santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: Problem with verfiying Signature
Date Wed, 18 Jul 2007 14:42:21 GMT
Make sure you implement the engineCanResolve method so that it returns
true for the URIs that your ResourceResolver supports. Your
implementation will not be used unless the engineCanResolve method
returns true.

--Sean

Maximilian Hütter wrote:
> Hi all,
> 
> I hope somebody can help with this, as I don't know what to do any more.
> My problem is that I am trying to use the XML Signature as hash value
> for XML documents.
> 
> First I create a Signature like this (I left some things out, to shorten
> it):
> 
> // get DOM tree
> Document doc = new Document((Element) root.detach());
>     // compute XML signature for in
>     DOMOutputter output = new DOMOutputter();
>     org.w3c.dom.Document domDoc = output.output(doc);
> 
>     // create signature object and set its Reference
>     XMLSignature sig = new XMLSignature(domDoc, "",
> XMLSignature.ALGO_ID_SIGNATURE_DSA);
>     sig.addDocument("");
> 
>     //get the private key for signing.
> 
>      sig.addKeyInfo(cert);
>      sig.addKeyInfo(cert.getPublicKey());
>      sig.sign(privateKey);
> 
>       // re-convert to JDOM
>       org.w3c.dom.Element sigElem = sig.getElement();
>       DOMBuilder builder = new DOMBuilder();
>       out = builder.build(sigElem);
> 
> I write the signature element to a file (for testing).
> 
> Then I try to validate like that:
> //doc is the original XML document
>  org.w3c.dom.Document doc = output.output(new Document((Element)
> root.detach()));
> //the XML Signature doc:
>  org.w3c.dom.Document sigDoc = output.output(new Document((Element)
> signature.detach()));
> 
>     //make a signature object from the signature element
>     XMLSignature sig = new XMLSignature(sigDoc.getDocumentElement(), "");
> //My custom resolver, which will just return the doc as
> XMLSignatureInput:
> NullURIResolver docResolver = new NullURIResolver(doc);
>     sig.addResourceResolver(docResolver);
>     KeyInfo ki = sig.getKeyInfo();
> 
>    X509Certificate cert = ki.getX509Certificate();
> 
>    valid = sig.checkSignatureValue(cert);
> 
> My NullURIResolver looks like this:
> 
> public NullURIResolver(Document dataInput)
>   {
>     this.dataInput = dataInput;
>   }
> 
> public XMLSignatureInput engineResolve(Attr uri, String BaseURI) throws
> ResourceResolverException
>   {
>     XMLSignatureInput result = null;
> 
>     if(this.dataInput != null)
>     {
>       result = new XMLSignatureInput(this.dataInput);
>       result.setMIMEType("text/xml");
>       result.setSourceURI("");
>     }
>     else
>     {
>       Object exArgs[] = {"no data to resolve"};
> 
>       throw new ResourceResolverException("empty", exArgs, uri, BaseURI);
>     }
> 
>     return result;
>   }
> 
> As I see it, this will ignore the uri and just return the
> XMLSignatureInput from the doc, it was given before.
> 
> Some how this won't validate.
> 
> Best regards,
> 
> Max
> 


Mime
View raw message