Hi Berin,
Thanks for replying.
I feel that when dom document which holds signature element
is changed , signature becomes invalid.
I tested it like this -
--
Element e1 = sign ( somedom ) ;
Verify(e1); // signature is verified.
Document doc = documentBuilder.newDocument();
// Now i import signed Signature element into another document.
org.w3c.dom.Element e2 = (Element)doc.importNode((org.w3c.dom.Node)e1,true);
Verify(e2); // verification fails now . :(
--
Is this normal ? Should two documents (w3c.dom.documents) on sending ,
receiving sides be same ?
and shouldn't verification result be same for both e2 and e1 ?
Also , I have attached the whole document i am trying to verify.
While verifying , i isolate the Signature element from parsed docuement and
then just call Verify () on it.
Isn't that right ?
Do reply,
thanks,
-Pushya.
On Thursday 21 Apr 2005 3:38 pm, Berin Lautenbach wrote:
> Pushya,
> Also the actual signature itself fails. Are you "pretty printing" the
> XML after the signature operation itself? It almost reads like line
> feeds have been added post signing.
I ran java program which serialises documents using
'stringWriter' and redirected its output to file,
and attached the file.
May be using the stringWriter automatically adds the line feeds.
--
These are the code fragments i use,
// Verify method.
public boolean Verify(Element e) throws Exception
{
XMLSignature xmlSignature =
= new XMLSignature( (Element)e , "" );
KeyInfo ki = xmlSignature.getKeyInfo();
X509Certificate cert =
xmlSignature.getKeyInfo().getX509Certificate(); cert.checkValidity();
boolean Result = xmlSignature.checkSignatureValue(cert);
return Result;
}
--
Pushyamitra Navare
--
Generosity and perfection are your everlasting goals.
--
Pushyamitra Navare
<?xml version="1.0" encoding="UTF-8"?>
<lib:AuthnResponse xmlns:lib="urn:liberty:iff:2003-08"
InResponseTo="R21322323232" IssueInstant="2005-04-22T04:25:33.084Z"
MajorVersion="1" MinorVersion="2"
ResponseID="P1641971398955428227"><samlp:Status
xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol"><samlp:StatusCode
Value="samlp:Success"/></samlp:Status><lib:ProviderID>www.IDP.com</lib:ProviderID><saml:Assertion
xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="P9126123448599142335" IssueInstant="2005-04-22T04:25:32.944Z"
Issuer="www.IDP.com" MajorVersion="1"
MinorVersion="1"><lib:AuthenticationStatement
AuthenticationInstant="2005-04-22T04:25:32.863Z"
AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password"><saml:Subject><saml:NameIdentifier
Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"
NameQualifier="Blitz.co.in/NameQualifiers#">userName</saml:NameIdentifier><saml:SubjectConfirmation><saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key</saml:ConfirmationMethod></saml:SubjectConfirmation></saml:Subject></lib:AuthenticationStatement></saml:Assertion><ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:DigestValue
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>9QV9N9WFOFC92LOoFy89NTFHr1k=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>CMZjDxA6J7LaSiTB0eV7jcAawEOQxGMJ/qX+zVRZNyPp73uqn5ZCPw==</ds:SignatureValue>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
MIIFMjCCBBqgAwIBAgIBBTANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCSU4xCzAJBgNVBAgT
Ak1IMQ0wCwYDVQQHEwRQdW5lMRIwEAYDVQQKEwlCbGl0ei5vcmcxCzAJBgNVBAsTAkNBMRswGQYD
VQQDExJQdXNoeWFtaXRyYSBOYXZhcmUxKzApBgkqhkiG9w0BCQEWHHB1c2h5YW1pdHJhLm5hdmFy
ZUBnbWFpbC5jb20wHhcNMDUwMzE2MTM1NzA0WhcNMDYwMzE2MTM1NzA0WjBjMQswCQYDVQQGEwJJ
TjELMAkGA1UECBMCTUgxDTALBgNVBAcTBFB1bmUxEDAOBgNVBAoTB0lEUC5vcmcxEDAOBgNVBAsT
B0lEUCBJTkMxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/
U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00
b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith
1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmU
r7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOu
HiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQA
AoGABYzBvi2HAaG5KYvlGbxabr9oeS5egJd/lkJost/NhBRt0mTowzA17+nTPiWZUpU2gArlNQFa
fb1rCZQRcbknvHuLxxyRTekVl9m9xItygqQQz1PfcLQXSt8EJU8gzVRO+DcPN/+XK+GJBxRYmgwc
aaLEyJ8fjw998TrY7rrbwV6jggEoMIIBJDAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu
U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUOKOL14TNJerSJFkA9bJ7e+YJen8w
gckGA1UdIwSBwTCBvoAUZQIV2LORTCjOPmIcBwbPTa7NueKhgZqkgZcwgZQxCzAJBgNVBAYTAklO
MQswCQYDVQQIEwJNSDENMAsGA1UEBxMEUHVuZTESMBAGA1UEChMJQmxpdHoub3JnMQswCQYDVQQL
EwJDQTEbMBkGA1UEAxMSUHVzaHlhbWl0cmEgTmF2YXJlMSswKQYJKoZIhvcNAQkBFhxwdXNoeWFt
aXRyYS5uYXZhcmVAZ21haWwuY29tggkAuOPJOxtwTVMwDQYJKoZIhvcNAQEEBQADggEBABtnzzVr
v4f7PCu+sLdbHISXf781s3yyF/Ya7tPDkWOBl0j8iNt0sWxi2gR9lhbktBSn5Q6qDrTNQ7iBaRmz
PpJxj8fTkIY2jNkwekoZ6jVTIweeJ6Wz4yM4c/lHjbSQ1xTjf8/t67NY8JYlEotOY6OLGfQTucU0
WiLbMzV26JOeM81gcLBW2dqyW+foXLyn34xtH9AEIgZr7guEfDWXzNFRgSjA3er7CeolKf7ZK+dx
NVeqwzRsZ1hXQXv5KLDPQfQuWeh+dpH8BrZM/wo42IPmuigfIv9gbcbjpkvrRfCpfiC+lZ/ogu2n
C+R1+vK1gBmhVDgyqHcDULwRlwwR/AY=
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:DSAKeyValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:P xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA
HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
K2HXKu/yIgMZndFIAcc=
</ds:P>
<ds:Q
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q>
<ds:G xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL
Zl6Ae1UlZAFMO/7PSSo=
</ds:G>
<ds:Y xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
BYzBvi2HAaG5KYvlGbxabr9oeS5egJd/lkJost/NhBRt0mTowzA17+nTPiWZUpU2gArlNQFafb1r
CZQRcbknvHuLxxyRTekVl9m9xItygqQQz1PfcLQXSt8EJU8gzVRO+DcPN/+XK+GJBxRYmgwcaaLE
yJ8fjw998TrY7rrbwV4=
</ds:Y>
</ds:DSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature></lib:AuthnResponse>
