santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Satish Burnwal <sburn...@cisco.com>
Subject Re: Signature validation problem - C14N transform returns null
Date Thu, 07 Aug 2008 04:58:01 GMT
I am facing a issue with validating the xml signature. I have enveloped 
transform followed by ex-C14N. I did search xmlsec mail archive but to 
no success. Then I tried with debugging the xmlsec src code:
 
 The Reference object loops through all the configured transforms, the
 http://www.w3.org/2000/09/xmldsig#enveloped-signature 
   transform returns a (modified, i assume) XMLSignatureInput, then we  
 run through the C14N and it returns null!

 The block of code is in CanonicalizerBase.java in method  
 engineCanonicalizeXPathNodeSetInternal.

           this.canonicalizeXPathNodeSet(doc,doc);
           System.out.println("canonicalizeXPathNodeSet is ok i  
 guess...");
           this._writer.close();
           if (this._writer instanceof ByteArrayOutputStream) {
              byte []  
 sol=((ByteArrayOutputStream)this._writer).toByteArray();
              if (reset) {
              	((ByteArrayOutputStream)this._writer).reset();
              }
           	return sol;
           }  else if (this._writer instanceof  
 UnsyncByteArrayOutputStream) {
          	 byte  
 []result=((UnsyncByteArrayOutputStream)this._writer).toByteArray();
               if (reset) {
                   ((UnsyncByteArrayOutputStream)this._writer).reset();
               }
            	 return result;
           }
           return null;   <------ returns this null!

 The _writer instance in this case was created in Reference.java method  
 calculateDigest. Thus the ByteArrayOutputStreams of CanonicalizeBase do not
 match with the BufferedOutputStreams of Reference class, causing it to return
 null.

           MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm();

           mda.reset();
           DigesterOutputStream diOs=new DigesterOutputStream(mda);
           OutputStream os=new UnsyncBufferedOutputStream(diOs);   <---  
 not check via instanceof in CanonicalizerBase
           XMLSignatureInput  
 output=this.dereferenceURIandPerformTransforms(os);
           output.updateOutputStream(os);
           os.flush();

Pls help me in resolving this. The signedInfo element is this:
<ds:SignedInfo>
	<ds:CanonicalizationMethod 
		Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
	<ds:SignatureMethod 
		Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
	<ds:Reference URI="#id-23761097"> 
	<ds:Transforms>
		<ds:Transform 
			Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
		<ds:Transform 
			Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
	</ds:Transforms>
	<ds:DigestMethod 
		Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
	<ds:DigestValue>SVUf+cO2NKZpSOHHhPfQjLQNhiE=</ds:DigestValue>
	</ds:Reference>
</ds:SignedInfo>




Mime
View raw message