1 Reply Latest reply: Apr 7, 2011 10:05 AM by smullan RSS

    XML Digital Signature Problem

    823199
      I am using the javax.xml.crypto.dsig.XMLSignatureFactory to generate XML Signatures. Now when I try to validate the generated signature with java, the validation succeeds, however when I attempt the validation with .NET the validation fails.

      Java adds a break line after the 76th character to produce separate lines. On the other hand .NET does not exhibit this behavior.

      Please help...........

      String inputXMLPath = "C:\\wessam\\GATS-CBE-20110404-0013.xml";
      String outSignedPath = "C:\\efOut.xml";


      XMLSignatureFactory factory =
      XMLSignatureFactory.getInstance("DOM", (Provider)Class.forName("org.jcp.xml.dsig.internal.dom.XMLDSigRI").newInstance());


      DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
      dbf.setNamespaceAware(true);


      Document doc = dbf.newDocumentBuilder().parse(new File(inputXMLPath));

      NodeList nl =
      doc.getElementsByTagNameNS("http://cbe.gatsfile.efinance.com.eg",
      "GATSFile");
      Node node = nl.item(0);
      XMLStructure content = new DOMStructure(node);


      DigestMethod digestMethod =
      factory.newDigestMethod(DigestMethod.SHA1, null);


      Reference reference = factory.newReference("#GATSFile", digestMethod);
      SignedInfo signedInfo =
      factory.newSignedInfo(factory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,
      (C14NMethodParameterSpec)null),
      factory.newSignatureMethod(SignatureMethod.RSA_SHA1,
      null),
      Collections.singletonList(reference));


      KeyInfoFactory kif = factory.getKeyInfoFactory();
      X509Data x509d =
      kif.newX509Data(Collections.singletonList(getCertificate()));
      KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(x509d));

      XMLObject obj =
      factory.newXMLObject(Collections.singletonList(content),
      "GATSFile", null, null);

      DOMSignContext dsc = new DOMSignContext(getPrivateKey(), doc);

      XMLSignature signature =
      factory.newXMLSignature(signedInfo, keyInfo, Collections.singletonList(obj),
      null, null);

      signature.sign(dsc);
      FileOutputStream fos = new FileOutputStream(outSignedPath);
      TransformerFactory tf = TransformerFactory.newInstance();

      Transformer trans = tf.newTransformer();
      trans.transform(new DOMSource(doc), new StreamResult(fos));
      fos.close();
      }
        • 1. Re: XML Digital Signature Problem
          smullan
          user13461536 wrote:
          I am using the javax.xml.crypto.dsig.XMLSignatureFactory to generate XML Signatures. Now when I try to validate the generated signature with java, the validation succeeds, however when I attempt the validation with .NET the validation fails.

          Java adds a break line after the 76th character to produce separate lines. On the other hand .NET does not exhibit this behavior.
          These line breaks should be properly normalized by a standards-compliant canonicalizer. However, if you are using JDK 7, try setting the following property which will eliminate the line breaks when you generate the signature:

          java -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true ...