santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Markus Werner <>
Subject Re: dumping the canonical form of a Reference to a log or stdout
Date Fri, 01 Sep 2006 09:27:07 GMT
Hi Sean,

thank you for your reply. The following lines of code provide the
expected result:

SignedInfo signedInfo = sig.getSignedInfo();
for (int i = 0; i < signedInfo.getLength(); i++) {
   Reference reference = signedInfo.item(i);
   // System.out.println(reference.getContentsAfterTransformation());
   System.out.println(new String(reference.getReferencedBytes()));

The client-side output is something like the following:

<foo:bar Id="ref0815">rest is the same</foo:bar>

while the server-side output is as follows:

<foo:bar xmlns:foo="" Id="ref0815">
    rest is the same</foo:bar>

Both outputs seem to be correctly canonicalized, but the digest input on
the server-side includes some addidional namespace-declaration in the
opening tag of <foo:bar>.

What can cause this?

Thank you in advance,

Sean Mullan schrieb:
> I would try calling Reference.getContentsAfterTransformation (returns an
> XMLSignatureInput) or Reference.getReferencedBytes (returns a byte[]),
> each of which return the dereferenced and transformed contents before it
> is digested. I haven't really used those methods so I'm hoping someone
> on the list that is more familiar with them will send you some sample code.
> --Sean
> Markus Werner wrote:
>> Hi,
>> first of all, I'm relatively new to Apache XML Security, so please be
>> patient   :-)
>> My job is to sign an element inside a DOM-Document with the help of a
>> secretKey. Let the element that should be signed be called <Foo> and its
>> Id be "id" in beneath code snippet. The signature should be a detached
>> signature.
>> ---------------------------------------------------------------------
>> private static Document sign(
>>     Document doc, String id, SecretKey secretKey)
>> throws Exception
>> {
>>   XMLSignature sig = new XMLSignature(doc, baseURI,
>>           XMLSignature.ALGO_ID_MAC_HMAC_SHA1,
>>           Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
>>   Node root = doc.getFirstChild();
>>   root.appendChild(sig.getElement());
>>   Transforms transforms = new Transforms(doc);
>>   transforms.addTransform(
>>   sig.addDocument("#" + id, transforms,
>>       Constants.ALGO_ID_DIGEST_SHA1);
>>   sig.sign(secretKey);
>>   return doc;
>> }
>> ---------------------------------------------------------------------
>> I'm working here on the client-side and the server responds, that there
>> is something wrong with the digest value of the signed reference while
>> the SignedInfo is correctly digested.
>> To get sure what went wrong we have to compare the digest inputs (value
>> after canonicalization) on both sides. I already got the canonicalized
>> Element as String from the server-side and I should do the same with my
>> implementation.
>> When I use the following lines of code to save the document immediately
>> before signing it I get the whole document in a canonicalized form.
>>   FileOutputStream f = new FileOutputStream("test.xml");
>>   XMLUtils.outputDOMc14nWithComments(doc, f);
>> But I only need the canonicalized form of the referenced element <Foo>.
>> Is there some way to dump the canonical form of a Reference to a log or
>> stdout?
>> Best regards,
>> Markus.

View raw message