santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: dumping the canonical form of a Reference to a log or stdout
Date Fri, 01 Sep 2006 19:57:04 GMT
I don't have enough information, but it sounds like when canonicalizing 
on the client, it doesn't find the namespace definition for foo. Is it 
defined by an ancestor of the bar element on the server but not on the 
client?

--Sean

Markus Werner wrote:
> Hi Sean,
> 
> thank you for your reply. The following lines of code provide the
> expected result:
> 
> SignedInfo signedInfo = sig.getSignedInfo();
> for (int i = 0; i < signedInfo.getLength(); i++) {
>    Reference reference = signedInfo.item(i);
>    // System.out.println(reference.getContentsAfterTransformation());
>    System.out.println(new String(reference.getReferencedBytes()));
> }
> 
> The client-side output is something like the following:
> 
> <foo:bar Id="ref0815">rest is the same</foo:bar>
> 
> while the server-side output is as follows:
> 
> <foo:bar xmlns:foo="http://www.asdf.org/foo#" Id="ref0815">
>     rest is the same</foo:bar>
> 
> Both outputs seem to be correctly canonicalized, but the digest input on
> the server-side includes some addidional namespace-declaration in the
> opening tag of <foo:bar>.
> 
> What can cause this?
> 
> Thank you in advance,
> Markus.
> 
> 
> Sean Mullan schrieb:
>> I would try calling Reference.getContentsAfterTransformation (returns an
>> XMLSignatureInput) or Reference.getReferencedBytes (returns a byte[]),
>> each of which return the dereferenced and transformed contents before it
>> is digested. I haven't really used those methods so I'm hoping someone
>> on the list that is more familiar with them will send you some sample code.
>>
>> --Sean
>>
>> Markus Werner wrote:
>>> Hi,
>>>
>>> first of all, I'm relatively new to Apache XML Security, so please be
>>> patient   :-)
>>>
>>> My job is to sign an element inside a DOM-Document with the help of a
>>> secretKey. Let the element that should be signed be called <Foo> and its
>>> Id be "id" in beneath code snippet. The signature should be a detached
>>> signature.
>>>
>>> ---------------------------------------------------------------------
>>> private static Document sign(
>>>     Document doc, String id, SecretKey secretKey)
>>> throws Exception
>>> {
>>>   XMLSignature sig = new XMLSignature(doc, baseURI,
>>>           XMLSignature.ALGO_ID_MAC_HMAC_SHA1,
>>>           Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
>>>
>>>   Node root = doc.getFirstChild();
>>>   root.appendChild(sig.getElement());
>>>
>>>   Transforms transforms = new Transforms(doc);
>>>   transforms.addTransform(
>>>       Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
>>>
>>>   sig.addDocument("#" + id, transforms,
>>>       Constants.ALGO_ID_DIGEST_SHA1);
>>>   sig.sign(secretKey);
>>>
>>>   return doc;
>>> }
>>> ---------------------------------------------------------------------
>>>
>>> I'm working here on the client-side and the server responds, that there
>>> is something wrong with the digest value of the signed reference while
>>> the SignedInfo is correctly digested.
>>>
>>> To get sure what went wrong we have to compare the digest inputs (value
>>> after canonicalization) on both sides. I already got the canonicalized
>>> Element as String from the server-side and I should do the same with my
>>> implementation.
>>>
>>> When I use the following lines of code to save the document immediately
>>> before signing it I get the whole document in a canonicalized form.
>>>
>>>   FileOutputStream f = new FileOutputStream("test.xml");
>>>   XMLUtils.outputDOMc14nWithComments(doc, f);
>>>
>>> But I only need the canonicalized form of the referenced element <Foo>.
>>> Is there some way to dump the canonical form of a Reference to a log or
>>> stdout?
>>>
>>> Best regards,
>>> Markus.


Mime
View raw message