Hello all
I am sorry to bother the developers, but i am at the end of my (limited)
knowledge here. Attached to this mail is a piece of java Source code. I
am using the latest binary release.
I would expect to find this program outputing nothing, but instead,
verifying the signature fails. Since the javadoc was not very helpful, i
hope you can help me with this problem.
Thanks in Advance
Stefan
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import org.apache.xml.security.Init;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.KeyName;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
import org.apache.xml.security.transforms.Transforms;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMResult;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import javax.xml.transform.stream.StreamSource;
public class XMLSignatureHelper {
private final String method;
private final PrivateKey secretKey;
private final PublicKey publicKey;
private final String keyName;
public XMLSignatureHelper(PublicKey pub){
this(pub, null, null);
}
public XMLSignatureHelper(String method, PublicKey pub){
this(method, pub, null, null);
}
public XMLSignatureHelper(PublicKey pub, PrivateKey priv, String
keyName){
this(ALGO_ID_SIGNATURE_DSA, pub, priv, keyName);
}
public XMLSignatureHelper(String method, PublicKey pub, PrivateKey
priv, String keyName){
if (!Init.isInitialized()){
Init.init();
}
this.method = method;
this.secretKey = priv;
this.publicKey = pub;
this.keyName = keyName;
}
public boolean verifySignature(Element e){
try {
XMLSignature sigObj = new XMLSignature(e, "");
PublicKey pub = publicKey;
if (pub == null){ // no definite PK, use provided PK of
signature
pub = sigObj.getKeyInfo().getPublicKey();
}
return sigObj.checkSignatureValue(pub);
} catch (XMLSignatureException e1) {
e1.printStackTrace();
} catch (XMLSecurityException e1) {
e1.printStackTrace();
}
return false;
}
public Element createSignature(Element... elements) throws
XMLSecurityException{
Document owner = elements[0].getOwnerDocument();
XMLSignature sigObj = new XMLSignature(owner, "", method);
for (Element e : elements){
Transforms t = new Transforms(owner);
t.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
sigObj.addDocument("#" + e.getAttribute("id"), t);
}
KeyInfo ki = sigObj.getKeyInfo();
KeyName kn = new KeyName(owner, keyName);
ki.add(kn);
sigObj.sign(secretKey);
return sigObj.getElement();
}
public static void main(String[] args) throws Exception {
KeyPair kp =
KeyPairGenerator.getInstance("DSA").generateKeyPair();
/* build the document */
DocumentBuilderFactory fac =
DocumentBuilderFactory.newInstance();
DocumentBuilder b = fac.newDocumentBuilder();
Document d = b.newDocument();
Element root = d.createElement("alpha");
Element e = d.createElement("beta");
e.setAttribute("id", "anID");
d.appendChild(root);
root.appendChild(e);
root.appendChild(d.createElement("gamma"));
/* create the signature helper */
XMLSignatureHelper sig = new XMLSignatureHelper(kp.getPublic(),
kp.getPrivate(), "A Name");
Element sig1 = sig.createSignature(e);
sig.createSignature(e);
root.appendChild(sig1);
if (!sig.verifySignature(sig1)){
System.err.println("Failed right away");
}
/*
* send the document once through a transformer to simulate a
* safe / load cycle
*/
Document d2 = b.newDocument();
Transformer t =
TransformerFactory.newInstance().newTransformer();
ByteArrayOutputStream bout = new ByteArrayOutputStream();
t.transform(new DOMSource(d), new StreamResult(bout));
ByteArrayInputStream bin = new
ByteArrayInputStream(bout.toByteArray());
DOMResult result = new DOMResult(d2);
t.transform(new StreamSource(bin), result);
Element sig4 = (Element) d2.getDocumentElement().getLastChild();
if (!sig.verifySignature(sig4)){
System.err.println("Failed after transform");
}
}
}
--
You can't run away forever,
But there's nothing wrong with getting a good head start.
--- Jim Steinman, "Rock and Roll Dreams Come Through"
