DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40921>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40921 ------- Additional Comments From [EMAIL PROTECTED] 2006-11-13 08:47 ------- (In reply to comment #14) > I need more than this to reproduce the problem. Please post a simple test case > that I can compile and run without writing *any additional code* and also > include the signature you are validating. You will have to add the xmldsig.jar and xmlsec.xml in your classpath from Java Web Services Developer Pack 2.0 ============================================================ Use this main class to test: ============================================================ import java.io.FileInputStream; import javax.xml.crypto.dsig.XMLSignature; public class Principal { public void validate() { try { javax.xml.parsers.DocumentBuilderFactory dbf = javax.xml.parsers.DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder(); org.w3c.dom.Document docXML = db.parse(new FileInputStream ("c:\\signedxml.xml")); XMLSignature assinatura = ValidacaoXmlEnveloped.validar(docXML); if (assinatura != null) { System.out.println("Signature ok!"); }else { System.out.println("Invalid Signature!"); } } catch (Exception ex){ ex.printStackTrace(); } } public static void main(String[] args) { Principal p = new Principal(); p.validate(); } } =================================================== ValidacaoXmlEnveloped class ================================================== import java.io.FileInputStream; import java.security.Key; import java.security.KeyException; import java.security.Provider; import java.security.PublicKey; import java.security.cert.X509Certificate; import java.util.Iterator; import java.util.List; import javax.xml.crypto.AlgorithmMethod; import javax.xml.crypto.KeySelector; import javax.xml.crypto.KeySelectorException; import javax.xml.crypto.KeySelectorResult; import javax.xml.crypto.XMLCryptoContext; import javax.xml.crypto.XMLStructure; import javax.xml.crypto.dsig.Reference; import javax.xml.crypto.dsig.SignatureMethod; import javax.xml.crypto.dsig.XMLSignature; import javax.xml.crypto.dsig.XMLSignatureFactory; import javax.xml.crypto.dsig.dom.DOMValidateContext; import javax.xml.crypto.dsig.keyinfo.KeyInfo; import javax.xml.crypto.dsig.keyinfo.KeyValue; import javax.xml.crypto.dsig.keyinfo.X509Data; import javax.xml.parsers.DocumentBuilderFactory; import org.w3c.dom.Document; import org.w3c.dom.NodeList; import org.w3c.dom.Element; /** * Classe para a verificacao de qualquer tipo de assinaturas XMLDSIG. * @author bribeiro * */ public class ValidacaoXmlEnveloped { static public XMLSignature validar(Document documento) throws ValidacaoXmlEnvelopedException { boolean ok = false; XMLSignature signature = null; try { // Obtem a tag "Signature" do documento NodeList listaNos = documento.getElementsByTagNameNS (XMLSignature.XMLNS, "Signature"); if (listaNos.getLength() == 0) { throw new ValidacaoXmlEnvelopedException("Assinatura não está presente."); } String nomeProvider = System.getProperty ("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI"); XMLSignatureFactory xmlSigFac = XMLSignatureFactory.getInstance ("DOM", (Provider) Class.forName(nomeProvider).newInstance()); // Cria o DOMValidateContext, especifica o Selector que // será usado e o contexto do documento. DOMValidateContext valCont = new DOMValidateContext(new KeyValueKeySelector(), listaNos.item(0)); // Instancia o XMLSignature para verificação. signature = xmlSigFac.unmarshalXMLSignature(valCont); // Valida o XMLSignature ok = signature.validate(valCont); } catch( Exception ex ) { ex.printStackTrace(); throw new ValidacaoXmlEnvelopedException(ex.getMessage()); } if (ok) { return signature; } else return null; } /** * KeySelector que retorna a chave pública de dentro do * elemento KeyValue.. * NOTE: Caso o algoritmo da chave não bata com o da assinatura, * a chave pública é ignorada. */ private static class KeyValueKeySelector extends KeySelector { public KeySelectorResult select(KeyInfo keyInfo, KeySelector.Purpose purpose, AlgorithmMethod method, XMLCryptoContext context) throws KeySelectorException { if (keyInfo == null) { throw new KeySelectorException("Objeto KeyInfo null!"); } SignatureMethod sm = (SignatureMethod) method; List list = keyInfo.getContent(); for (int i = 0; i < list.size(); i++) { PublicKey pk = null; XMLStructure xmlStructure = (XMLStructure) list.get(i); System.out.println("Class"+xmlStructure.getClass()); if( xmlStructure instanceof X509Data) { System.out.print("dentro do x509data"); List lst = ((X509Data)xmlStructure).getContent(); X509Certificate cert = (X509Certificate)lst.get(0); pk = cert.getPublicKey(); } // garante que o algoritmo é compatível com o método. if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) { return new SimpleKeySelectorResult(pk); } } throw new KeySelectorException("Nenhum elemento KeyValue encontrado!"); } static boolean algEquals(String algURI, String algName) { if (algName.equalsIgnoreCase("DSA") && algURI.equalsIgnoreCase (SignatureMethod.DSA_SHA1)) { return true; } else if (algName.equalsIgnoreCase("RSA") && algURI.equalsIgnoreCase (SignatureMethod.RSA_SHA1)) { return true; } else { return false; } } } private static class SimpleKeySelectorResult implements KeySelectorResult { private PublicKey pk; SimpleKeySelectorResult(PublicKey pk) { this.pk = pk; } public Key getKey() { return pk; } } } ======================================= ValidacaoXmlEnvelopedException class ======================================= public class ValidacaoXmlEnvelopedException extends Exception { public ValidacaoXmlEnvelopedException(String msg) { super(msg); } } ======================================= signedxml.xml: ======================================= <?xml version="1.0" encoding="UTF-8"?><NotasFaltas> <ano>2006</ano> <semestre>2</semestre> <turma>52A</turma> <idtProf>15</idtProf> <idtDisc>2</idtDisc> <unidade>3</unidade> <alunos class="linked-list"> <Aluno> <idtAlu>1</idtAlu> <nota>1.0</nota> <faltas>2</faltas> </Aluno> <Aluno> <idtAlu>2</idtAlu> <nota>3.0</nota> <faltas>4</faltas> </Aluno> <Aluno> <idtAlu>3</idtAlu> <nota>5.0</nota> <faltas>6</faltas> </Aluno> <Aluno> <idtAlu>4</idtAlu> <nota>7.0</nota> <faltas>8</faltas> </Aluno> </alunos> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n- 20010315#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped- signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>ltbvesKBO+VTvco vJyJ0VVkSaJM=</DigestValue></Reference></SignedInfo><SignatureValue>r89mfZ7YkrQe FOeniXbj5JZja09Kmva+6naBMSu8srlfduq3mbyO5IYOGoHnDXLR7Q5TPGbfZtJa TpxBQQFJz6pcnO53IyVaymGw5/fx89rtthr2weHJRx8DSiFeA8mio5PsJnSISXy/1F+byDvA3B/a NANqL76K+mPMlsc04z4=</SignatureValue><KeyInfo><KeyValue><RSAKeyValue><Modulus>sc Ac0kZZ1Z+ldqz/OK9ZyNmHcNuy8U6fyk2OBvamkWyO3CU9NsWJ6pKZvpO3QAQwKakYbrB3joib 2THy0NEjNFRqdLWw4jaILqjpX0IgdGUY6TZzWq+oRCwTkm/JbG9M7Krl06c1ffMh30V0GnhcXWIC bweBOvfh8jIFA2xvoN0=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue> <X509Data><X509Certificate>MIIFmjCCBIKgAwIBAgIIH1lD8vnjdaEwDQYJKoZIhvcNAQEFBQAwa DELMAkGA1UEBhMCQlIxEzAR BgNVBAoTCklDUC1CcmFzaWwxLDAqBgNVBAsTI1NlY3JldGFyaWEgZGEgUmVjZWl0YSBGZWRlcmFs IC0gU1JGMRYwFAYDVQQDEw1BQyBTRVJBU0EgU1JGMB4XDTA2MTAyMzE4MDkwNVoXDTA5MTAyMjE4 MDkwNVowggE1MQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDEsMCoGA1UECxMjU2Vj cmV0YXJpYSBkYSBSZWNlaXRhIEZlZGVyYWwgLSBTUkYxEjAQBgNVBAsTCVNSRiBlLUNQRjEUMBIG A1UECxMLKEVNIEJSQU5DTykxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQwEgYDVQQLEwsoRU0gQlJB TkNPKTEUMBIGA1UECxMLKEVNIEJSQU5DTykxFDASBgNVBAsTCyhFTSBCUkFOQ08pMRQwEgYDVQQL EwsoRU0gQlJBTkNPKTEUMBIGA1UECxMLKEVNIEJSQU5DTykxNTAzBgNVBAMTLERPTUlOR09TIFNB VklPIEFMQ0FOVEFSQSBNQUNIQURPOjU4NDQyMTQ2NTA0MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQCxwBzSRlnVn6V2rP84r1nI2Ydw27LxTp/KTY4G9qaRbI7cJT02xYnqkpm+k7dABDApqRhu sHeOiJvZMfLQ0SM0VGp0tbDiNoguqOlfQiB0ZRjpNnNar6hELBOSb8lsb0zsquXTpzV98yHfRXQa eFxdYgJvB4E69+HyMgUDbG+g3QIDAQABo4IB+zCCAfcwCQYDVR0TBAIwADAOBgNVHQ8BAf8EBAMC BeAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFLcyqiA9/1rttKzS pxhVioyAKJUEMIGaBgNVHREEgZIwgY+BDERTQU1AVU5JVC5CUqA9BgVgTAEDAaA0EzIwODAxMTk3 MTU4NDQyMTQ2NTA0MDAwMDAwMDAwMDAwMDAwMDAwMDA3OTM4MjJTU1BTRaAXBgVgTAEDBqAOEwww MDAwMDAwMDAwMDCgJwYFYEwBAwWgHhMcMDEwNjIxODUyMTc4MDM2MDI1MkFSQUNBSlVTRTBXBgNV HSAEUDBOMEwGBmBMAQIDCjBCMEAGCCsGAQUFBwIBFjRodHRwOi8vd3d3LmNlcnRpZmljYWRvZGln aXRhbC5jb20uYnIvcmVwb3NpdG9yaW8vZHBjMFMGA1UdHwRMMEowSKBGoESGQmh0dHA6Ly93d3cu Y2VydGlmaWNhZG9kaWdpdGFsLmNvbS5ici9yZXBvc2l0b3Jpby9sY3IvU2VyYXNhU1JGLmNybDBP BggrBgEFBQcBAQRDMEEwPwYIKwYBBQUHMAGGM2h0dHA6Ly9vY3NwLmNlcnRpZmljYWRvZGlnaXRh bC5jb20uYnIvQUNfU2VyYXNhX1NSRjANBgkqhkiG9w0BAQUFAAOCAQEA04lF7He8qnNJYwk8kmyg 0EhdM+BrYirtWwcZcOxd5cRzzhElxk6lcxHNZf0gWyJn7Db1V0p7lhP9nZzA3a4xXOuzjWyncaZC yoQiWeL+y249Snj+j4Y+XhHXj/TuLxEMdCIg5x/uiS/Zm95YZKsDRj0kkn6UJ3eYLHGvCl80M+Wt BAQOg55PJYif4arbBpDBJU+H1B5C6iXsb9Xl9TdN23heAAOIbTxxfdaclVP0vTVogwA2EHaL1U04 5k9R3eMpgsXtTpfIXLMDewUHzRGH2COh//1DhXx/kkr7y/1IH2Ohg0m/pVT2Pj25sWWMWh5Ul3MO 6KUk5XSU/eSTcArBJg==</X509Certificate><X509Certificate>MIIFETCCA/mgAwIBAgISMjAwN TAyMTYxNjU4MjEwMDAxMA0GCSqGSIb3DQEBBQUAMGkxCzAJBgNV BAYTAkJSMRMwEQYDVQQKEwpJQ1AtQnJhc2lsMUUwQwYDVQQDEzxBdXRvcmlkYWRlIENlcnRpZmlj YWRvcmEgZGEgU2VjcmV0YXJpYSBkYSBSZWNlaXRhIEZlZGVyYWwgdjEwHhcNMDUwMjE2MTcwODAy WhcNMTExMDE3MTcwODAyWjBoMQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDEsMCoG A1UECxMjU2VjcmV0YXJpYSBkYSBSZWNlaXRhIEZlZGVyYWwgLSBTUkYxFjAUBgNVBAMTDUFDIFNF UkFTQSBTUkYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDWuxxWvObgcxJ4IugU3acc 837duwUKHTULdh1BFtsm/oe33L9I3omHplteUO3WHPjSwO/oHhQ5irA/AyYcoLt7Fi3Ot96tn62Y V40QXDHL3C8AkSFo8A5nPNaL1l7ITDUWldVK2AzxhvOdOzEn55vEgh6TUWjSPB2T8SjeAmlbhr73 OGZnvrsKma+wiM2i1+n/mh5F8eYwGs5hubdAbYJRWDZN6/R9cXplwYFYCq7h2+K57yigYsailgn4 9DlMcoDWogWmGav3uFnbglX41ERYuaYlLnuTQxbZOqaktYUVat+cVQfHs42lbMfpDehjyn45qCVW 3TzW9vMVdzrjrzndAgMBAAGjggGyMIIBrjASBgNVHRMBAf8ECDAGAQH/AgEAMCIGA1UdIwEBAAQY MBaAFPLn1gjPMUcSnbBOKMKXHJxi0640MCAGA1UdDgEBAAQWBBS3MqogPf9a7bSs0qcYVYqMgCiV BDAOBgNVHQ8BAf8EBAMCAQYwgfgGA1UdIAEBAASB7TCB6jBMBgZgTAECAQ0wQjBABggrBgEFBQcC ARY0aHR0cDovL3d3dy5yZWNlaXRhLmZhemVuZGEuZ292LmJyL2Fjc3JmL2RwY2Fjc3JmLnBkZjBM BgZgTAECAgIwQjBABggrBgEFBQcCARY0aHR0cDovL3d3dy5yZWNlaXRhLmZhemVuZGEuZ292LmJy L2Fjc3JmL2RwY2Fjc3JmLnBkZjBMBgZgTAECAwowQjBABggrBgEFBQcCARY0aHR0cDovL3d3dy5y ZWNlaXRhLmZhemVuZGEuZ292LmJyL2Fjc3JmL2RwY2Fjc3JmLnBkZjBHBgNVHR8BAQAEPTA7MDmg N6A1hjNodHRwOi8vd3d3LnJlY2VpdGEuZmF6ZW5kYS5nb3YuYnIvYWNzcmYvYWNzcmZ2MS5jcmww DQYJKoZIhvcNAQEFBQADggEBAB+T/jLfNoie1YlYRj7Fxiwxssc82zDgRphtENSj3mXhmuJelWUH SbORo/ABMTEjnuPnDDp6EnkwQs4oHgH+a2/js+gYxWx5iI3mj7XyrLNM5rBWe4yWdMOt09toGiPx nehgwiA2/FL5qeKU5AsJ3QtOFWZ6FiR6GotfzZrZsqgf/oqV2bzcxt0LDuq++nU1bz+M6wWFmMSU hdhYeaufBINJn4S6ezOeLWr77OrRala/X8clo1OKiTmioMpwFCILBrTmx6WO7l7Vz0HuRfQ149mu S17v1QFxmZbhwZKqewH75vbVfHdcX3+sUIAqQSJ0A7fHzld67M+9h+c+5BEcs30=</X509Certificat e><X509Certificate>MIIEUTCCAzmgAwIBAgIBETANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQ lIxEzARBgNVBAoT CklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25hbCBkZSBUZWNub2xvZ2lhIGRh IEluZm9ybWFjYW8gLSBJVEkxETAPBgNVBAcTCEJyYXNpbGlhMQswCQYDVQQIEwJERjExMC8GA1UE AxMoQXV0b3JpZGFkZSBDZXJ0aWZpY2Fkb3JhIFJhaXogQnJhc2lsZWlyYTAeFw0wNTAyMDIxMjU1 MDBaFw0xMTExMDIyMzU5MDBaMGkxCzAJBgNVBAYTAkJSMRMwEQYDVQQKEwpJQ1AtQnJhc2lsMUUw QwYDVQQDEzxBdXRvcmlkYWRlIENlcnRpZmljYWRvcmEgZGEgU2VjcmV0YXJpYSBkYSBSZWNlaXRh IEZlZGVyYWwgdjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC0YeMzA5AcEl60DET0 CmVy7lbly2X5TL+IQV98LAW0tfyTe9U43TNqh0vHeg8B3opWG24pOTozbRtPWo1vC5aJYSbGKXBg cqmOpZWrZn25Eqm7qiCD9swIQDpFs6GlrvYBKUArEaNXki6Rte5UOl0wcenYQi3LVGwfXK28xn4u TwP706mrSIm2LhRjTfAtU+78ZeTcdm8wOtfGy2v3oFkyrzl5iLSqsL2n53NvMDuOs3Cv9BnTroNE s4QJNqOogMkCHt2OjvxZ0MCp2wn465tV2/L+ykCIQjfTYGdRiuyXMZu6iKmreHVcORyr0X1QMd4+ PfnT21nwAoN0HaX7jrhfAgMA0yGjgbcwgbQwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2FjcmFp ei5pY3BicmFzaWwuZ292LmJyL0xDUmFjcmFpei5jcmwwEgYDVR0gBAswCTAHBgVgTAEBCDAdBgNV HQ4EFgQU8ufWCM8xRxKdsE4owpccnGLTrjQwHwYDVR0jBBgwFoAUivrxV4QREzWQQvpXSVRpDaTE 8DcwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAK9P G36ERhZZiKakn9Wg99L1MimhCNsNUwcpjSH2RhciX4xeWhlyvRLQOb8wGg23TAc+o4YdrkU0QR+2 DwCOQSN4ctfWsBKz1EpBW2JOeKx8juHHMsKxiPewBNrICC3RU9XVNIWqNsih9jZ8QBrcFS72wKk1 FjGVz5K9cuswmkwuu1KMp/RJdbkcps87VPUd9Y4dbHyTKz87+HggQ+nMdj2SQcz4UB1yVu9j+D+5 6ceMkZPlAm1bczi9nI5Uoj433bfIzR1bjjJtetqz9sjIr13xM2IfJPDw8jQVYOM59KDDx8IfTtM7 QMcd45x8xl4w4nFAm7ePxXboDyjZkNGJTDo=</X509Certificate><X509Certificate>MIIEuDCCA 6CgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBtDELMAkGA1UEBhMCQlIxEzARBgNVBAoT CklDUC1CcmFzaWwxPTA7BgNVBAsTNEluc3RpdHV0byBOYWNpb25hbCBkZSBUZWNub2xvZ2lhIGRh IEluZm9ybWFjYW8gLSBJVEkxETAPBgNVBAcTCEJyYXNpbGlhMQswCQYDVQQIEwJERjExMC8GA1UE AxMoQXV0b3JpZGFkZSBDZXJ0aWZpY2Fkb3JhIFJhaXogQnJhc2lsZWlyYTAeFw0wMTExMzAxMjU4 MDBaFw0xMTExMzAyMzU5MDBaMIG0MQswCQYDVQQGEwJCUjETMBEGA1UEChMKSUNQLUJyYXNpbDE9 MDsGA1UECxM0SW5zdGl0dXRvIE5hY2lvbmFsIGRlIFRlY25vbG9naWEgZGEgSW5mb3JtYWNhbyAt IElUSTERMA8GA1UEBxMIQnJhc2lsaWExCzAJBgNVBAgTAkRGMTEwLwYDVQQDEyhBdXRvcmlkYWRl IENlcnRpZmljYWRvcmEgUmFpeiBCcmFzaWxlaXJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB CgKCAQEAwPMudwX/hvm+Uh2b/lQAcHVAisamaLkWdkwP9/S/tOKIgRrL6Oy+ZIGlOUdd6uYtk9Ma /3pUpgcfNAj0vYm5gsyjQo9emsc+x6m4VWwk9iqMZSCK5EQkAq/Ut4n7KuLE1+gdftwdIgxfUsPt 4CyNrY50QV57KM2UT8x5rrmzEjr7TICGpSUAl2gVqe6xaii+bmYR1QrmWaBSAG59LrkrjrYtbRhF boUDe1DK+6T8s5L6k8c8okpbHpa9veMztDVC9sPJ60MWXh6anVKo1UcLcbURyEeNvZneVRKAAU6o uwdjDvwlsaKydFKwed0ToQ47bmUKgcm+wV3eTRk36UOnTwIDAQABo4HSMIHPME4GA1UdIARHMEUw QwYFYEwBAQAwOjA4BggrBgEFBQcCARYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292LmJyL0RQ Q2FjcmFpei5wZGYwPQYDVR0fBDYwNDAyoDCgLoYsaHR0cDovL2FjcmFpei5pY3BicmFzaWwuZ292 LmJyL0xDUmFjcmFpei5jcmwwHQYDVR0OBBYEFIr68VeEERM1kEL6V0lUaQ2kxPA3MA8GA1UdEwEB /wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQAZA5c1U/hgIh6OcgLA fiJgFWpvmDZWqlV30/bHFpj8iBobJSm5uDpt7TirYh1Uxe3fQaGlYjJe+9zd+izPRbBqXPVQA34E Xcwk4qpWuf1hHriWfdrx8AcqSqr6CuQFwSr75FosSzlwDADa70mT7wZjAmQhnZx2xJ6wfWlT9VQf S//JYeIc7Fue2JNLd00UOSMMaiK/t79enKNHEA2fupH3vEigf5Eh4bVAN5VohrTm6MY53x7XQZZr 1ME7a55lFEnSeT0umlOAjR2mAbvSM5X5oSZNrmetdzyTj2flCM8CC7MLab0kkdngRIlUBGHF1/S5 nmPbK+9A46sd33oqK8n8</X509Certificate></X509Data></KeyInfo></Signature></NotasFa ltas> -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
