santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From <Ritesh.Aswa...@syntegra.com>
Subject RE: Help - DSIG Verification
Date Tue, 01 Mar 2005 19:19:55 GMT
Hi Raul,

Thanks for replying
Here are the files...

CreateRx.xml is the input xml document to be signed
xslt.xslt is the XSLT Transform file to be applied
sign.xml is the signed document containing the appended XML DSig Structure.

If I use the same XMLSignature object which has been used for signing to
verify, I have been able to verify successfully.

Looking forward to your help

Thanks
Ritesh


-----Original Message-----
From: Raul Benito [mailto:raul.benito.garcia@gmail.com] 
Sent: 01 March 2005 19:13
To: security-dev@xml.apache.org
Subject: Re: Help - DSIG Verification

Can you post your xml files, the two inputs and the outputs. Regards.

On Tue, 1 Mar 2005 12:54:29 -0000, Ritesh.Aswaney@syntegra.com
<Ritesh.Aswaney@syntegra.com> wrote:
> Hello Raul and everyone else,
> 
> Thanks for the pointer, but is there something specific that you can see
> which I m doing blatantly wrong, because I've stuck to the DSig sample and
> coded, so wonder why I can't verify the signature, when I m using the
correct
> keys.
> 
> One doubt, when I m not signing files, how does the Signature Verifier know
> where it has to resolve the document which it signed reference to? Also,
the
> verifier XMLSignature constructor, doesn't take any input algorithm. Is
that
> why I am not able to verify ?
> 
> Looking from pointers at u guys...
> Thanks,
> Ritesh
> 
> 
> -----Original Message-----
> From: Raul Benito [mailto:raul.benito.garcia@gmail.com]
> Sent: 01 March 2005 08:36
> To: security-dev@xml.apache.org
> Subject: Re: Help - DSIG Verification
> 
> I haven't look in enought detail on this, so I´m only going to answer
> the theoricall things.
> 
> On Fri, 25 Feb 2005 12:08:56 -0000, Ritesh.Aswaney@syntegra.com
> <Ritesh.Aswaney@syntegra.com> wrote:
> >
> >
> >
> > People,
> >
> >
> >
> > I've managed to create a DSIG with a XSLT Transform and exclusive
> > canonicalization.
> >
> > If someone can answer a few queries for me :
> >
> >
> >
> > 1)    With the code I've written below, can I be sure that the API
> > internally applies canonicalization and the XSLT Transform, before
> > calculating the Hash and finally the Signature Value ?
> Yes, the code always c14n everything that is going to be sign.
> >
> > 2)    When I invoke the verification call, it fails with the following
> > result :
> >
> >
> >
> > Gunna Sign
> >
> > Completed Signing
> >
> > Gunna Decode
> >
> > 25-Feb-2005 11:49:20 org.apache.xml.security.signature.Reference verify>
> 
> > INFO: Verification successful for URI ""
> >
> > Verification Result : false
> >
> > Completed Decoding
> >
> >
> It means that the hash is correct, but the signature not.
> >
> > Why is this verification failing ? When I m passing the correct public
> key...
> > and what does the log generated by the API signify ?
> >
> > Someone please help !  I have a deadline to meet...
> >
> >
> Sorry for not helping before.
> >
> >
> >
> > public class SampleTransformXSLT {
> >
> >
> >
> >    /**+
> >
> >     * Method main
> >
> >     *
> >
> >     * @param args
> >
> >     * @throws Exception
> >
> >     */
> >
> >    public static void main(String args[]) throws Exception {
> >
> >       org.apache.xml.security.Init.init();
> >
> >
> >
> >       //J-
> >
> >       String transformStr = convertFileToString(new
> > File("D:/eclipse/workspace/XMLDSig/dataFiles/xslt.xslt")) ;
> >
> >
> >
> >       String inputStr =convertFileToString(new
> > File("D:/eclipse/workspace/XMLDSig/dataFiles/CreateRx.xml")) ;
> >
> >       //J+
> >
> >       javax.xml.parsers.DocumentBuilderFactory dbf =
> >
> >          javax.xml.parsers.DocumentBuilderFactory.newInstance();
> >
> >
> >
> >       dbf.setNamespaceAware(true);
> >
> >
> >
> >       javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();>
> 
> >       org.w3c.dom.Document doc =
> >
> >          db.parse(new
> > java.io.ByteArrayInputStream(transformStr.getBytes()));
> >
> >
> >
> >
> >
> >       KeyPairGenerator pairGenerator =
KeyPairGenerator.getInstance("RSA");
> 
> >
> >       KeyPair keyPair = pairGenerator.generateKeyPair();
> >
> >       Document sourceDoc = db.parse(new
> > java.io.ByteArrayInputStream(inputStr.getBytes()));
> >
> >       Document transformDoc = db.parse(new
> > java.io.ByteArrayInputStream(transformStr.getBytes()));
> >
> >
> >
> >       XMLSignature signer = new
> > XMLSignature(sourceDoc,null,XMLSignature.ALGO_ID_SIGNATURE_RSA);
> >
> >
> >
> >       sourceDoc.getDocumentElement().appendChild(signer.getElement());
> >
> >
> >
> >       Transforms transforms = new Transforms(sourceDoc);
> >
> >
> >
> >       transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);>
> 
> >
> >
> >
> transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
> >
> >
> >
> >       Node xslElem = transformDoc.getDocumentElement();
> >
> >         Node xslElemImported = sourceDoc.importNode(xslElem, true);
> >
> >
> >
> >         transforms.addTransform(Transforms.TRANSFORM_XSLT,
> > (org.w3c.dom.Element)xslElemImported);
> >
> >
> >
> >       signer.addDocument("",transforms,Constants.ALGO_ID_DIGEST_SHA1);
> >
> >
> >
> >       signer.addKeyInfo(keyPair.getPublic());
> >
> >
> >
> >       System.out.println("Gunna Sign");
> >
> >       signer.sign(keyPair.getPrivate());
> >
> >       System.out.println("Completed Signing");
> >
> >
> >
> >       XMLUtils.outputDOM(signer.getDocument(),new FileOutputStream(new
> > File("D:/eclipse/workspace/XMLDSig/dataFiles/sign.xml")));
> >
> >
> >
> >
> >
> >       //call to verify
> >
> >       verify(keyPair.getPublic());
> >
> >
> >
> >    }
> >
> >
> >
> >
> >
> >
> >
> >       private static String convertFileToString(File file)
> >
> >       {
> >
> >             StringBuffer buffer = new StringBuffer();
> >
> >             try
> >
> >             {
> >
> >                   String line = null;
> >
> >                   FileInputStream fin = new FileInputStream(file);
> >
> >                   BufferedReader reader =
> >
> >                         new BufferedReader(new InputStreamReader(fin));>
> 
> >                   while ((line = reader.readLine()) != null)
> >
> >                   {
> >
> >                         buffer.append(line);
> >
> >                   }
> >
> >             }
> >
> >             catch (Exception exc)
> >
> >             {
> >
> >                   exc.printStackTrace();
> >
> >             }
> >
> >             return buffer.toString();
> >
> >       }
> >
> >
> >
> >       static
> >
> >       {
> >
> >             Init.init();
> >
> >       }
> >
> >
> >
> > }
> >
> >
> >
> > public static void verify(PublicKey publicKey) throws Exception {
> >
> >
> >
> >
> >
> >       //J-
> >
> >       String inputStr = convertFileToString(new
> > File("D:/eclipse/workspace/XMLDSig/dataFiles/sign.xml")) ;
> >
> >
> >
> >       javax.xml.parsers.DocumentBuilderFactory dbf =
> >
> >          javax.xml.parsers.DocumentBuilderFactory.newInstance();
> >
> >
> >
> >       dbf.setNamespaceAware(true);
> >
> >
> >
> >       javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();>
> 
> >
> >
> >       Document sourceDoc = db.parse(new
> > java.io.ByteArrayInputStream(inputStr.getBytes()));
> >
> >
> >
> >       Element dsigElement =
> > (Element)sourceDoc.getDocumentElement().getLastChild();
> >
> >
> >
> >       System.out.println(dsigElement.getNodeName());
> >
> >
> >
> >       XMLSignature signer = new XMLSignature(dsigElement,null);
> >
> >
> >
> >       System.out.println("Gunna Decode");
> >
> >       System.out.println(signer.checkSignatureValue(publicKey));
> >
> >       System.out.println("Completed Decoding");
> >
> >
> >
> >    }
> >
> 
> ********************************************************************
> 
> This email may contain information which is privileged or confidential. If
you are not the intended recipient of this email, please notify the sender
immediately and delete it without reading, copying, storing, forwarding or
disclosing its contents to any other person
> Thank you
> 
> Check us out at http://www.bt.com/consulting
> 
> ********************************************************************
> 
> 


-- 
http://r-bg.com


********************************************************************

This email may contain information which is privileged or confidential. If you are not the
intended recipient of this email, please notify the sender immediately and delete it without
reading, copying, storing, forwarding or disclosing its contents to any other person
Thank you

Check us out at http://www.bt.com/consulting

********************************************************************


Mime
View raw message