You must always use the DOM namespace aware methods when creating
elements and attributes, change:
> Element assertion = doc.createElement("Assertion");
> assertion.setAttribute("id", "mynode");
to:
> Element assertion = doc.createElementNS(null, "Assertion");
> assertion.setAttributeNS(null,"id", "mynode");
Works fine after I made those changes.
That said, the XMLSec code could be a bit more robust and check for
nulls and throw a more descriptive exception in these cases so I will
open a bug on this.
--Sean
Ian Hummel wrote:
Hi everyone,
I cannot seem to get a simple example enveloped signature example to
work. I guess I am doing something stupid, but I can't for the life of
me figure out what's wrong!
I get this error using jdk 5 and xmlsec 1.4.0 or 1.4.2 (but it seems to
work with 1.3.0??):
Exception in thread "main" java.lang.RuntimeException: Error doing it
at test.Test.main(Test.java:82)
Caused by: java.lang.NullPointerException
at org.apache.xml.security.utils.IdResolver.isElement(Unknown Source)
at org.apache.xml.security.utils.IdResolver.getEl(Unknown Source)
at
org.apache.xml.security.utils.IdResolver.getElementBySearching(Unknown
Source)
at org.apache.xml.security.utils.IdResolver.getElementById(Unknown Source)
at
org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolve(Unknown
Source)
at
org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
Source)
at
org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
Source)
at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
Source)
at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
Source)
at
org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
Source)
at
org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
Source)
at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
at test.Test.signDoc(Test.java:49)
at test.Test.main(Test.java:78)
Here is the sample code:
package test;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.Constants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
public class Test {
private Certificate cert;
private PrivateKey privateKey;
static {
org.apache.xml.security.Init.init();
}
public Test() throws Exception {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new java.io.FileInputStream("keystore.jks"),
"changeit".toCharArray());
Certificate cert = keyStore.getCertificate("tomcat");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("tomcat",
"changeit".toCharArray());
this.cert = cert;
this.privateKey = privateKey;
}
private void signDoc(Document doc, Element assertion, String messageId)
throws Exception {
XMLSignature signature = new XMLSignature(doc, "",
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
assertion.appendChild(signature.getElement());
Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
signature.addDocument("#" + messageId, transforms,
Constants.ALGO_ID_DIGEST_SHA1);
signature.addKeyInfo(cert.getPublicKey());
signature.sign(privateKey);
}
private void verifyDoc(Document doc) {
}
private void dumpDoc(Document doc) throws Exception {
System.out.println("---------");
Transformer xformer = TransformerFactory.newInstance().newTransformer();
DOMSource source = new DOMSource(doc);
StreamResult result = new StreamResult(System.out);
xformer.transform(source, result);
System.out.println();
System.out.println("---------");
}
public static void main(String[] args) {
try {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(false);
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
Document doc = db.newDocument();
Element assertion = doc.createElement("Assertion");
assertion.setAttribute("id", "mynode");
doc.appendChild(assertion);
Test t = new Test();
t.dumpDoc(doc);
t.signDoc(doc, assertion, "mynode");
t.dumpDoc(doc);
t.verifyDoc(doc);
} catch (Exception e) {
throw new RuntimeException("Error doing it", e);
}
}
}
