XML Digital Signature throws NAMESPACE_ERR exception under OpenJDK 11 that works under Java SE 8 — oracle-tech

    Forum Stats

  • 3,701,858 Users
  • 2,239,501 Discussions
  • 7,835,584 Comments

Discussions

XML Digital Signature throws NAMESPACE_ERR exception under OpenJDK 11 that works under Java SE 8

38789783878978 Posts: 4
edited February 2019 in Cryptography

My XML Digital Signature code runs fine under Java 8 (1.8.0_161), but on upgrading to OpenJDK 11 (11.0.2, ), it now traps with an NAMESPACE_ERR exception:

org.w3c.dom.DOMException: NAMESPACE_ERR: An attempt is made to create or change an object in a way which is incorrect with regard to namespaces.

at java.xml/com.sun.org.apache.xerces.internal.dom.ElementNSImpl.setName(ElementNSImpl.java:109)

at java.xml/com.sun.org.apache.xerces.internal.dom.ElementNSImpl.<init>(ElementNSImpl.java:84)

at java.xml/com.sun.org.apache.xerces.internal.dom.CoreDocumentImpl.createElementNS(CoreDocumentImpl.java:2089)

at java.xml.crypto/org.jcp.xml.dsig.internal.dom.XmlWriterToTree.writeStartElement(XmlWriterToTree.java:99)

at java.xml.crypto/org.jcp.xml.dsig.internal.dom.Marshaller.marshalGenericNode(Marshaller.java:303)

at java.xml.crypto/org.jcp.xml.dsig.internal.dom.Marshaller.marshalGenericNode(Marshaller.java:286)

at java.xml.crypto/org.jcp.xml.dsig.internal.dom.Marshaller$14.marshalObject(Marshaller.java:251)

at java.xml.crypto/org.jcp.xml.dsig.internal.dom.Marshaller$14.marshalObject(Marshaller.java:247)

at java.xml.crypto/org.jcp.xml.dsig.internal.dom.XmlWriterToTree.marshalStructure(XmlWriterToTree.java:200)

at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLObject.marshal(DOMXMLObject.java:180)

at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature.marshal(DOMXMLSignature.java:233)

at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:325)

at com.esignforms.open.crypto.XmlDigitalSignature.sign(XmlDigitalSignature.java:208)

If I revert back to Java 8, it works again. 

I noted that our XML digital signature code makes no direct references to namespaces.  Basic code does set the DocumentBuildFactory to be namespace aware:

  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

  dbf.setNamespaceAware(true);

When we sign under Java 8, this is the resulting digitally signed output for our XML <snapshot> element, which does have a namespace of our own:

<snapshot xmlns="http://open.esignforms.com/XMLSchema/2011" timestamp="2019-01-30T12:40:46-08:00" type="document"><![CDATA[<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />

<title>Date Doc 1</title>

<meta name="robots" content="noindex, nofollow" />

<meta name="Description" content="Confidential document" />

<meta name="viewport" content="width=device-width, initial-scale=1" />

<meta name="Generator" content="Yozons Open eSignForms document generator version 19.1.19_p0129_1657" />

<meta name="DeploymentId" content="bbfe9bed-918d-446b-9518-8ec303bafb83" />

<meta name="TransactionId" content="5163276c-d8aa-436f-8a96-5bc0c9eca931" />

<meta name="TransactionTemplateId" content="d15a91a3-87b8-457e-84bc-0b56ac7ebb10" />

<meta name="TransactionMode" content="Test" />

<meta name="PackageId" content="60301b59-ca07-429e-bb76-7083bfd6e642" />

<meta name="PackageVersionId" content="61afd6f3-b79e-4d14-844d-3a38541020ea" />

<meta name="PackageVersionPartyName" content="FirstParty" />

<meta name="DocumentId" content="e105af31-4b37-4092-9795-48b7c762ae97" />

<meta name="DocumentName" content="Date Doc 1" />

<meta name="DocumentVersionId" content="52248c28-187e-43f0-8de8-98357fa63654" />

<meta name="DocumentVersionPageId" content="62edfd59-be00-435a-9bd5-583cc84d220a" />

<meta name="DocumentVersionPartyName" content="FirstParty" />

<meta name="DocumentPageMode" content="REVIEW" />

<meta name="HtmlRenderTimestamp" content="2019-01-30 12:40:43.041 PST" />

<meta name="RequestIpAddr" content="50-46-115-249.evrt.wa.frontiernet.net (50.46.115.249)" />

<meta name="RequestUserAgent" content="Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_3) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0.3 Safari/605.1.15" />

<base href="https://open.esignforms.com/demo/" />

<style type="text/css">

/* platform esf.css */

@import url(//fonts.googleapis.com/css?family=Pacifico);

body.esf { font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 1em; }

.esf a img { border: none; }

.esf table.center, .esf div.center { margin-left: auto; margin-right: auto; }

.esf p.left, .esf span.left, .esf div.left, .esf th.left, .esf td.left { text-align: left; }

.esf p.right, .esf span.right, .esf div.right, .esf th.right, .esf td.right { text-align: right; }

.esf p.center, .esf span.center, .esf th.center, .esf td.center { text-align: center; }

.esf p.justify, .esf span.justify, .esf div.justify { text-align: justify; }

.esf .bottom { vertical-align: bottom; }

.esf .top { vertical-align: top; }

.esf .middle { vertical-align: middle; }

.esf .w5 { width: 5%; }

.esf .w10 { width: 10%; }

.esf .w15 { width: 15%; }

.esf .w20 { width: 20%; }

.esf .w25 { width: 25%; }

.esf .w30 { width: 30%; }

.esf .w33 { width: 33%; }

.esf .w34 { width: 34%; }

.esf .w35 { width: 35%; }

.esf .w40 { width: 40%; }

.esf .w45 { width: 45%; }

.esf .w48 { width: 48%; }

.esf .w50 { width: 50%; }

.esf .w60 { width: 60%; }

.esf .w70 { width: 70%; }

.esf .w75 { width: 75%; }

.esf .w80 { width: 80%; }

.esf .w85 { width: 85%; }

.esf .w90 { width: 90%; }

.esf .w95 { width: 95%; }

.esf .w98 { width: 98%; }

.esf .w100 { width: 100%; }

.esf .boT { border-top: 1px solid black; }

.esf .boB { border-bottom: 1px solid black; }

.esf .boTB { border-top: 1px solid black; border-bottom: 1px solid black; }

.esf .boL { border-left: 1px solid black; }

.esf .boR { border-right: 1px solid black; }

.esf .boLR { border-left: 1px solid black; border-right: 1px solid black; }

.esf .boBdash { border-bottom: 1px dashed black; }

.esf .boBdot { border-bottom: 1px dotted black; }

.esf .boBthick { border-bottom: 4px solid black; }

.esf .box { border: 1px solid black; }

.esf .boxthicker { border: 2px solid black; }

.esf .boxthick { border: 4px solid black; }

.esf .underline { text-decoration: underline; }

.esf .bold { font-weight: bold; }

.esf .italic { font-style: italic; }

.esf ::-webkit-input-placeholder { font-style: italic; }

.esf :-moz-placeholder { font-style: italic; }

.esf ::-moz-placeholder { font-style: italic; }

.esf :-ms-input-placeholder { font-style: italic; }

.esf .caps { text-transform: uppercase; }

.esf .smallcaps { font-variant: small-caps; }

.esf .lowercase { text-transform: lowercase; }

.esf .f6 { font-size: 6pt; }

.esf .f7 { font-size: 7pt; }

.esf .f8 { font-size: 8pt; }

.esf .f9 { font-size: 9pt; }

.esf .f10 { font-size: 10pt; }

.esf .f11 { font-size: 11pt; }

.esf .f12 { font-size: 12pt; }

.esf .f14 { font-size: 14pt; }

.esf .f16 { font-size: 16pt; }

.esf .f18 { font-size: 18pt; }

.esf .f20 { font-size: 20pt; }

.esf .f22 { font-size: 22pt; }

.esf .f24 { font-size: 24pt; }

.esf .f28 { font-size: 28pt; }

.esf .f32 { font-size: 32pt; }

.esf .f36 { font-size: 36pt; }

.esf .f40 { font-size: 40pt; }

.esf .f48 { font-size: 48pt; }

.esf .f60 { font-size: 60pt; }

.esf .f72 { font-size: 72pt; }

.esf .f96 { font-size: 96pt; }

.esf .red {color: red;}

.esf .green {color: green;}

.esf .blue {color: blue;}

.esf .white {color: white;}

.esf .black {color: black;}

.esf .gray  {color: gray;}

.esf .nomargin { margin: 0; }

.esf .nomarginT { margin-top: 0; }

.esf .nomarginB { margin-bottom: 0; }

.esf .nomarginTB { margin-top: 0; margin-bottom: 0; }

.esf .nomarginL { margin-left: 0; }

.esf .nomarginR { margin-right: 0; }

.esf .nomarginLR { margin-left: 0; margin-right: 0; }

.esf .nowrap { white-space: nowrap; }

/* HTML5 versions for table cellpadding="0" through cellpadding="5" */

.esf table.cellpadding0 th, .esf table.cellpadding0 td { padding: 0; }

.esf table.cellpadding1 th, .esf table.cellpadding1 td { padding: 1px; }

.esf table.cellpadding2 th, .esf table.cellpadding2 td { padding: 2px; }

.esf table.cellpadding3 th, .esf table.cellpadding3 td { padding: 3px; }

.esf table.cellpadding4 th, .esf table.cellpadding4 td { padding: 4px; }

.esf table.cellpadding5 th, .esf table.cellpadding5 td { padding: 5px; }

/* HTML5 versions for table cellspacing="0" through cellspacing="5" */

.esf table.cellspacing0 { border-spacing: 0; }

.esf table.cellspacing1 { border-spacing: 1px; }

.esf table.cellspacing2 { border-spacing: 2px; }

.esf table.cellspacing3 { border-spacing: 3px; }

.esf table.cellspacing4 { border-spacing: 4px; }

.esf table.cellspacing5 { border-spacing: 5px; }

/* HTML5 version of border="1" through border="2" */

table.gridBorder { border-top: 1px solid black; border-left: 1px solid black; }

table.gridBorder th, table.gridBorder td { border-bottom: 1px solid black; border-right: 1px solid black; }

table.gridBorder2 { border-top: 2px solid black; border-left: 2px solid black; }

table.gridBorder2 th, table.gridBorder2 td { border-bottom: 2px solid black; border-right: 2px solid black; }

.esf div.newPage { border-top: 1px dotted gray; }

.esf .doNotPrint { } /* do nothing normally, but we override in @print so suppress the element */

.esf div.pagediv { } /* do nothing, but allows you to style as each page is wrapped in a div */

.esf div.inline { display: inline-block; }

.esf span.inlineblock { display: inline-block; }

/* The following are generally not useful for a document, but are used in the auto-rendering of fields, labels, errors, etc. Many of these can be set via DocumentStyles in Open ESF. */

/* For the Field Label rendering */

.esf label.normal { }

.esf label.normal-error { color: red; font-weight: bold; background-color: yellow; }

.esf label.small { font-size: 8pt; }

.esf label.small-error { font-size: 8pt; color: red; font-weight: bold; background-color: yellow; }

.esf span.viewFieldData { width: inherit; } /* when viewing field data -- not in input mode */

.esf span.viewFieldData-error { font-weight: bold; font-style: italic; background-color: pink; border: 2px dashed red; } /* when viewing data that was not known -- not in input mode */

.esf span.labelFieldArea { display: inline-block; } /* sets the width for the label and field area */

.esf span.labelFieldArea span.labelAreaStacked { display: block; white-space: nowrap; }

.esf span.labelFieldArea span.labelAreaRightStacked { display: block; text-align: right; white-space: nowrap; }

.esf span.labelFieldArea span.labelAreaCenterStacked { display: block; text-align: center; white-space: nowrap; }

.esf span.labelFieldArea span.labelArea { display: inline-block; white-space: nowrap; }

.esf span.labelFieldArea span.labelAreaRight { display: inline-block; text-align: right; white-space: nowrap; }

.esf span.labelFieldArea span.labelAreaCenter { display: inline-block; text-align: center; white-space: nowrap; }

.esf span.labelFieldArea span.fieldAreaStacked { display: block; width: 100%; }

.esf span.labelFieldArea span.fieldAreaLeftStacked { display: block; width: 100%; text-align: left; }

.esf span.labelFieldArea span.fieldAreaRightStacked { display: block; width: 100%; text-align: right; }

.esf span.labelFieldArea span.fieldAreaCenterStacked { display: block; width: 100%; text-align: center; }

.esf span.labelFieldArea span.fieldArea { display: inline-block; width: 100%; }

.esf span.labelFieldArea span.fieldAreaLeft { display: inline-block; width: 100%; text-align: left; }

.esf span.labelFieldArea span.fieldAreaRight { display: inline-block; width: 100%; text-align: right; }

.esf span.labelFieldArea span.fieldAreaCenter { display: inline-block; width: 100%; text-align: center; }

.esf span.labelFieldArea span.fieldAreaStackedAuto { display: block; width: auto; }

.esf span.labelFieldArea span.fieldAreaLeftStackedAuto { display: block; width: auto; text-align: left; }

.esf span.labelFieldArea span.fieldAreaRightStackedAuto { display: block; width: auto; text-align: right; }

.esf span.labelFieldArea span.fieldAreaCenterStackedAuto { display: block; width: auto; text-align: center; }

.esf span.labelFieldArea span.fieldAreaAuto { display: inline-block; width: auto; }

.esf span.labelFieldArea span.fieldAreaLeftAuto { display: inline-block; width: auto; text-align: left; }

.esf span.labelFieldArea span.fieldAreaRightAuto { display: inline-block; width: auto; text-align: right; }

.esf span.labelFieldArea span.fieldAreaCenterAuto { display: inline-block; width: auto; text-align: center; }

.esf span.fieldArea { display: inline-block; }

.esf span.fieldAreaLeft { display: inline-block; text-align: left; }

.esf span.fieldAreaRight { display: inline-block; text-align: right; }

.esf span.fieldAreaCenter { display: inline-block; text-align: center; }

.esf span.fieldAreaAuto { display: inline; }

/* Auto widths do not make sense really with alignment as the field should be no bigger than the contents; we'll keep it inline-blocked */

.esf span.fieldAreaLeftAuto { display: inline-block; text-align: left; }

.esf span.fieldAreaRightAuto { display: inline-block; text-align: right; }

.esf span.fieldAreaCenterAuto { display: inline-block; text-align: center; }

/* For signature/initials display */

.esf .signature, .esf .signature input { font-family: 'Pacifico', 'Bradley Hand ITC', 'Lucida Handwriting', 'Comic Sans MS', cursive; font-size: 14pt; color: blue; white-space: nowrap; }

.esf div.signatureBlock { border: 3px solid #9899c4; border-radius: 10px; background-color: #efffff; padding: 0px 3px 3px 12px; width: 720px; page-break-inside: avoid; }

.esf div.signatureBlock p.signatureHeader { font-size: 11pt; font-weight: bold; text-decoration: underline; margin-bottom: 0px; }

.esf .signatureMetadata { font-size: 8pt; font-family: 'Courier New', Courier, monospace; white-space: nowrap; }

/* For optional/required/error input fields; uses span.viewFieldData for showing the data when in non-edit mode */

.esf input.required { background-color: #FFFFE7; font-weight: bold; border: 1px solid #7F9DB9; width: inherit; }

.esf input.optional { background-color: white; font-weight: bold; border: 1px solid #7F9DB9; width: inherit; }

.esf input.error { background-color: #FFC0CB; font-weight: bold; border: 1px solid red; width: inherit; }

.esf select.required { background-color: #FFFFE7; font-weight: bold; border: 1px solid #7F9DB9; width: inherit; }

.esf select.optional { background-color: white; font-weight: bold; border: 1px solid #7F9DB9; width: inherit; }

.esf select.error { background-color: #FFC0CB; font-weight: bold; border: 1px solid red; width: inherit; }

.esf textarea.required { background-color: #FFFFE7; font-weight: bold; border: 1px solid #7F9DB9; width: inherit; }

.esf textarea.optional { background-color: white; font-weight: bold; border: 1px solid #7F9DB9; width: inherit; }

.esf textarea.error { background-color: #FFC0CB; font-weight: bold; border: 1px solid red; width: inherit; }

/* Special override for optional checkboxes to not have a border around them */

.esf input[type="checkbox"].required { border: 0 none !important; outline-color: #FFFFE7; outline-style: solid; outline-width: medium; }

.esf input[type="checkbox"].optional { border: 0 none !important; }

.esf input[type="checkbox"].error { outline: 1px solid red; }

/* Special override for optional radio to not have a border around them */

.esf input[type="radio"].required { border: 0 none !important; outline-color: #FFFFE7; outline-style: solid; outline-width: medium; }

.esf input[type="radio"].optional { border: 0 none !important; }

.esf input[type="radio"].error { outline: 1px solid red; }

.esf input[type="radio"] { margin-bottom: 3px; } /* push it up a bit so fits with label better */

/* For buttons */

.esf p.buttons { margin-top: 2em; margin-left: 2em; }

.esf p.buttons input { margin-right: 2em; font-size: 1.1em; padding: 5px 10px; margin-top: 5px; }

.esf p.buttons input.caution { color: #FF8000; }

.esf p.buttons input.preferredFlow { font-weight: bold; color: green; font-size: 1.3em; padding: 8px 15px; }

.esf p.extraButtons { text-align: right; margin-top: -3em; }

.esf p.extraButtons input { color: blue; font-size: 0.6em; padding: 2px 3px; margin-right: 1em; }

.esf div.documentAndPageNumbersInfo { font-family: 'Courier New', Courier, monospace; font-size: 8pt; text-align: right; color: lightgray; }

/* For image overlays */

.esf div.imageOverlay { position: relative; display: inline-block; }

.esf div.imageOverlay img { margin: 0; padding: 0; }

.esf div.imageOverlay span.imageOverlayFieldArea { position: absolute; margin: 0; padding: 0; }

.esf div.imageOverlay span.imageOverlayFieldArea input[type="radio"] { margin: 0; padding: 0; }

.esf div.imageOverlay span.imageOverlayFieldArea input[type="checkbox"] { margin: 0; padding: 0; }

.esf input.small { font-size: 8pt; }

.esf input.upload { color: green; }

/* For file uploads of images displayed inline */

.esf img.fileUploadInlineImage200 { max-width: 200px; border: 2px solid black; page-break-inside: avoid; }

.esf img.fileUploadInlineImage400 { max-width: 400px; border: 2px solid black; page-break-inside: avoid; }

.esf img.fileUploadInlineImage600 { max-width: 800px; border: 2px solid black; page-break-inside: avoid; }

.esf img.fileUploadInlineImage800 { max-width: 800px; border: 2px solid black; page-break-inside: avoid; }

/* For standard display of ErrorEntry[] arrays from Errors */

.esf table.errorEntryArea { margin-left: 1em; border: 1px solid #FBD777; border-radius: 5px; background-color: #FDE8A5; width: 95%; padding-top: 2px; padding-bottom: 2px; }

.esf ul.errorEntryArea { padding-left: 20px; }

.esf li.error-ErrorEntry { list-style-type: circle; font-size: 1em; font-weight: bold; color: red; margin-left: 0px; margin-right: 1em; }

.esf li.warning-ErrorEntry { list-style-type: circle; font-size: 1em; font-weight: bold; color: blue; margin-left: 0px; margin-right: 1em; }

.esf li.success-ErrorEntry { list-style-type: circle; font-size: 1em; font-weight: bold; color: green; margin-left: 0px; margin-right: 1em; }

.esf li.info-ErrorEntry { list-style-type: circle; font-size: 1em; font-weight: bold; color: black; margin-left: 0px; margin-right: 1em; }

/* Used for multi-line reports to separate them like "greenbar paper" of old */

.esf .bgGreenbarLight { background-color: transparent; }

.esf .bgGreenbarDark { background-color: #E8E6E6; }

.esf span.jspfooter { font-size: 8pt; color: gray; }

.esf div.jspErrorPageMessage { margin-left: 1em; width: 700px; font-weight: bold; background-color: pink; border: 1px solid black; border-radius: 10px; padding: 0px 1em 0px 1em; }

@media print {

  body.esf { margin: 0; padding: 0; font-size: 80% !important; }

  .esf div.newPage { border-top: none; page-break-after: always; }

  .esf a.showURL:link:after, a.showURL:visited:after { content: " (" attr(href) ")"; font-size: 80%; }

  .esf .doNotPrint { display: none; }

}

/* Begin document style id: 9a000404-5f56-4a1c-ad4a-be6382c67d97, version id: 86f339d5-81e2-4117-95c2-8f747f5a6fe3 */

body.esf { font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 11pt;    }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 span.signature { font-family: Pacifico, cursive; font-size: 14pt; color: blue; font-style: normal; font-weight: normal; font-variant: normal; text-transform: inherit;  }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 span.signature input { font-family: Pacifico, cursive; font-size: 14pt; color: blue; font-style: normal; font-weight: normal; font-variant: normal; text-transform: inherit;  }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 span.viewFieldData {      }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 input[type='checkbox'].required { border: 0 none !important; outline-color: #FFFFE7; outline-style: solid; outline-width: medium; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 input[type='radio'].required { border: 0 none !important; outline-color: #FFFFE7; outline-style: solid; outline-width: medium; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 input.required {    font-style: normal; font-weight: bold; font-variant: normal; text-transform: inherit; background-color: #FFFFE7; border: 1px solid #7F9DB9; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 select.required {    font-style: normal; font-weight: bold; font-variant: normal; text-transform: inherit; background-color: #FFFFE7; border: 1px solid #7F9DB9; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 textarea.required {    font-style: normal; font-weight: bold; font-variant: normal; text-transform: inherit; background-color: #FFFFE7; border: 1px solid #7F9DB9; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 input.optional {    font-style: normal; font-weight: bold; font-variant: normal; text-transform: inherit; background-color: white; border: 1px solid #7F9DB9; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 select.optional {    font-style: normal; font-weight: bold; font-variant: normal; text-transform: inherit; background-color: white; border: 1px solid #7F9DB9; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 textarea.optional {    font-style: normal; font-weight: bold; font-variant: normal; text-transform: inherit; background-color: white; border: 1px solid #7F9DB9; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 input[type='checkbox'].error { border: 0 none !important; outline: 1px solid red; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 input[type='radio'].error { border: 0 none !important; outline: 1px solid red; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 input.error {    font-style: normal; font-weight: bold; font-variant: normal; text-transform: inherit; background-color: #FFC0CB; border: 1px solid red; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 select.error {    font-style: normal; font-weight: bold; font-variant: normal; text-transform: inherit; background-color: #FFC0CB; border: 1px solid red; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 textarea.error {    font-style: normal; font-weight: bold; font-variant: normal; text-transform: inherit; background-color: #FFC0CB; border: 1px solid red; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 label.normal {      }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 label.normal-error {   color: red; font-style: normal; font-weight: bold; font-variant: normal; text-transform: inherit; background-color: yellow; }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 label.small {  font-size: 8pt;    }

.esf .X86f339d5_81e2_4117_95c2_8f747f5a6fe3 label.small-error {  font-size: 8pt; color: red; font-style: normal; font-weight: bold; font-variant: normal; text-transform: inherit; background-color: yellow; }

/* End document style */

</style>

<script type="text/javascript">

(function() {

  // If not defined yet, ensure our top "JavaScript namespace" variable 'esf' is created.

  if ( typeof esf == "undefined" ) {

  esf = {

  version: {

  major: 19, minor: 1, update: '19',

  toString: function(){

  with(esf.version){

  return major + "." + minor + "." + update;

  }

  }

  },

  appname: 'Open eSignForms',

  htmlCopyright: '&copy; 2019 Yozons, Inc.',

  textCopyright: 'Copyright (c) 2009-2019 Yozons, Inc.'

  };

  esf.getRelease = function() {

  return this.appname + " " + this.version.toString();

  };

  if ( typeof console != "undefined") console.log(esf.getRelease() + ' - ' + esf.textCopyright);

  esf.saveScrollPosition = function(elem) {

  var currLeft = window.pageXOffset || document.documentElement.scrollLeft;

  var currTop  = window.pageYOffset || document.documentElement.scrollTop;

  elem.form.ESF_PAGE_SCROLLLEFT.value = currLeft;  // form field name must match DocumentPageBean.HIDDEN_PAGE_SCROLLLEFT

  elem.form.ESF_PAGE_SCROLLTOP.value  = currTop;   // form field name must match DocumentPageBean.HIDDEN_PAGE_SCROLLTOP

  }

  esf.autoPost = function(inputField) {

  esf.confirmOnPageUnloadMessage = null; // do not block leaving page for autopost

  esf.hideAllSubmitInputFields();

  inputField.form.ESF_AUTO_POST_FIELD_ID.value = inputField.id; // form field name must match DocumentPageBean.HIDDEN_AUTO_POST_FIELD_ID

  esf.saveScrollPosition(inputField);

  inputField.form.submit();

  };

  esf.blockEnterKeyViaInputFields = function(e) {

  var evt = e || window.event;

  var node = (evt.target) ? evt.target : ((evt.srcElement) ? evt.srcElement : null);

  if ((evt.keyCode == 13) && (node.type=="text")) {

  return false;

  }

  };

  esf.checkConfirmOnPageUnload = function(confirm,durationMsec) {

  if (! confirm) {

  window.onbeforeunload = null;

  }

  if ( durationMsec && durationMsec > 0 )

  esf.hideAllSubmitInputFieldsTemporarily(durationMsec);

  else

  esf.hideAllSubmitInputFields();

  };

  // For links, we don't hide buttons and we don't clear the unload unless requested AND the target is _top or _self (or no target set)

  esf.checkLinkConfirmOnPageUnload = function(confirm,atag) {

  if (! confirm && (atag.target == "_top" || atag.target == "_self" || atag.target == "") ) {

  window.onbeforeunload = null;

  }

  };

  // Default is no message to display on page unload

  esf.confirmOnPageUnloadMessage = null;

  esf.confirmOnPageUnload = function(e) {

  e = e || window.event;

          if ( esf.confirmOnPageUnloadMessage ) {

          if (e) {

          e.returnValue = esf.confirmOnPageUnloadMessage;

          }

              return esf.confirmOnPageUnloadMessage;

          }

  };

  esf.hideAllSubmitInputFields = function() {

    if ( document.getElementsByTagName ) {

    var inputFields = document.getElementsByTagName("input");

    for( var i=0; i < inputFields.length; ++i ) {

      if ( inputFields[i].type == "submit" )

          esf.makeInvisible(inputFields[i]);

    }

    var buttonFields = document.getElementsByTagName("button");

    for( var i=0; i < buttonFields.length; ++i ) {

    esf.makeInvisible(buttonFields[i]);

    }

    return true;

    }

  };

  esf.showAllSubmitInputFields = function() {

    if ( document.getElementsByTagName ) {

      var inputFields = document.getElementsByTagName("input");

    for( var i=0; i < inputFields.length; ++i ) {

      if ( inputFields[i].type == "submit" )

          esf.makeVisible(inputFields[i]);

    }

    var buttonFields = document.getElementsByTagName("button");

    for( var i=0; i < buttonFields.length; ++i ) {

    esf.makeVisible(buttonFields[i]);

    }

    return true;

    }

  };

  esf.hideAllSubmitInputFieldsTemporarily = function(durationMsec) {

  esf.hideAllSubmitInputFields();

  setTimeout( esf.showAllSubmitInputFields, durationMsec );

  };

  esf.displayById = function(id) {

  if ( document.getElementById && document.getElementById(id) )

  esf.display(document.getElementById(id));

  };

  esf.display = function(elem) {

  if ( elem && elem.style )

  elem.style.display = "block";

  };

  esf.hideById = function(id) {

  if ( document.getElementById && document.getElementById(id) )

  esf.hide(document.getElementById(id));

  };

  esf.hide = function(elem) {

  if ( elem && elem.style )

  elem.style.display = "none";

  };

  esf.makeVisibleById = function(id) {

  if ( document.getElementById && document.getElementById(id) )

  esf.makeVisible(document.getElementById(id));

  };

  esf.makeVisible = function(elem) {

    if ( elem && elem.style )

    elem.style.visibility = 'visible';

  };

  esf.makeInvisibleById = function(id) {

  if ( document.getElementById && document.getElementById(id) )

  esf.makeInvisible(document.getElementById(id));

  };

  esf.makeInvisible = function(elem) {

    if ( elem && elem.style )

    elem.style.visibility = 'hidden';

  };

  esf.makeTemporarilyInvisible = function(elem, durationMsec) {

  esf.makeInvisible(elem);

      setTimeout( function(){esf.makeVisible(elem);}, durationMsec );

  };

  esf.ensureTopWindow = function() {

    if (window != window.top)

  top.location.href = location.href;

  };

  esf.getElementsByFieldName = function(fieldName) {

    if ( document.getElementsByName ) {

    return document.getElementsByName(fieldName.toLowerCase()); // Field names are all lowercase in the HTML DOM

    }

    return []; // not really an empty node list, but an empty array so it has a 'length' property to query before accessing

  };

  esf.getElementByFieldName = function(fieldName) {

    var elemNL = esf.getElementsByFieldName(fieldName);

    return elemNL.length > 0 ? elemNL[0] : null;

  };

  esf.setAllCheckboxesByName = function(name,b) {

    var checkboxes = esf.getElementsByFieldName(name);

    for( var i=0; i < checkboxes.length; ++i ) {

      if ( checkboxes[i].type == "checkbox" )

          checkboxes[i].checked = b;

    }

  };

  esf.checkAllCheckboxesByName = function(name) {

      esf.setAllCheckboxesByName(name,true);

  };

  esf.uncheckAllCheckboxesByName = function(name) {

      esf.setAllCheckboxesByName(name,false);

  };

  /* Expects two radiobuttons to be laid out as [] Yes  [] No order -- can also be stacked as long as Yes is first */

  esf.setupDisplayIfYesNoRadioButtonGroupIsYes = function(yesNoRadioButtonGroupName,elemIdToShowIfYes,currentRadioButtonGroupFieldValue) {

    var rbYesNoElems = document.getElementsByName(yesNoRadioButtonGroupName.toLowerCase());

    if ( rbYesNoElems && rbYesNoElems.length == 2 ) { /* radio buttons will only exist in EDIT mode */

    rbYesNoElems[0].onclick = function() { esf.displayById(elemIdToShowIfYes); }; /* yes rb */

    rbYesNoElems[1].onclick = function() { esf.hideById(elemIdToShowIfYes); }; /* no rb */

    }

    var lowerValue = currentRadioButtonGroupFieldValue.toLowerCase();

    if ( lowerValue.startsWith('y') || lowerValue.startsWith('t') || lowerValue == '1' )

        esf.displayById(elemIdToShowIfYes);

    else

        esf.hideById(elemIdToShowIfYes);

  };

  /* Expects two radiobuttons to be laid out as [] Yes  [] No order -- can also be stacked as long as Yes is first */

  esf.setupDisplayIfYesNoRadioButtonGroupIsNo = function(yesNoRadioButtonGroupName,elemIdToShowIfNo,currentRadioButtonGroupFieldValue) {

        var rbYesNoElems = document.getElementsByName(yesNoRadioButtonGroupName.toLowerCase());

<p style="font-size: 11p

Answers

  • 38789783878978 Posts: 4
    edited January 2019

    A quick update if it helps.  We were able to test under Java 10, and it also works fine.  So the issue starts with OpenJDK 11.

    Works Java 8:

    java version "1.8.0_161"

    Java(TM) SE Runtime Environment (build 1.8.0_161-b12)

    Java HotSpot(TM) 64-Bit Server VM (build 25.161-b12, mixed mode)

    Works Java 10:

    java version "10.0.2" 2018-07-17

    Java(TM) SE Runtime Environment 18.3 (build 10.0.2+13)

    Java HotSpot(TM) 64-Bit Server VM 18.3 (build 10.0.2+13, mixed mode)

    Broken on Java 11:

    openjdk version "11.0.2" 2019-01-15

    OpenJDK Runtime Environment 18.9 (build 11.0.2+9)

    OpenJDK 64-Bit Server VM 18.9 (build 11.0.2+9, mixed mode)

  • 38789783878978 Posts: 4
    edited January 2019

    The last bit we've discovered is that under OpenJDK 11, it appears that the XML digitally signed documents are verified fine; it's just creating new digitally signed that throws the NAMESPACE_ERR issue.  When we retrieve XML digitally signed documents, we verify that the signature is valid, and that code appears to work and find the prior signature to be valid.

  • 38789783878978 Posts: 4
    edited February 2019

    I have a test version of the code that can run standalone and shows the bug.  I'm not sure how best to transfer this information to the forum for those to play with.

    Note that we use the BouncyCastle BC used in our code, but if you don't have or want to use the BC provider JAR, it will fallback to the SunRsaSign provider that appears to be bundled with JDKs. 

    I get the same results with BC or SunRsaSign providers.  It's just the Java version that causes the issue.

    In testing with or without the BC provider, the Java 10 version runs and produces the signed XML, while the Java 11 fails.

    java version "10.0.2" 2018-07-17
    Java(TM) SE Runtime Environment 18.3 (build 10.0.2+13)
    Java HotSpot(TM) 64-Bit Server VM 18.3 (build 10.0.2+13, mixed mode)

    openjdk version "11.0.2" 2019-01-15
    OpenJDK Runtime Environment 18.9 (build 11.0.2+9)
    OpenJDK 64-Bit Server VM 18.9 (build 11.0.2+9, mixed mode)

    The Java 11 exception:

    XmlDigitalSignature.main() exception: NAMESPACE_ERR: An attempt is made to create or change an object in a way which is incorrect with regard to namespaces.
    org.w3c.dom.DOMException: NAMESPACE_ERR: An attempt is made to create or change an object in a way which is incorrect with regard to namespaces.
        at java.xml/com.sun.org.apache.xerces.internal.dom.ElementNSImpl.setName(ElementNSImpl.java:109)
        at java.xml/com.sun.org.apache.xerces.internal.dom.ElementNSImpl.<init>(ElementNSImpl.java:84)
        at java.xml/com.sun.org.apache.xerces.internal.dom.CoreDocumentImpl.createElementNS(CoreDocumentImpl.java:2089)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.XmlWriterToTree.writeStartElement(XmlWriterToTree.java:99)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.Marshaller.marshalGenericNode(Marshaller.java:303)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.Marshaller.marshalGenericNode(Marshaller.java:286)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.Marshaller$14.marshalObject(Marshaller.java:251)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.Marshaller$14.marshalObject(Marshaller.java:247)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.XmlWriterToTree.marshalStructure(XmlWriterToTree.java:200)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLObject.marshal(DOMXMLObject.java:180)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature.marshal(DOMXMLSignature.java:233)
        at java.xml.crypto/org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:325)
        at com.esignforms.open.xmldsigbug.XmlDigitalSignature.sign(XmlDigitalSignature.java:212)
        at com.esignforms.open.xmldsigbug.XmlDigitalSignature.main(XmlDigitalSignature.java:732)

    Under Java 10, the signed XML:

    <snapshot xmlns="http://open.esignforms.com/XMLSchema/2011" timestamp="2019-02-06T13:29:02-08:00" type="document"><![CDATA[<html xmlns="http://www.w3.org/1999/xhtml"><head></head><body><p>Dummy HTML document</p></body></html>]]><Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="OpenESignForms_Seal"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/><Reference Id="Payload_Reference_ID" URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/><DigestValue>xbX6EvkJBIDySHYJizqf4rNkEi5eQRyWfpD5TX1xaSI7pez0isMTFwho7/F+fJioI2eHEBPpujhn
    wvIlHvvCOg==</DigestValue></Reference><Reference URI="#KeyInfo_ID"><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/><DigestValue>D6WsZi/HzkmfZCT3tg7rvoo8S3mkNx5WkEp71OiOJ+JVYG+UAF6aVadY55Jt/tR3BF/wDntWOraK
    gmAXZ2ifHQ==</DigestValue></Reference><Reference URI="#QualifyingProperties_ID"><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/><DigestValue>1tOD+n70iPIcUM0gylw5Wu4LpFQUyEi0L+aq0Z5RgdvO4xsoypumooQRPWWxn/esiisbbRSEbCxs
    11jaahDUGQ==</DigestValue></Reference><Reference URI="#OpenESignForms_Seal_ID"><DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/><DigestValue>A9REglXLHIr8M5xFHIR8o93pNKMiCoOQTW/58WOXLnQ/8Gaw4txOTwIsnclKxG+5bkQ76/KR/It+
    /ljnjdlmFw==</DigestValue></Reference></SignedInfo><SignatureValue>FxFXp98EIK2+NoHlwE6ewE9En+X02tz0Fb4IBlHKLh/aRYbGQn8ceexq27nbfA3wKXYgLM5aG9Mv
    n+nvkLQfP+U0jXtW6En0hGnbmCa2sBevEB0l31HItXW6+KocAJBio8FT1Sps0mAn7eAAfKbuVyTu
    Xy+SOcJZWrTzSkI7V323+TwRv4i6NbIpVJsH/Cj7AfuqWocWenPAmBNDfzmgjohnL8vN1OFNPdXz
    RN6rkVbPl+yvjhUtX2XgGkHiMvYmrd64XGGfGv80Iu052+CUoe5ZHEIe1M26hK995ffotVzPbHov
    2O2cCIXJI1xWIHpS926KTvtpMVHEiWtDqGbh2mKmG7zD2AHEJY2d/u34pOauLkeU5Yk87BK0Dt9Q
    jiDxJy28wMbO0eyoiMfWwf5VWeiyzbPkDGzCqUvQEbXmGuvkhxRuztE7cELF2dWdvx/8rRjc7Imh
    OJ4pwgaxHS4Ek5C8mP6MCPfdiztCO4z08iKbnXOBaG1oe1+SyvecksLy2vF8UxQwPfV6LVU7cxhy
    C51R3nXZcsgNNTvxLyO8npKKlLtJj4O1D3cfhgKUWNZCKg9HCh1J6VKyEg3KFXWN//vD8QPSDhmx
    BPKLq+QZQw8SW4bMTrI5xIgY5FYiwMex5lyezGcjFzWAp64m8lehpW889wi2A18j6ccQ2K8+PN4=</SignatureValue><KeyInfo Id="KeyInfo_ID"><KeyName>5c585e1f-634a-4ddb-bbe0-9b110e38d3a6</KeyName><KeyValue><RSAKeyValue><Modulus>kPCr+Fy0NInaICpnzDpGLkNQ93kd0NzZfTBfQOb3PUH1Bt4OrBWcvYoch7wUm6k1Il3apsi7s2B9
    Geqbh7tzF41MwvTWBNCQg3Kw3FKcF0jzKZ7D+na8Ndc52YPmsjU9zjpf+SDfKqb0NIDe3Bo3csWW
    I42CkF3sI9AFknogovrfRM7ITJatA6WRHU8Kv6Qee8VfXZ1XAdKzWcc9EWbj74Kagiz8bMeATujU
    MCI/XQb1luwvlrVxZUtnfLL9WD6Nvmj3uDYK52z5E80vqTKIq7EJvmlR7kcEdH1NuxDQSWCJQgQX
    oU2TzuB0Nmov7P/pZ40JPF72Knb18Rgu4aRSMiaKKw+jzFHpw75VlQn2YkdfjNMwfUaEaZ4wuHoJ
    Qjud79jilbam++eUQFRxjcXK9Nl/z01KtmuV1mPhm97LRaKQlsbBxa56pncrkAmF0cuIipPzo9aB
    snJZkUQuwQtD/moDkUm84v5SOU1hn4RpWdGAkaJ1ubIrnKfF0qKmbCOcO69SEL5zP0JXEgSZ+D6z
    Vv7VkAJizdJ91KKs4y/ypel4lurNcyBd3hzw8xpz9joMl8DOTLCcLhGp350Vrccbh9vauAcRcK/n
    C+yaPI/mghmN2D2yZ3LZ3Z6k78Jl9BUV7PL5YyuxQmZjVP07lJvi6glLUm23o+c3c4D7rgHL4gM=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue><X509Data><X509Certificate>MIIKvTCCCKWgAwIBAgIJAPaU10x5GhRQMA0GCSqGSIb3DQEBDQUAMIHYMU0wSwYDVQQDDERPcGVu
    X2VTaWduRm9ybXNfaHR0cHM6Ly9sb2NhbGhvc3QubG9jYWxkb21haW4vb3Blbi1lU2lnbkZvcm1z
    VmFhZGluNzE6MDgGA1UECgwxRGVwbG95bWVudElEL2FhMGUyYjllLWM5ZDItNDk0NS04ZWVmLWI2
    NDhiZDYzYWFjNDE8MDoGA1UECwwzU2lnbmF0dXJlS2V5SUQvMDJkYmMwMDktMTAyYi00ZWE3LTlh
    YzgtNzYwZThiMzY4NTlmMQ0wCwYDVQQGEwRudWxsMB4XDTE0MTIxNjAzMjc1NVoXDTI0MTIxNjAz
    Mjc1NVowgdgxTTBLBgNVBAMMRE9wZW5fZVNpZ25Gb3Jtc19odHRwczovL2xvY2FsaG9zdC5sb2Nh
    bGRvbWFpbi9vcGVuLWVTaWduRm9ybXNWYWFkaW43MTowOAYDVQQKDDFEZXBsb3ltZW50SUQvYWEw
    ZTJiOWUtYzlkMi00OTQ1LThlZWYtYjY0OGJkNjNhYWM0MTwwOgYDVQQLDDNTaWduYXR1cmVLZXlJ
    RC8wMmRiYzAwOS0xMDJiLTRlYTctOWFjOC03NjBlOGIzNjg1OWYxDTALBgNVBAYTBG51bGwwggIi
    MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCQ8Kv4XLQ0idogKmfMOkYuQ1D3eR3Q3Nl9MF9A
    5vc9QfUG3g6sFZy9ihyHvBSbqTUiXdqmyLuzYH0Z6puHu3MXjUzC9NYE0JCDcrDcUpwXSPMpnsP6
    drw11znZg+ayNT3OOl/5IN8qpvQ0gN7cGjdyxZYjjYKQXewj0AWSeiCi+t9EzshMlq0DpZEdTwq/
    pB57xV9dnVcB0rNZxz0RZuPvgpqCLPxsx4BO6NQwIj9dBvWW7C+WtXFlS2d8sv1YPo2+aPe4Ngrn
    bPkTzS+pMoirsQm+aVHuRwR0fU27ENBJYIlCBBehTZPO4HQ2ai/s/+lnjQk8XvYqdvXxGC7hpFIy
    JoorD6PMUenDvlWVCfZiR1+M0zB9RoRpnjC4eglCO53v2OKVtqb755RAVHGNxcr02X/PTUq2a5XW
    Y+Gb3stFopCWxsHFrnqmdyuQCYXRy4iKk/Oj1oGyclmRRC7BC0P+agORSbzi/lI5TWGfhGlZ0YCR
    onW5siucp8XSoqZsI5w7r1IQvnM/QlcSBJn4PrNW/tWQAmLN0n3UoqzjL/Kl6XiW6s1zIF3eHPDz
    GnP2OgyXwM5MsJwuEanfnRWtxxuH29q4BxFwr+cL7Jo8j+aCGY3YPbJnctndnqTvwmX0FRXs8vlj
    K7FCZmNU/TuUm+LqCUtSbbej5zdzgPuuAcviAwIDAQABo4IEhjCCBIIwggIzBgNVHQ4EggIqBIIC
    JjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJDwq/hctDSJ2iAqZ8w6Ri5DUPd5HdDc
    2X0wX0Dm9z1B9QbeDqwVnL2KHIe8FJupNSJd2qbIu7NgfRnqm4e7cxeNTML01gTQkINysNxSnBdI
    8ymew/p2vDXXOdmD5rI1Pc46X/kg3yqm9DSA3twaN3LFliONgpBd7CPQBZJ6IKL630TOyEyWrQOl
    kR1PCr+kHnvFX12dVwHSs1nHPRFm4++CmoIs/GzHgE7o1DAiP10G9ZbsL5a1cWVLZ3yy/Vg+jb5o
    97g2Cuds+RPNL6kyiKuxCb5pUe5HBHR9TbsQ0ElgiUIEF6FNk87gdDZqL+z/6WeNCTxe9ip29fEY
    LuGkUjImiisPo8xR6cO+VZUJ9mJHX4zTMH1GhGmeMLh6CUI7ne/Y4pW2pvvnlEBUcY3FyvTZf89N
    SrZrldZj4Zvey0WikJbGwcWueqZ3K5AJhdHLiIqT86PWgbJyWZFELsELQ/5qA5FJvOL+UjlNYZ+E
    aVnRgJGidbmyK5ynxdKipmwjnDuvUhC+cz9CVxIEmfg+s1b+1ZACYs3SfdSirOMv8qXpeJbqzXMg
    Xd4c8PMac/Y6DJfAzkywnC4Rqd+dFa3HG4fb2rgHEXCv5wvsmjyP5oIZjdg9smdy2d2epO/CZfQV
    Fezy+WMrsUJmY1T9O5Sb4uoJS1Jtt6PnN3OA+64By+IDAgMBAAEwggI3BgNVHSMEggIuMIICKoCC
    AiYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCQ8Kv4XLQ0idogKmfMOkYuQ1D3eR3Q
    3Nl9MF9A5vc9QfUG3g6sFZy9ihyHvBSbqTUiXdqmyLuzYH0Z6puHu3MXjUzC9NYE0JCDcrDcUpwX
    SPMpnsP6drw11znZg+ayNT3OOl/5IN8qpvQ0gN7cGjdyxZYjjYKQXewj0AWSeiCi+t9EzshMlq0D
    pZEdTwq/pB57xV9dnVcB0rNZxz0RZuPvgpqCLPxsx4BO6NQwIj9dBvWW7C+WtXFlS2d8sv1YPo2+
    aPe4NgrnbPkTzS+pMoirsQm+aVHuRwR0fU27ENBJYIlCBBehTZPO4HQ2ai/s/+lnjQk8XvYqdvXx
    GC7hpFIyJoorD6PMUenDvlWVCfZiR1+M0zB9RoRpnjC4eglCO53v2OKVtqb755RAVHGNxcr02X/P
    TUq2a5XWY+Gb3stFopCWxsHFrnqmdyuQCYXRy4iKk/Oj1oGyclmRRC7BC0P+agORSbzi/lI5TWGf
    hGlZ0YCRonW5siucp8XSoqZsI5w7r1IQvnM/QlcSBJn4PrNW/tWQAmLN0n3UoqzjL/Kl6XiW6s1z
    IF3eHPDzGnP2OgyXwM5MsJwuEanfnRWtxxuH29q4BxFwr+cL7Jo8j+aCGY3YPbJnctndnqTvwmX0
    FRXs8vljK7FCZmNU/TuUm+LqCUtSbbej5zdzgPuuAcviAwIDAQABMA4GA1UdDwEB/wQEAwIGwDAN
    BgkqhkiG9w0BAQ0FAAOCAgEAOu3Y4o7P4wel6zcwGIHfwuTuL/IX9qzYnxtPNkEHL8D8v3P4Tovk
    zDHOou4Ai5yycZninbaoK2WJr80p2HNfISY51fCJZ+Z16xmBlPmunnLI23cTAJGnZlI6WtsZLXQw
    LX91VkqKlRL73+MZECxO0m5I4hxNu8CeOIcQ7aCLvnkO8AEeCa9zAwmiL2tJ8coJvELvqS9Zaiaz
    syix8IWETtrZ+vv+85rASl5PSkCb0AX3eipJoqRgGazWraV7NBwDZgPEYXNQq1/jbQoirjJIzNQO
    KEgH3wViGFVwnW4YJ4dzbtVd6EVaHZGmYb666FpwNPz6OBLgX1sjvDTMTYGYo/VrIN02neYEvBtK
    GrZ5Gw7l7BOyKe92F3iQ3q90/kOBmGnEn8agkKlynv5IlJR8xOCxG1U9e8GFfmAwFS5hYtf0Gh/u
    FRqnOepWQKuZ3kBBR+6KttbE58aD2kVuB36et5Dij1nxr+ihL7e4V42KsQQn/VBDrMoU5xW+yZH/
    aAEgpbfUm5detK5oFqs5JIILFiyUXQCrvYuNZFx4vDqrsDmmAaaAPBlcybCUXseqh4hThyrOJ0dX
    3xaXcwd32t1+/aOa7jgJRTgSklxhhcRCMHI9HWNlLgUWmvZ2O5G70reY4Kyg1NAS56qX48Xbckvy
    VMfem/JPPYT/veThnefIgQk=</X509Certificate></X509Data></KeyInfo><Object><QualifyingProperties Id="QualifyingProperties_ID"><SignedProperties><SignedSignatureProperties><SigningTime>2019-02-06T13:29:03-08:00</SigningTime></SignedSignatureProperties><SignedDataObjectProperties><DataObjectFormat ObjectReference="#Payload_Reference_ID"><Description>description</Description><MimeType>text/html</MimeType></DataObjectFormat></SignedDataObjectProperties></SignedProperties></QualifyingProperties></Object><Object><SignatureProperties><SignatureProperty Id="OpenESignForms_Seal_ID" Target="#OpenESignForms_Seal"><OpenESignForms_XmlDigitalSignatureSeal DeploymentHostAddress="192.1.1.1" DeploymentHostName="open.esignforms.com" DeploymentId="1.1.1.1" SignerAddress="192.1.1.1" SignerAgent="No-Browser-Test" Timestamp="2019-02-06T13:29:03-08:00" Version="19.1.19"/></SignatureProperty></SignatureProperties></Object></Signature></snapshot>

    XML Digital Signature code used:

    // Copyright (C) 2011-2019 Yozons, Inc.

    // Open eSignForms - Web-based electronic contracting software

    //

    // This program is free software: you can redistribute it and/or modify it under the terms of the GNU Affero General Public License

    // as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

    //

    // This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;

    // without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. 

    // See the GNU Affero General Public License for more details.

    //

    // You should have received a copy of the GNU Affero General Public License along with this program. 

    // If not, see <http://open.esignforms.com/agpl.txt> or <http://www.gnu.org/licenses/>.

    // Contact information is via the public forums at http://open.esignforms.com or via private email to [email protected].

    //

    package com.esignforms.open.xmldsigbug;

    import java.io.BufferedInputStream;

    import java.io.ByteArrayInputStream;

    import java.io.StringWriter;

    import java.io.Writer;

    import java.nio.charset.StandardCharsets;

    import java.security.Key;

    import java.security.KeyException;

    import java.security.KeyFactory;

    import java.security.KeyPair;

    import java.security.NoSuchProviderException;

    import java.security.PrivateKey;

    import java.security.PublicKey;

    import java.security.cert.Certificate;

    import java.security.cert.CertificateFactory;

    import java.security.cert.X509Certificate;

    import java.security.spec.PKCS8EncodedKeySpec;

    import java.security.spec.X509EncodedKeySpec;

    import java.time.ZonedDateTime;

    import java.time.format.DateTimeFormatter;

    import java.util.Collections;

    import java.util.Iterator;

    import java.util.LinkedList;

    import java.util.List;

    import java.util.UUID;

    import javax.xml.crypto.AlgorithmMethod;

    import javax.xml.crypto.KeySelector;

    import javax.xml.crypto.KeySelectorException;

    import javax.xml.crypto.KeySelectorResult;

    import javax.xml.crypto.XMLCryptoContext;

    import javax.xml.crypto.XMLStructure;

    import javax.xml.crypto.dom.DOMStructure;

    import javax.xml.crypto.dsig.DigestMethod;

    import javax.xml.crypto.dsig.Reference;

    import javax.xml.crypto.dsig.SignatureMethod;

    import javax.xml.crypto.dsig.SignatureProperties;

    import javax.xml.crypto.dsig.SignatureProperty;

    import javax.xml.crypto.dsig.SignedInfo;

    import javax.xml.crypto.dsig.Transform;

    import javax.xml.crypto.dsig.XMLObject;

    import javax.xml.crypto.dsig.XMLSignature;

    import javax.xml.crypto.dsig.XMLSignatureFactory;

    import javax.xml.crypto.dsig.dom.DOMSignContext;

    import javax.xml.crypto.dsig.dom.DOMValidateContext;

    import javax.xml.crypto.dsig.keyinfo.KeyInfo;

    import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;

    import javax.xml.crypto.dsig.keyinfo.KeyName;

    import javax.xml.crypto.dsig.keyinfo.KeyValue;

    import javax.xml.crypto.dsig.keyinfo.X509Data;

    import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;

    import javax.xml.crypto.dsig.spec.TransformParameterSpec;

    import javax.xml.parsers.DocumentBuilderFactory;

    import javax.xml.transform.OutputKeys;

    import javax.xml.transform.Transformer;

    import javax.xml.transform.TransformerFactory;

    import javax.xml.transform.dom.DOMSource;

    import javax.xml.transform.stream.StreamResult;

    import org.w3c.dom.Document;

    import org.w3c.dom.Element;

    import org.w3c.dom.NodeList;

    /**

    * This code is adapted from the Open eSignForms source file com.esignforms.open.crypto.XmlDigitalSignature, with all platform hooks removed.

    *

    * XmlDigitalSignature provides our interface to XML Digital Signatures.

    *

    * Much of the code understanding came from Oracle's technotes:

    * http://download.oracle.com/javase/6/docs/technotes/guides/security/xmldsig/XMLDigitalSignature.html

    *

    * @author Yozons, Inc.

    */

    public final class XmlDigitalSignature {

      // These literals are supported as of Java 7, but are not defined in the API yet...

      private static final String SignatureMethod_RSA_SHA512 = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha512";

      private static final String CanonicalizationMethod_INCLUSIVE_C14N11_WITH_COMMENTS = "http://www.w3.org/2006/12/xml-c14n11#WithComments";

      private XMLSignatureFactory xmlSignatureFactory;

      public XmlDigitalSignature() {

      xmlSignatureFactory = XMLSignatureFactory.getInstance("DOM");

      }

      public String sign(String xmlToSign, String description, String contentType, SignatureKey signatureKey) throws Exception {

      return sign(xmlToSign, description, contentType, signatureKey, null, null);

      }

      public String sign(String xmlToSign, String description, String contentType, SignatureKey signatureKey, String signerIpHost, String signerUserAgent) throws Exception {

      if (isBlank(xmlToSign))

      throw new Exception("Missing XML string to be signed.");

      if (signatureKey == null)

      throw new Exception("Missing the signature key needed to sign.");

      try {

      // Our KeyInfo section will have a KeyName that is our signature key's id, as well as the public key itself,

      // and our self-sign X.509 certificate.

      KeyInfoFactory keyInfoFactory = xmlSignatureFactory.getKeyInfoFactory();

      List<XMLStructure> keyInfoList = new LinkedList<XMLStructure>();

      KeyName keyName = keyInfoFactory.newKeyName(signatureKey.id.toString());

      keyInfoList.add(keyName);

      KeyValue keyValue = keyInfoFactory.newKeyValue(signatureKey.keyPair.getPublic());

      keyInfoList.add(keyValue);

      X509Data keyX409Data = keyInfoFactory.newX509Data(Collections.singletonList(signatureKey.cert));

      keyInfoList.add(keyX409Data);

      KeyInfo keyInfo = keyInfoFactory.newKeyInfo(keyInfoList, "KeyInfo_ID");

      // Instantiate the document to be signed

      DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

      dbf.setNamespaceAware(true);

      Document document = dbf.newDocumentBuilder().parse(new BufferedInputStream(new ByteArrayInputStream(stringToBytes(xmlToSign))));

      // Create a DOMSignContext and specify the RSA PrivateKey and

      // location of the resulting XMLSignature's parent element.

      DOMSignContext domSignContext = new DOMSignContext(signatureKey.keyPair.getPrivate(), document.getDocumentElement());

      // Add in the EU Directive extras: http://uri.etsi.org/01903/v1.4.1/ts_101903v010401p.pdf

      String signingTime = toXmlWithTz(ZonedDateTime.now());

      Element qualifyingPropertiesElement = document.createElement("QualifyingProperties");

      qualifyingPropertiesElement.setAttribute("Id", "QualifyingProperties_ID");

      qualifyingPropertiesElement.setIdAttribute("Id", true); // mark our id as the "Id" attribute

      Element signedPropertiesElement = document.createElement("SignedProperties");

      Element signedSignaturePropertiesElement = document.createElement("SignedSignatureProperties");

      Element signingTimeElement = document.createElement("SigningTime");

      signingTimeElement.setTextContent(signingTime);

      Element signedDataObjectPropertiesElement = document.createElement("SignedDataObjectProperties");

      Element dataObjectFormatElement = document.createElement("DataObjectFormat");

      dataObjectFormatElement.setAttribute("ObjectReference", "#Payload_Reference_ID");

      Element dataObjectDescriptionElement = document.createElement("Description");

      dataObjectDescriptionElement.setTextContent(toEscapedXml(description));

      dataObjectFormatElement.appendChild(dataObjectDescriptionElement);

      Element dataObjectMimeTypeElement = document.createElement("MimeType");

      dataObjectMimeTypeElement.setTextContent(toEscapedXml(contentType));

      dataObjectFormatElement.appendChild(dataObjectMimeTypeElement);

      qualifyingPropertiesElement.appendChild(signedPropertiesElement);

      signedPropertiesElement.appendChild(signedSignaturePropertiesElement);

      signedPropertiesElement.appendChild(signedDataObjectPropertiesElement);

      signedSignaturePropertiesElement.appendChild(signingTimeElement);

      signedDataObjectPropertiesElement.appendChild(dataObjectFormatElement);

      DOMStructure qualifyingPropertiesObject = new DOMStructure(qualifyingPropertiesElement);

      XMLObject qualifyingPropertiesXMLObject = xmlSignatureFactory.newXMLObject(Collections.singletonList(qualifyingPropertiesObject), null, null, null);

      // Our signature includes the deployment id, and the current timestamp

      Element esignformsElement = document.createElement("OpenESignForms_XmlDigitalSignatureSeal");

      esignformsElement.setAttribute("Version", toEscapedXml("19.1.19"));

      esignformsElement.setAttribute("Timestamp", signingTime);

      esignformsElement.setAttribute("DeploymentId", "1.1.1.1");

      esignformsElement.setAttribute("DeploymentHostName", "open.esignforms.com");

      esignformsElement.setAttribute("DeploymentHostAddress", "192.1.1.1");

      if (!isBlank(signerIpHost))

      esignformsElement.setAttribute("SignerAddress", toEscapedXml(signerIpHost));

      if (!isBlank(signerUserAgent))

      esignformsElement.setAttribute("SignerAgent", toEscapedXml(signerUserAgent));

      DOMStructure signatureObject = new DOMStructure(esignformsElement);

      SignatureProperty signatureProperty = xmlSignatureFactory.newSignatureProperty(Collections.singletonList(signatureObject), "#OpenESignForms_Seal",

      "OpenESignForms_Seal_ID");

      SignatureProperties signatureProperties = xmlSignatureFactory.newSignatureProperties(Collections.singletonList(signatureProperty), null);

      XMLObject signaturePropertiesXMLObject = xmlSignatureFactory.newXMLObject(Collections.singletonList(signatureProperties), null, null, null);

      // Sign the main payload

      Reference referencePayload = xmlSignatureFactory.newReference("", xmlSignatureFactory.newDigestMethod(DigestMethod.SHA512, null),

      Collections.singletonList(xmlSignatureFactory.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, "Payload_Reference_ID");

      // Sign the KeyInfo per the EU spec

      Reference referenceKeyInfo = xmlSignatureFactory.newReference("#KeyInfo_ID", xmlSignatureFactory.newDigestMethod(DigestMethod.SHA512, null));

      // Sign the EU qualifying properties

      Reference referenceQualifyingProperties = xmlSignatureFactory.newReference("#QualifyingProperties_ID",

      xmlSignatureFactory.newDigestMethod(DigestMethod.SHA512, null));

      // Sign our seal

      Reference referenceSignatureProperties = xmlSignatureFactory.newReference("#OpenESignForms_Seal_ID",

      xmlSignatureFactory.newDigestMethod(DigestMethod.SHA512, null));

      List<Reference> referenceList = new LinkedList<Reference>();

      referenceList.add(referencePayload);

      referenceList.add(referenceKeyInfo);

      referenceList.add(referenceQualifyingProperties);

      referenceList.add(referenceSignatureProperties);

      SignedInfo signedInfo = xmlSignatureFactory

      .newSignedInfo(

      xmlSignatureFactory.newCanonicalizationMethod(

      CanonicalizationMethod_INCLUSIVE_C14N11_WITH_COMMENTS/* CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS */, (C14NMethodParameterSpec) null),

      xmlSignatureFactory.newSignatureMethod(SignatureMethod_RSA_SHA512, null), referenceList);

      // Create the XMLSignature, but don't sign it yet.

      List<XMLObject> signingXMLObjects = new LinkedList<XMLObject>();

      signingXMLObjects.add(qualifyingPropertiesXMLObject);

      signingXMLObjects.add(signaturePropertiesXMLObject);

      XMLSignature xmlSignature = xmlSignatureFactory.newXMLSignature(signedInfo, keyInfo, signingXMLObjects, "OpenESignForms_Seal", null);

      // Marshal, generate, and sign the enveloped signature.

      xmlSignature.sign(domSignContext);

      Writer writer = new StringWriter(xmlToSign.length() + 8000); // add in overhead for Signature element

      TransformerFactory tf = TransformerFactory.newInstance();

      Transformer transformer = tf.newTransformer();

      // we don't want <?xml version="1.0" encoding="UTF-8" standalone="no"?> at the top since we embed our signed XML in other XML structures

      // (it's not a standalone document at all)

      transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");

      transformer.transform(new DOMSource(document), new StreamResult(writer));

      return writer.toString();

      } catch (Exception e) {

      System.err.println("XmlDigitalSignature.sign() SERIOUS-ERROR exception: " + e.getMessage());

      e.printStackTrace();

      throw e;

      }

      }

      public void verify(String signedXml, SignatureKey signatureKey) throws Exception {

      if (isBlank(signedXml) || signatureKey == null)

      throw new Exception("Missing required parameter signedXml and/or signatureKey");

      try {

      DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();

      dbf.setNamespaceAware(true);

      Document document = dbf.newDocumentBuilder().parse(new BufferedInputStream(new ByteArrayInputStream(stringToBytes(signedXml))));

      NodeList qualifyingPropertiesNodeList = document.getElementsByTagName("QualifyingProperties");

      if (qualifyingPropertiesNodeList != null) {

      for (int i = 0; i < qualifyingPropertiesNodeList.getLength(); ++i) {

      Element qualifyingPropertiesElement = (Element) qualifyingPropertiesNodeList.item(i);

      if (qualifyingPropertiesElement != null)

      qualifyingPropertiesElement.setIdAttribute("Id", true); // mark our id as the "Id" attribute

      }

      }

      NodeList nl = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");

      if (nl.getLength() == 0) {

      System.err.println("XmlDigitalSignature.verify(SignatureKey) SERIOUS-ERROR no Signature element");

      throw new Exception("The signedXML has no Signature element");

      }

      // The embedded key must match our signatureKey's values or the validation will fail.

      DOMValidateContext valContext = new DOMValidateContext(new VerifyingKeySelector(signa

Sign In or Register to comment.