1 Reply Latest reply: Feb 22, 2012 2:46 AM by 805963 RSS

    Signature verficiation fails

      Hi everybody,

      I have an issue that my XML signature cannot be verified with an external (e-government) tool. The XML document contains an <xml-stylesheet> directive and this causes a problem. if I remove it, an XML is signed and verified correctly as well. The signature can be, however, verified with a simple Java application I wrote (I don't know what's difference between those two tools - but normally it must be verifiable with any tool - right?). Can someone help me pls? Thanks in advance.

      Here is my code:

                ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, "ds");

                XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
                Document signedDocument = signRequest.getDocument();

                Reference ref = fac.newReference("", fac.newDigestMethod(
                          DigestMethod.SHA1, null), Collections.singletonList(fac
                                    (TransformParameterSpec) null)), null, null);

                SignedInfo si = fac
                                    (C14NMethodParameterSpec) null), fac
                                    .newSignatureMethod(SignatureMethod.RSA_SHA1, null),

                X509Certificate cert = (X509Certificate) signRequest.getCertificate();

                KeyInfoFactory kif = fac.getKeyInfoFactory();
                List x509Content = new ArrayList();
                X509Data xd = kif.newX509Data(x509Content);
                KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));

                DOMSignContext dsc = new DOMSignContext(signRequest.getPrivateKey(),

                XMLSignature signature = fac.newXMLSignature(si, ki);


      I found this code on Oracle Java. Before it I tried to use the Apache Santuario but I used XmlSiganture object directly (no Factory is used) - the same effect.

      I tried to use Reference in order to sign only root element but the only way I know is to use element id -> #my_id to access an element. And this doesn't work as well :-(.

      Thanks for any help.


      Edited by: user5845341 on 21.02.2012 08:02
        • 1. Re: Signature verficiation fails
          Maybe one detail more: signing the same document with and without xslt-stylesheet directive gives me different digest values and signature values as well. If I say that my root node should be signed how is it possible that those changes are relevant? Is whole document always signed? I really don't get it... Any tips? Thnx for any help.