santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <>
Subject Re: X509Digest
Date Wed, 17 Feb 2016 13:51:32 GMT
This is not going to work. You are mixing 2 different APIs together. To 
understand this better, I need to explain a bit more.

The original Apache Java XML Signature library consisted of APIs in the namespace.

Later, JSR 105 based the implementation of the standard Java XML 
Signature API (javax.xml.crypto and subpackages) on the Apache XML 
Signature Library. However, only a subset of the implementation could be 
used since the underlying Apache APIs were too different to be 
retrofitted and maintain compatibility at the same time.

Since there was already a large base of users using the original Apache 
XML Signature APIs, we could not just remove them, so we decided to 
support both usages, i.e. 1) via the standard Java API, and 2) via the 
Apache API.

So, you can't do what you are trying to do below. You need to use either 
the standard Java API OR the Apache API but not both.

You should be able to pass in a DOMStructure object that represents an 
X509Digest element. Ideally though, the JSR 105 API should be enhanced 
to add a new X509Digest class. I'll file an RFE for that.


On 02/16/2016 05:15 PM, Pellerin, Clement wrote:
> I'm trying to create a signature programmatically in Santuario 2.0.6
> I need to add the new element X509Digest defined by XML DSig 1.1
> Unfortunately, there is no junit for this usage.
> When I run this code:
>    List<Object> x509Content = new ArrayList<Object>();
>    XMLX509Digest certDigest = new XMLX509Digest(domDocument, signerCert, certDigestUri);
>    x509Content.add(certDigest);
>    X509Data x509Data = keyInfoFactory.newX509Data(x509Content);
> I'm getting the error:
>    ClassCastException: content[0] is not a valid X509Data type
> Indeed, the constructor of DOMX509Data does not accept an XMLX509Digest
> as part of the content list. In particular, XMLX509Digest is not an
> XMLStructure.
> I noticed XMLX509Digest is tagged by the XMLX509DataContent interface,
> but that interface is not used by DOMX509Data, surprisingly.
> As a side note, I looked for a factory method in DOMKeyInfoFactory
> but I could not find one to create an X509Digest.
> There are factory methods in
> which is unrelated to javax.xml.crypto.dsig.keyinfo.X509Data
> so I'm confused.

View raw message