|
Hello, Here is an small example that demonstratest the
problem I am having with serializing/parsing XMLSignature nodes with dom4j. In
this code I parse a string of XML into an org.w3c.dom.Element, Sign this with
an enveloped XMLSignature and successfully verify the signature. Immediately
after this I use dom4j to serialize to text and parse back to an
org.w3c.dom.Element. After this I can no longer verify the XMLSignature. I get
an Unknown canonicalizer exception. Any ideas or suggestions are greatly
appreciated. I have included a test keystore & cert in case anyone would
care to test this themselves. Thanks! -Garett import org.apache.xml.security.signature.XMLSignature; import org.apache.xml.security.transforms.Transforms; import org.apache.xml.security.c14n.Canonicalizer; import org.dom4j.DocumentHelper; import org.dom4j.io.DOMWriter; import org.dom4j.io.DOMReader; public class Sigtest { public static String keystore_name =
"privateStore"; public static String keystore_pass =
"abc123"; public static String keystore_alias =
"testcert"; public static String path_to_cert =
"testcert.cer"; public static void main(String args[]) //Parse a String of XML into an
org.w3c.dom.Element DOMWriter domwriter = new DOMWriter(); //Load the signing key from a keystore java.security.KeyStore ks =
java.security.KeyStore.getInstance("jks");
ks.load(Sigtest.class.getClassLoader().getResourceAsStream(keystore_name),
keystore_pass.toCharArray()); //Sign w3c_element with an enveloped
signature org.apache.xml.security.Init.init();
w3c_element_1.appendChild(sig.getElement());
transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#"); sig.addDocument("", transforms,
"http://www.w3.org/2000/09/xmldsig#sha1"); sig.sign(signing_key); //Load the cert from a cert file CertificateFactory cert_factory =
CertificateFactory.getInstance("X.509"); java.io.InputStream iStream =
Sigtest.class.getClassLoader().getResourceAsStream(path_to_cert); X509Certificate the_cert =
(X509Certificate)cert_factory.generateCertificate(iStream); //Validate the Signature org.w3c.dom.Node sig_node_1 = null; org.w3c.dom.Node cur_node = null; boolean flag =
sig_varify.checkSignatureValue(the_cert.getPublicKey()); System.out.println("Signature
verification prior to dom4j serialize/parse result: "+flag); //Serialize to text & parse from text DOMReader domreader = new DOMReader(); String xml_string =
domreader.read((org.w3c.dom.Document)w3c_element_1.getOwnerDocument()).asXML(); org.w3c.dom.Element w3c_element_2 =
domwriter.write(DocumentHelper.parseText(xml_string)).getDocumentElement(); //Validate the Signature org.w3c.dom.Node sig_node_2 = null; cur_node = null; for(cur_node = w3c_element_2.getFirstChild();
cur_node != null; cur_node = cur_node.getNextSibling()) if(cur_node.getNodeType() ==
1 && cur_node.getNodeName() != null &&
cur_node.getNodeName().equals("ds:Signature")) sig_node_2 =
cur_node; sig_varify = new
XMLSignature((org.w3c.dom.Element) sig_node_2, ""); flag =
sig_varify.checkSignatureValue(the_cert.getPublicKey()); System.out.println("Signature
verification after dom4j serialize/parse result: "+flag); } catch (Exception e) { System.out.println(e.getMessage()); } } public static String xml_string_orig = "<?xml
version=\"1.0\" encoding=\"UTF-8\"?>\n
<catalog xmlns:journal=\"http://www.w3.org/2001/XMLSchema-Instance\"
>\n <journal:journal title=\"XML\"
publisher=\"IBM developerWorks\">\n
<article journal:level=\"Intermediate\"\n
date=\"February-2003\">\n
<title>Design XML Schemas Using
UML</title>\n <author>Ayesha
Malik</author>\n </article>\n
</journal:journal>\n</catalog>\n"; } |
testcert.cer
Description: testcert.cer
privateStore
Description: privateStore
------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ dom4j-dev mailing list dom4j-dev@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/dom4j-dev
