This discussion is archived
1 Reply Latest reply: Feb 22, 2012 12:46 AM by 805963 RSS

Signature verficiation fails

805963 Newbie
Currently Being Moderated
Hi everybody,

I have an issue that my XML signature cannot be verified with an external (e-government) tool. The XML document contains an <xml-stylesheet> directive and this causes a problem. if I remove it, an XML is signed and verified correctly as well. The signature can be, however, verified with a simple Java application I wrote (I don't know what's difference between those two tools - but normally it must be verifiable with any tool - right?). Can someone help me pls? Thanks in advance.

Here is my code:

-----
org.apache.xml.security.Init.init();
          ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, "ds");

          XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
          Document signedDocument = signRequest.getDocument();

          Reference ref = fac.newReference("", fac.newDigestMethod(
                    DigestMethod.SHA1, null), Collections.singletonList(fac
                    .newTransform(Transform.ENVELOPED,
                              (TransformParameterSpec) null)), null, null);

          SignedInfo si = fac
                    .newSignedInfo(fac.newCanonicalizationMethod(
                              CanonicalizationMethod.INCLUSIVE,
                              (C14NMethodParameterSpec) null), fac
                              .newSignatureMethod(SignatureMethod.RSA_SHA1, null),
                              Collections.singletonList(ref));

          X509Certificate cert = (X509Certificate) signRequest.getCertificate();

          KeyInfoFactory kif = fac.getKeyInfoFactory();
          List x509Content = new ArrayList();
          x509Content.add(cert.getSubjectX500Principal().getName());
          x509Content.add(cert);
          X509Data xd = kif.newX509Data(x509Content);
          KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));

          DOMSignContext dsc = new DOMSignContext(signRequest.getPrivateKey(),
                    signedDocument.getDocumentElement());

          XMLSignature signature = fac.newXMLSignature(si, ki);

          signature.sign(dsc);
-----

I found this code on Oracle Java. Before it I tried to use the Apache Santuario but I used XmlSiganture object directly (no Factory is used) - the same effect.

I tried to use Reference in order to sign only root element but the only way I know is to use element id -> #my_id to access an element. And this doesn't work as well :-(.

Thanks for any help.

Regard,
erno

Edited by: user5845341 on 21.02.2012 08:02
  • 1. Re: Signature verficiation fails
    805963 Newbie
    Currently Being Moderated
    Maybe one detail more: signing the same document with and without xslt-stylesheet directive gives me different digest values and signature values as well. If I say that my root node should be signed how is it possible that those changes are relevant? Is whole document always signed? I really don't get it... Any tips? Thnx for any help.

    regards

Legend

  • Correct Answers - 10 points
  • Helpful Answers - 5 points