going from signing xml file with DTD to signing xml file with Schema

[Jozef Aerts - Comp.Chem.Cons. - XML4Pharma]

Dear all,

I earlier had a demo application for signing XML files which have a DTD.
As the standard recently upgraded from DTD to Schema, I now tried to apply 
the application on an XML file which points to an XML-schema.

The file start with:

<?xml version="1.0" encoding="UTF-8"?>
<ODM CreationDateTime="2002-04-29T11:07:23-05:00" Description="CDISC ODM 
version 1.2.2 format" FileOID="987-654-321" FileType="Transactional" 
Granularity="All" xmlns="http://www.cdisc.org/ns/odm/v1.2"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; 
xsi:schemaLocation="http://www.cdisc.org/ns/odm/v1.2 ODM1-2-0.xsd">
<Study OID="123-456-789">
...</Study>
....
</ODM>

My application signs the file (enveloped, full document is signed), but in 
the signed document every element now gets an extra namespace reference, 
e.g. <Study OID="123-456-789"> is transformed into: <Study OID="123-456-789" 
xmlns="http://www.cdisc.org/ns/odm/v1.2"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>

which is (of course) not what I want.
Obviously I am doing something wrong.
Also when veryfying the signed document, the signature is found to be 
invalid (due to the extra namespace references?).

Can someone tell me what I should add/change to the code to get it right ?

Below is the core of my code.

Many thanks in advance.

Jozef Aerts
Computer Chemistry Consultancy
Singen, Germany
Code:

try {
     ks = KeyStore.getInstance(keystoreType);
     fis = new FileInputStream(keystoreFile);
     ks.load(fis, keystorePass.toCharArray());
   } catch(KeyStoreException kse) {
     System.out.println("KeyStore exception = " + kse);
   } catch(IOException ioe) {
     System.out.println("IO Exception = " + ioe);
//    } catch (FileNotFoundException fnfe) {
//      System.out.println("Could not find KeyStore file keystore.jks");
   } catch(CertificateException ce) {
     System.out.println("certificate exception = " + ce);
   } catch (NoSuchAlgorithmException nsae) {
     System.out.println("NoSuchAlgorithmException = " + nsae);
   }
   // Get the private key from the keystore
   try {
     privateKey = (PrivateKey) ks.getKey(privateKeyAlias,
                                            privateKeyPass.toCharArray());
     //Transform the output file to a URL
     BaseURI = signatureFile.toURL().toString();
   } catch(KeyStoreException kse) {
     System.out.println("KeyStore exception = " + kse);
   } catch (NoSuchAlgorithmException nsae) {
     System.out.println("NoSuchAlgorithmException = " + nsae);
   } catch (UnrecoverableKeyException uke) {
     System.out.println("UnrecoverableKeyException = " + uke);
   } catch (MalformedURLException mue) {
     System.out.println("MalformedURLException = " + mue);
   }
   //XMLSignature comes from org.apache.xml.security.signature
   try {
     sig = new XMLSignature(doc, BaseURI, 
XMLSignature.ALGO_ID_SIGNATURE_DSA);
   } catch(XMLSecurityException xse) {
     System.out.println("XMLSecurityException = " + xse);
   }
   System.out.println("sig = " + sig);
   //Append the signature to the root element
   Element root = doc.getDocumentElement();
   System.out.println("root element = " + root.getNodeName());
   root.appendChild(sig.getElement());
   System.out.println("element of sig = " + 
sig.getElement().getNodeName());
   sig.getSignedInfo().addResourceResolver(new 
org.apache.xml.security.samples.utils.resolver.OfflineResolver());
   //Add the transform element to the Reference element (subelement of 
Signature)
       try {
        Transforms transforms = new Transforms(doc);
        transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
        transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
        sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
       } catch (TransformationException te) {
         System.out.println("TransformationException = " + te);
       } catch (XMLSignatureException xse) {
         System.out.println("XMLSignatureException = " + xse);
       } catch (Exception e) {
         System.out.println("other exception in transform = " + e);
       }

       try {
         cert = (X509Certificate) ks.getCertificate(certificateAlias);
         sig.addKeyInfo(cert);
       } catch (KeyStoreException kse) {
         System.out.println("KeyStoreException = " + kse);
       } catch (XMLSecurityException xse) {
         System.out.println("XMLSecurityException = " + xse);
       } catch (Exception e) {
         System.out.println("other exception in adding X509 certificate = " 
+ e);
       }

        // The public key is retrieved from the certificate
        sig.addKeyInfo(cert.getPublicKey());
        System.out.println("added KeyInfo with public key = " + 
cert.getPublicKey());
        //Some info to follow how everything is proceeding
        System.out.println("Start signing with private key = " + 
privateKey);
        //Sign
        try {
         System.out.println("Signing in progres ...");
         System.out.println("sig = " + sig);
         System.out.println("private key = " + privateKey);
         //sig.sign(privateKey);  // 1.0.4 method
         sig.sign((Key)privateKey);  // 2.0 method
         System.out.println("Signed ...");
        } catch (XMLSignatureException XSige) {
         System.out.println("XMLSignatureException" + XSige);
        } catch (Exception e) {
         System.out.println("other signing exception = " + e);
         System.out.println("Msg is:\n" + e.getMessage());
         System.out.println("Cause is:\n" + e.getCause());
         System.out.println();//blank line
         System.out.println("Print StackTrace");
         e.printStackTrace();
        }
        System.out.println("Finished signing");

_________________________________________________________________
Talk with your online friends with MSN Messenger http://messenger.msn.nl/