhohX6dafJfPKdFAgMBA
> AEwDQYJKoZIhvcNAQEFBQADggEBAA5Kfglfd6z0phqk56Y758S/XhPa18jy2VvnIxk27G/Wp5OZv
> mtL5kyppJBZISkNrKbFtKmyoJkGjDj/wxCTFyb3nuxXZBBtjErx8YsopGPs+dXe7v/gAaCYkDAAI
> uiAxa5FigPKkbZi/62MkHWcqE06Gf7b9O9cHx7xfKn9SnjvkwkjpbrMKZhpHI8ar1AgNy9UHxUsT
> 5n0paHv7h3qnNEkQlTH7IYsfb6QsXADw1qswrI4xapyy7VszS01S3i1H1WhxytC/R7qzoP0c8kQW
> +T0H/vTAwTojsoNeOq9H6exRUSogz2jD4PNREt9bQyCfqARFhmQKZ5ipLL/DbXL/tg=</certifi
> cate></certificateChain></roap:roResponse>
> 
> The code that do the canonicalization and sign at
> the end of the document construction process :
> ---------------------------------------------------
> 
>             try
>             {
>                 // Open keystore
>                 ks = KeyStore.getInstance("JKS");
>                 fis = new FileInputStream(riKeystore);
>                 ks.load(fis, passwd.toCharArray());
> 
>                 // Get private key from key store
>                 log.info("extracting the RI's private Key from the keystore
> file for alias : ");
>                 privateKey = (java.security.interfaces.RSAPrivateKey)
> ks.getKey(privateKeyAlias, passwd.toCharArray());
> 
>                 // Get modulus and exponent of the provate Key
>                 modulus = privateKey.getModulus();
>                 exponent = privateKey.getPrivateExponent();
>                 log.debug("modulus  of the private key is : " + modulus);
>                 log.debug("exponent of the private key is : " + exponent);
> 
>                 canonicalize =
> Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
>                 byte[] data = canonicalize.canonicalizeSubtree(doc);
> 
>                 try
>                 {
>                    javax.xml.parsers.DocumentBuilderFactory dbf =
> javax.xml.parsers.DocumentBuilderFactory.newInstance();
>                    dbf.setNamespaceAware(true);
>                    javax.xml.parsers.DocumentBuilder db =
> dbf.newDocumentBuilder();
>                    ByteArrayOutputStream ee = new ByteArrayOutputStream();
>                    //XMLUtils.outputDOM(doc3, ee);
>                    XMLUtils.outputDOMc14nWithComments(doc, ee);
>                    Document inputDoc = db.parse(new
> ByteArrayInputStream(ee.toByteArray()));
>                    ////////////
>                    StringWriter strOut = new StringWriter();
>                    OutputFormat format = new OutputFormat();
>                    format.setIndenting(true);
>                    XMLSerializer XMLSerial = new XMLSerializer(strOut,
> format);
>                    XMLSerial.asDOMSerializer().serialize(inputDoc);
>                    log.debug("2 pass doc=" + strOut.toString());
>                    log.debug("2 pass doc canonicalized=" + new
> String(data));
>                 }
>                 catch (Exception e) {}
> 
>                 // Intialize signature
>                 rsaKeyParam = new RSAKeyParameters(true, modulus, exponent);
>                 signer = new PSSSigner(rsaEngine, sha1Digest, 20);
>                 signer.init(true, new ParametersWithRandom(rsaKeyParam,
> secureRand));
> 
>                 signer.update(data, 0, data.length);
> 
>                 //Computing signature
>                 sig = signer.generateSignature();
>                 signature = doc.createElement("signature");
>                 signature.appendChild(doc.createTextNode(new
> String(Base64.encode(sig), "ASCII")));
>                 Element root = doc.getDocumentElement();
>                 root.appendChild(signature);
>             }
> 
> The code that do the XML Signature during the documents
>  construction process :
> ---------------------------------------------------
> 
> // Starting the Mac calculation
>                 log.info("starting Mac calculation"); // Canonicalize the
> doc
>                 Element nscontext = XMLUtils.createDSctx(doc, "ds",
> Constants.SignatureSpecNS);
>                 try
>                 {
>                 Node signedInfo = XPathAPI.selectSingleNode(doc,
> "//ds:SignedInfo",  nscontext);
>                 }
>                 catch (TransformerException e){
> 
>                 }
> 
>                 XMLSignature sig = new XMLSignature(doc, (String) null,
> XMLSignature.ALGO_ID_MAC_HMAC_SHA1,
>                         Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
> 
>                 protectedRO.appendChild(sig.getElement());
> 
>                 sig.addDocument("#" + referenceURI, (Transforms) null,
> Constants.ALGO_ID_DIGEST_SHA1);
>                 // using the MAc key to sign the ROPlayload
>                 sig.sign(mac);
>                 if (retrievalMethodURI != null)
>                  retrieveMethod = new RetrievalMethod(doc, "#" +
> retrievalMethodURI, (Transforms) null, (String) null);
>                 if (retrieveMethod == null)
>                   log .error("retrieveMethod is null");
>                 else
>                   sig.getKeyInfo().add(retrieveMethod);
>                 log.info("Mac tag is inserted into the ROPayload");
> 
>

Mime
View raw message