santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: Cannot get an evenloped signature to work...
Date Fri, 27 Jun 2008 13:59:53 GMT
Ian Hummel wrote:
> hmmm you're right.
> 
> Another thing I noticed is that if I add
> 
>     assertion.setIdAttribute("id", true);
> 
> things seem to work as well...
> 
> 
> Can you comment on that?

Yes, you are registering the ID so it doesn't execute the same code path 
  that triggered the NPE.

But, you should still always use the DOM namespace aware methods because 
even though this worked, you will definitely get problems in more 
complicated scenarios.

--Sean

> 
> Thank you Sean!
> 
> 
> On Jun 26, 2008, at 5:49 PM, Sean Mullan wrote:
> 
>> You must always use the DOM namespace aware methods when creating
>> elements and attributes, change:
>>
>>>    Element assertion = doc.createElement("Assertion");
>>> assertion.setAttribute("id", "mynode");
>>
>> to:
>>
>>>    Element assertion = doc.createElementNS(null, "Assertion");
>>> assertion.setAttributeNS(null,"id", "mynode");
>>
>> Works fine after I made those changes.
>>
>> That said, the XMLSec code could be a bit more robust and check for
>> nulls and throw a more descriptive exception in these cases so I will
>> open a bug on this.
>>
>> --Sean
>>
>> Ian Hummel wrote:
>>> Hi everyone,
>>>
>>> I cannot seem to get a simple example enveloped signature example to
>>> work.  I guess I am doing something stupid, but I can't for the life of
>>> me figure out what's wrong!
>>>
>>> I get this error using jdk 5 and xmlsec 1.4.0 or 1.4.2 (but it seems to
>>> work with 1.3.0??):
>>>
>>> Exception in thread "main" java.lang.RuntimeException: Error doing it
>>> at test.Test.main(Test.java:82)
>>> Caused by: java.lang.NullPointerException
>>> at org.apache.xml.security.utils.IdResolver.isElement(Unknown Source)
>>> at org.apache.xml.security.utils.IdResolver.getEl(Unknown Source)
>>> at
>>> org.apache.xml.security.utils.IdResolver.getElementBySearching(Unknown
>>> Source)
>>> at org.apache.xml.security.utils.IdResolver.getElementById(Unknown 
>>> Source)
>>> at
>>> org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolve(Unknown

>>>
>>> Source)
>>> at
>>> org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
>>> Source)
>>> at
>>> org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown

>>>
>>> Source)
>>> at
>>> org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown

>>>
>>> Source)
>>> at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
>>> Source)
>>> at
>>> org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
>>> Source)
>>> at
>>> org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
>>> Source)
>>> at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
>>> at test.Test.signDoc(Test.java:49)
>>> at test.Test.main(Test.java:78)
>>>
>>> Here is the sample code:
>>>
>>> package test;
>>> import java.security.KeyStore;
>>> import java.security.PrivateKey;
>>> import java.security.cert.Certificate;
>>>
>>> import javax.xml.parsers.DocumentBuilder;
>>> import javax.xml.parsers.DocumentBuilderFactory;
>>> import javax.xml.transform.Transformer;
>>> import javax.xml.transform.TransformerFactory;
>>> import javax.xml.transform.dom.DOMSource;
>>> import javax.xml.transform.stream.StreamResult;
>>>
>>> import org.apache.xml.security.c14n.Canonicalizer;
>>> import org.apache.xml.security.signature.XMLSignature;
>>> import org.apache.xml.security.transforms.Transforms;
>>> import org.apache.xml.security.utils.Constants;
>>> import org.w3c.dom.Document;
>>> import org.w3c.dom.Element;
>>>
>>>
>>> public class Test {
>>> private Certificate cert;
>>> private PrivateKey privateKey;
>>> static {
>>> org.apache.xml.security.Init.init();
>>> }
>>> public Test() throws Exception {
>>> KeyStore keyStore = KeyStore.getInstance("JKS");
>>> keyStore.load(new java.io.FileInputStream("keystore.jks"),
>>> "changeit".toCharArray());
>>> Certificate cert = keyStore.getCertificate("tomcat");
>>> PrivateKey privateKey = (PrivateKey) keyStore.getKey("tomcat",
>>> "changeit".toCharArray());
>>> this.cert = cert;
>>> this.privateKey = privateKey;
>>> }
>>>
>>> private void signDoc(Document doc, Element assertion, String messageId)
>>> throws Exception {
>>> XMLSignature signature = new XMLSignature(doc, "",
>>> XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
>>> Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
>>> assertion.appendChild(signature.getElement());
>>>
>>> Transforms transforms = new Transforms(doc);
>>> transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
>>> transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
>>> signature.addDocument("#" + messageId, transforms,
>>> Constants.ALGO_ID_DIGEST_SHA1);
>>> signature.addKeyInfo(cert.getPublicKey());
>>> signature.sign(privateKey);
>>> }
>>> private void verifyDoc(Document doc) {
>>> }
>>> private void dumpDoc(Document doc) throws Exception {
>>> System.out.println("---------");
>>> Transformer xformer = TransformerFactory.newInstance().newTransformer();
>>> DOMSource source = new DOMSource(doc);
>>> StreamResult result = new StreamResult(System.out);
>>> xformer.transform(source, result);
>>> System.out.println();
>>> System.out.println("---------");
>>> }
>>> public static void main(String[] args) {
>>> try {
>>> DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
>>>      dbf.setValidating(false);
>>>       dbf.setNamespaceAware(true);
>>>    DocumentBuilder db = dbf.newDocumentBuilder();
>>>    Document doc = db.newDocument();
>>>    Element assertion = doc.createElement("Assertion");
>>> assertion.setAttribute("id", "mynode");
>>> doc.appendChild(assertion);
>>> Test t = new Test();
>>> t.dumpDoc(doc);
>>> t.signDoc(doc, assertion, "mynode");
>>> t.dumpDoc(doc);
>>> t.verifyDoc(doc);
>>> } catch (Exception e) {
>>> throw new RuntimeException("Error doing it", e);
>>> }
>>> }
>>> }
>>
> 


Mime
View raw message