Edwin, Thanks for your suggestion. I will try this. Also... I have some
code that more clearly illustrates the issue:
//First I pull the Element out of a SAML Assertion
assertion = ((SAMLArtifactAssertion)data).getAssertion();
assertion_element = assertion.getRoot();
//Then I remove the signature that the Element already has:
Node sig_node = null;
for(cur = assertion_element.getFirstChild(); cur != null; cur =
cur.getNextSibling())
if(cur.getNodeType() == 1 && cur.getNodeName() != null &&
cur.getNodeName().equals("ds:Signature"))
sig_node = cur;
assertion_element.removeChild(sig_node);
//Next I serialize the Element to a string & parse back to an Element:
String xml_string =
domreader.read((Document)assertion_element.getOwnerDocument()).asXML();
assertion_element =
domwriter.write(DocumentHelper.parseText(xml_string)).getDocumentElement
();
//Next I sign the Element:
XMLSignature sig=new XMLSignature(assertion_element.getOwnerDocument(),
null, "http://www.w3.org/2000/09/xmldsig#rsa-sha1";,
Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
assertion_element.appendChild(sig.getElement());
Transforms transforms = new
Transforms(assertion_element.getOwnerDocument());
transforms.addTransform("http://www.w3.org/2000/09/xmldsig#enveloped-sig
nature");
transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#";);
sig.addDocument("", transforms,
"http://www.w3.org/2000/09/xmldsig#sha1";);
sig.sign(signing_key);
//Next I create a new SAML Assertion from the Element and successfully
//verify the sig:
assertion1 = new SAMLAssertion(assertion_element);
isgood = assertion1.verify(the_cert); //isgood=true
//Now I serialize and parse again... placing CDATA around
SignatureValue.
//If I look at the SignatureValue Node of the Element in debugger before
and //after serialize/parse they are both the same:
xml_string =
domreader.read((Document)assertion_element.getOwnerDocument()).asXML();
String[] xml_array = xml_string.split("<ds:SignatureValue>");
xml_string = xml_array[0] + "<ds:SignatureValue><![CDATA[" +
xml_array[1];
xml_array = xml_string.split("</ds:SignatureValue>");
xml_string = xml_array[0] + "]]></ds:SignatureValue>" + xml_array[1];
assertion_element1 =
domwriter.write(DocumentHelper.parseText(xml_string)).getDocumentElement
();
//Now I create another new SAML Assertion as before and try to verify
sig //but fail:
assertion2 = new SAMLAssertion(assertion_element1);
isgood = assertion2.verify(the_cert); //isgood=false
-----Original Message-----
From: Edwin Dankert [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 06, 2006 4:42 PM
To: Garett Shulman
Cc: dom4j-user@lists.sourceforge.net
Subject: Re: [dom4j-user] dom4j & XMLSignatures
You could try the code below to see whether dom4j is the offending
party or whether it happens before it's converted to a dom4j document?
TransformerFactory transformerFactory =
TransformerFactory.newInstance();
DOMSource source = new DOMSource(m_myroot.getOwnerDocument());
Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream stream = new ByteArrayOutputStream();
StreamResult result = new StreamResult(stream);
transformer.transform(source, result);
System.out.println(stream.toString());
Regards,
Edwin
--
http://www.edankert.com/
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
dom4j-user mailing list
dom4j-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/dom4j-user
