DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40921>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40921 ------- Additional Comments From [EMAIL PROTECTED] 2006-11-08 06:52 ------- (In reply to comment #2) > I agree with Scott's reply. I haven't seen your code (can you post it?) but > this is most likely not a bug. However, I am curious as to what key you are > using to validate the signature. It seems you are using the correct key each > time. If you validated with a key from this different X.509 certificate that > you > have inserted then it should not validate (if indeed it was a different public key). here is my verifying code: ======================================= import java.io.FileInputStream; import java.security.Key; import java.security.KeyException; import java.security.Provider; import java.security.PublicKey; import java.security.cert.X509Certificate; import java.util.Iterator; import java.util.List; import javax.xml.crypto.AlgorithmMethod; import javax.xml.crypto.KeySelector; import javax.xml.crypto.KeySelectorException; import javax.xml.crypto.KeySelectorResult; import javax.xml.crypto.XMLCryptoContext; import javax.xml.crypto.XMLStructure; import javax.xml.crypto.dsig.Reference; import javax.xml.crypto.dsig.SignatureMethod; import javax.xml.crypto.dsig.XMLSignature; import javax.xml.crypto.dsig.XMLSignatureFactory; import javax.xml.crypto.dsig.dom.DOMValidateContext; import javax.xml.crypto.dsig.keyinfo.KeyInfo; import javax.xml.crypto.dsig.keyinfo.KeyValue; import javax.xml.crypto.dsig.keyinfo.X509Data; import javax.xml.parsers.DocumentBuilderFactory; import org.w3c.dom.Document; import org.w3c.dom.NodeList; import org.w3c.dom.Element; public class ValidacaoXmlEnveloped { static public XMLSignature validar(Document documento) throws ValidacaoXmlEnvelopedException { boolean ok = false; XMLSignature signature = null; try { NodeList listaNos = documento.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); if (listaNos.getLength() == 0) { throw new ValidacaoXmlEnvelopedException("Assinatura não está presente."); } String nomeProvider = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); XMLSignatureFactory xmlSigFac = XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(nomeProvider).newInstance()); DOMValidateContext valCont = new DOMValidateContext(new KeyValueKeySelector(), listaNos.item(0)); signature = xmlSigFac.unmarshalXMLSignature(valCont); ok = signature.validate(valCont); } catch( Exception ex ) { ex.printStackTrace(); throw new ValidacaoXmlEnvelopedException(ex.getMessage()); } if (ok) { return signature; } else return null; } private static class KeyValueKeySelector extends KeySelector { public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException { if (keyInfo == null) { throw new KeySelectorException("Objeto KeyInfo null!"); } SignatureMethod sm = (SignatureMethod) method; List list = keyInfo.getContent(); for (int i = 0; i < list.size(); i++) { PublicKey pk = null; XMLStructure xmlStructure = (XMLStructure) list.get(i); if (xmlStructure instanceof KeyValue) { try { pk = ((KeyValue)xmlStructure).getPublicKey(); } catch (KeyException ke) { ke.printStackTrace(); throw new KeySelectorException(ke); } } else if( xmlStructure instanceof X509Data) { List lst = ((X509Data)xmlStructure).getContent(); X509Certificate cert = (X509Certificate)lst.get(0); pk = cert.getPublicKey(); } if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) { return new SimpleKeySelectorResult(pk); } } throw new KeySelectorException("Nenhum elemento KeyValue encontrado!"); } static boolean algEquals(String algURI, String algName) { if (algName.equalsIgnoreCase("DSA") && algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)) { return true; } else if (algName.equalsIgnoreCase("RSA") && algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)) { return true; } else { return false; } } } private static class SimpleKeySelectorResult implements KeySelectorResult { private PublicKey pk; SimpleKeySelectorResult(PublicKey pk) { this.pk = pk; } public Key getKey() { return pk; } } } -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
