Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 23169 invoked from network); 1 Mar 2005 19:13:09 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 1 Mar 2005 19:13:09 -0000 Received: (qmail 75602 invoked by uid 500); 1 Mar 2005 19:13:07 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 75575 invoked by uid 500); 1 Mar 2005 19:13:07 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Reply-To: security-dev@xml.apache.org Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 75561 invoked by uid 99); 1 Mar 2005 19:13:07 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests=RCVD_BY_IP,SPF_HELO_PASS,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: domain of raul.benito.garcia@gmail.com designates 64.233.170.193 as permitted sender) Received: from rproxy.gmail.com (HELO rproxy.gmail.com) (64.233.170.193) by apache.org (qpsmtpd/0.28) with ESMTP; Tue, 01 Mar 2005 11:13:05 -0800 Received: by rproxy.gmail.com with SMTP id z35so2270514rne for ; Tue, 01 Mar 2005 11:13:03 -0800 (PST) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:references; b=sya6YmfOCBC1TBC9CGwhHtrawVpLg9Ob1603sAbgvHUiuQI5tuKOdmWcBsdIImLS05yEgkq3+d6WZefpe6HL7icVlnrWo/14Jm5Iym1qa+eW2UxZ8AnPWFsXleLYumJZLZNKzHqk65onz3GcxxYr0Ss8/YN14IolvwIdyqIZ3u8= Received: by 10.38.15.37 with SMTP id 37mr118621rno; Tue, 01 Mar 2005 11:12:39 -0800 (PST) Received: by 10.38.97.79 with HTTP; Tue, 1 Mar 2005 11:12:39 -0800 (PST) Message-ID: <949ac941050301111269ce602c@mail.gmail.com> Date: Tue, 1 Mar 2005 20:12:39 +0100 From: Raul Benito Reply-To: raul@apache.org To: security-dev@xml.apache.org Subject: Re: Help - DSIG Verification In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable References: X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Can you post your xml files, the two inputs and the outputs. Regards. On Tue, 1 Mar 2005 12:54:29 -0000, Ritesh.Aswaney@syntegra.com wrote: > Hello Raul and everyone else, >=20 > Thanks for the pointer, but is there something specific that you can see > which I m doing blatantly wrong, because I've stuck to the DSig sample an= d > coded, so wonder why I can't verify the signature, when I m using the cor= rect > keys. >=20 > One doubt, when I m not signing files, how does the Signature Verifier kn= ow > where it has to resolve the document which it signed reference to? Also, = the > verifier XMLSignature constructor, doesn't take any input algorithm. Is t= hat > why I am not able to verify ? >=20 > Looking from pointers at u guys... > Thanks, > Ritesh >=20 >=20 > -----Original Message----- > From: Raul Benito [mailto:raul.benito.garcia@gmail.com] > Sent: 01 March 2005 08:36 > To: security-dev@xml.apache.org > Subject: Re: Help - DSIG Verification >=20 > I haven't look in enought detail on this, so I=B4m only going to answer > the theoricall things. >=20 > On Fri, 25 Feb 2005 12:08:56 -0000, Ritesh.Aswaney@syntegra.com > wrote: > > > > > > > > People, > > > > > > > > I've managed to create a DSIG with a XSLT Transform and exclusive > > canonicalization. > > > > If someone can answer a few queries for me : > > > > > > > > 1) With the code I've written below, can I be sure that the API > > internally applies canonicalization and the XSLT Transform, before > > calculating the Hash and finally the Signature Value ? > Yes, the code always c14n everything that is going to be sign. > > > > 2) When I invoke the verification call, it fails with the following > > result : > > > > > > > > Gunna Sign > > > > Completed Signing > > > > Gunna Decode > > > > 25-Feb-2005 11:49:20 org.apache.xml.security.signature.Reference verify= > >=20 > > INFO: Verification successful for URI "" > > > > Verification Result : false > > > > Completed Decoding > > > > > It means that the hash is correct, but the signature not. > > > > Why is this verification failing ? When I m passing the correct public > key... > > and what does the log generated by the API signify ? > > > > Someone please help ! I have a deadline to meet... > > > > > Sorry for not helping before. > > > > > > > > public class SampleTransformXSLT { > > > > > > > > /**+ > > > > * Method main > > > > * > > > > * @param args > > > > * @throws Exception > > > > */ > > > > public static void main(String args[]) throws Exception { > > > > org.apache.xml.security.Init.init(); > > > > > > > > //J- > > > > String transformStr =3D convertFileToString(new > > File("D:/eclipse/workspace/XMLDSig/dataFiles/xslt.xslt")) ; > > > > > > > > String inputStr =3DconvertFileToString(new > > File("D:/eclipse/workspace/XMLDSig/dataFiles/CreateRx.xml")) ; > > > > //J+ > > > > javax.xml.parsers.DocumentBuilderFactory dbf =3D > > > > javax.xml.parsers.DocumentBuilderFactory.newInstance(); > > > > > > > > dbf.setNamespaceAware(true); > > > > > > > > javax.xml.parsers.DocumentBuilder db =3D dbf.newDocumentBuilder()= ;> >=20 > > org.w3c.dom.Document doc =3D > > > > db.parse(new > > java.io.ByteArrayInputStream(transformStr.getBytes())); > > > > > > > > > > > > KeyPairGenerator pairGenerator =3D KeyPairGenerator.getInstance("= RSA"); >=20 > > > > KeyPair keyPair =3D pairGenerator.generateKeyPair(); > > > > Document sourceDoc =3D db.parse(new > > java.io.ByteArrayInputStream(inputStr.getBytes())); > > > > Document transformDoc =3D db.parse(new > > java.io.ByteArrayInputStream(transformStr.getBytes())); > > > > > > > > XMLSignature signer =3D new > > XMLSignature(sourceDoc,null,XMLSignature.ALGO_ID_SIGNATURE_RSA); > > > > > > > > sourceDoc.getDocumentElement().appendChild(signer.getElement()); > > > > > > > > Transforms transforms =3D new Transforms(sourceDoc); > > > > > > > > transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE)= ;> >=20 > > > > > > > transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS); > > > > > > > > Node xslElem =3D transformDoc.getDocumentElement(); > > > > Node xslElemImported =3D sourceDoc.importNode(xslElem, true); > > > > > > > > transforms.addTransform(Transforms.TRANSFORM_XSLT, > > (org.w3c.dom.Element)xslElemImported); > > > > > > > > signer.addDocument("",transforms,Constants.ALGO_ID_DIGEST_SHA1); > > > > > > > > signer.addKeyInfo(keyPair.getPublic()); > > > > > > > > System.out.println("Gunna Sign"); > > > > signer.sign(keyPair.getPrivate()); > > > > System.out.println("Completed Signing"); > > > > > > > > XMLUtils.outputDOM(signer.getDocument(),new FileOutputStream(new > > File("D:/eclipse/workspace/XMLDSig/dataFiles/sign.xml"))); > > > > > > > > > > > > //call to verify > > > > verify(keyPair.getPublic()); > > > > > > > > } > > > > > > > > > > > > > > > > private static String convertFileToString(File file) > > > > { > > > > StringBuffer buffer =3D new StringBuffer(); > > > > try > > > > { > > > > String line =3D null; > > > > FileInputStream fin =3D new FileInputStream(file); > > > > BufferedReader reader =3D > > > > new BufferedReader(new InputStreamReader(fin));= > >=20 > > while ((line =3D reader.readLine()) !=3D null) > > > > { > > > > buffer.append(line); > > > > } > > > > } > > > > catch (Exception exc) > > > > { > > > > exc.printStackTrace(); > > > > } > > > > return buffer.toString(); > > > > } > > > > > > > > static > > > > { > > > > Init.init(); > > > > } > > > > > > > > } > > > > > > > > public static void verify(PublicKey publicKey) throws Exception { > > > > > > > > > > > > //J- > > > > String inputStr =3D convertFileToString(new > > File("D:/eclipse/workspace/XMLDSig/dataFiles/sign.xml")) ; > > > > > > > > javax.xml.parsers.DocumentBuilderFactory dbf =3D > > > > javax.xml.parsers.DocumentBuilderFactory.newInstance(); > > > > > > > > dbf.setNamespaceAware(true); > > > > > > > > javax.xml.parsers.DocumentBuilder db =3D dbf.newDocumentBuilder()= ;> >=20 > > > > > > Document sourceDoc =3D db.parse(new > > java.io.ByteArrayInputStream(inputStr.getBytes())); > > > > > > > > Element dsigElement =3D > > (Element)sourceDoc.getDocumentElement().getLastChild(); > > > > > > > > System.out.println(dsigElement.getNodeName()); > > > > > > > > XMLSignature signer =3D new XMLSignature(dsigElement,null); > > > > > > > > System.out.println("Gunna Decode"); > > > > System.out.println(signer.checkSignatureValue(publicKey)); > > > > System.out.println("Completed Decoding"); > > > > > > > > } > > >=20 > ******************************************************************** >=20 > This email may contain information which is privileged or confidential. I= f you are not the intended recipient of this email, please notify the sende= r immediately and delete it without reading, copying, storing, forwarding o= r disclosing its contents to any other person > Thank you >=20 > Check us out at http://www.bt.com/consulting >=20 > ******************************************************************** >=20 >=20 --=20 http://r-bg.com