Re: Signature validation problem - C14N transform returns null

Wed, 06 Aug 2008 21:58:51 -0700 

I am facing a issue with validating the xml signature. I have enveloped 
transform followed by ex-C14N. I did search xmlsec mail archive but to 
no success. Then I tried with debugging the xmlsec src code:
 
 The Reference object loops through all the configured transforms, the
 http://www.w3.org/2000/09/xmldsig#enveloped-signature 
   transform returns a (modified, i assume) XMLSignatureInput, then we  
 run through the C14N and it returns null!

 The block of code is in CanonicalizerBase.java in method  
 engineCanonicalizeXPathNodeSetInternal.

           this.canonicalizeXPathNodeSet(doc,doc);
           System.out.println("canonicalizeXPathNodeSet is ok i  
 guess...");
           this._writer.close();
           if (this._writer instanceof ByteArrayOutputStream) {
              byte []  
 sol=((ByteArrayOutputStream)this._writer).toByteArray();
              if (reset) {
                ((ByteArrayOutputStream)this._writer).reset();
              }
                return sol;
           }  else if (this._writer instanceof  
 UnsyncByteArrayOutputStream) {
                 byte  
 []result=((UnsyncByteArrayOutputStream)this._writer).toByteArray();
               if (reset) {
                   ((UnsyncByteArrayOutputStream)this._writer).reset();
               }
                 return result;
           }
           return null;   <------ returns this null!

 The _writer instance in this case was created in Reference.java method  
 calculateDigest. Thus the ByteArrayOutputStreams of CanonicalizeBase do not
 match with the BufferedOutputStreams of Reference class, causing it to return
 null.

           MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm();

           mda.reset();
           DigesterOutputStream diOs=new DigesterOutputStream(mda);
           OutputStream os=new UnsyncBufferedOutputStream(diOs);   <---  
 not check via instanceof in CanonicalizerBase
           XMLSignatureInput  
 output=this.dereferenceURIandPerformTransforms(os);
           output.updateOutputStream(os);
           os.flush();

Pls help me in resolving this. The signedInfo element is this:
<ds:SignedInfo>
        <ds:CanonicalizationMethod 
                Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
        <ds:SignatureMethod 
                Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> 
        <ds:Reference URI="#id-23761097"> 
        <ds:Transforms>
                <ds:Transform 
                        
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                <ds:Transform 
                        Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
        </ds:Transforms>
        <ds:DigestMethod 
                Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <ds:DigestValue>SVUf+cO2NKZpSOHHhPfQjLQNhiE=</ds:DigestValue>
        </ds:Reference>
</ds:SignedInfo>

Reply via email to