santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Satish Burnwal <sburn...@cisco.com>
Subject Re: Help validating XML signature
Date Wed, 06 Aug 2008 14:16:37 GMT
Ian Hummel <hummel <at parityinc.net writes:

 
 Hi Brent, thanks for the reply.
 
 I made the two changes you suggested but the signature is still not  
 validating.  I have been adding println's all throughout the 1.4.0  
 code to better understand why, and it seems that the C14N transform is  
 returning null at one point.
 
 The Reference object loops through all the configured transforms, the
 http://www.w3.org/2000/09/xmldsig#enveloped-signature 
   transform returns a (modified, i assume) XMLSignatureInput, then we  
 run through the C14N and it returns null!
 
 The block of code is in CanonicalizerBase.java in method  
 engineCanonicalizeXPathNodeSetInternal.
 
           this.canonicalizeXPathNodeSet(doc,doc);
           System.out.println("canonicalizeXPathNodeSet is ok i  
 guess...");
           this._writer.close();
           if (this._writer instanceof ByteArrayOutputStream) {
              byte []  
 sol=((ByteArrayOutputStream)this._writer).toByteArray();
              if (reset) {
              	((ByteArrayOutputStream)this._writer).reset();
              }
           	return sol;
           }  else if (this._writer instanceof  
 UnsyncByteArrayOutputStream) {
          	 byte  
 []result=((UnsyncByteArrayOutputStream)this._writer).toByteArray();
               if (reset) {
                   ((UnsyncByteArrayOutputStream)this._writer).reset();
               }
            	 return result;
           }
           return null;   <------ returns this null!
 
 The _writer instance in this case was created in Reference.java method  
 calculateDigest
 
           MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm();
 
           mda.reset();
           DigesterOutputStream diOs=new DigesterOutputStream(mda);
           OutputStream os=new UnsyncBufferedOutputStream(diOs);   <---  
 not check via instanceof in CanonicalizerBase
           XMLSignatureInput  
 output=this.dereferenceURIandPerformTransforms(os);
           output.updateOutputStream(os);
           os.flush();
 
 Do you (or anyone) think this could be a bug?  I 1.4.1 mentioned some  
 bug in C14N, but I have tried that version as well without success....
 
 thanks for the help!
 
 - ian.

Ian and all,
Did you get any solution to the problem you are facing above. I am also facing
the same problem - I also have as signed token which has transforms of
http://www.w3.org/2000/09/xmldsig#enveloped-signature followed by
http://www.w3.org/2001/10/xml-exc-c14n#. I tried to debug this by taking the
xmlsec src codes and I found the same problem as mentioned by Ian above. Pls
help in resolving this.

-Satish



Mime
View raw message