Re: Cannot get an evenloped signature to work...

Fri, 27 Jun 2008 05:20:08 -0700 

hmmm you're right.

Another thing I noticed is that if I add

        assertion.setIdAttribute("id", true);

things seem to work as well...


Can you comment on that?

Thank you Sean!


On Jun 26, 2008, at 5:49 PM, Sean Mullan wrote:


You must always use the DOM namespace aware methods when creating
elements and attributes, change:


   Element assertion = doc.createElement("Assertion");
assertion.setAttribute("id", "mynode");


to:


   Element assertion = doc.createElementNS(null, "Assertion");
assertion.setAttributeNS(null,"id", "mynode");


Works fine after I made those changes.

That said, the XMLSec code could be a bit more robust and check for
nulls and throw a more descriptive exception in these cases so I will
open a bug on this.

--Sean

Ian Hummel wrote:

Hi everyone,

I cannot seem to get a simple example enveloped signature example to
work. I guess I am doing something stupid, but I can't for the life of 
me figure out what's wrong!
I get this error using jdk 5 and xmlsec 1.4.0 or 1.4.2 (but it seems to 
work with 1.3.0??):

Exception in thread "main" java.lang.RuntimeException: Error doing it
at test.Test.main(Test.java:82)
Caused by: java.lang.NullPointerException
at org.apache.xml.security.utils.IdResolver.isElement(Unknown Source)
at org.apache.xml.security.utils.IdResolver.getEl(Unknown Source)
at
org .apache.xml.security.utils.IdResolver.getElementBySearching(Unknown 
Source)
at org.apache.xml.security.utils.IdResolver.getElementById(Unknown Source) 
at
org .apache .xml .security .utils .resolver.implementations.ResolverFragment.engineResolve(Unknown 
Source)
at
org .apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown 
Source)
at
org .apache .xml .security.signature.Reference.getContentsBeforeTransformation(Unknown 
Source)
at
org .apache .xml .security .signature.Reference.dereferenceURIandPerformTransforms(Unknown 
Source)
at org.apache.xml.security.signature.Reference.calculateDigest(Unknown 
Source)
at
org .apache.xml.security.signature.Reference.generateDigestValue(Unknown 
Source)
at
org .apache.xml.security.signature.Manifest.generateDigestValues(Unknown 
Source)
at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source) 
at test.Test.signDoc(Test.java:49)
at test.Test.main(Test.java:78)

Here is the sample code:

package test;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;

import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;

import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.Constants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;


public class Test {
private Certificate cert;
private PrivateKey privateKey;
static {
org.apache.xml.security.Init.init();
}
public Test() throws Exception {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new java.io.FileInputStream("keystore.jks"),
"changeit".toCharArray());
Certificate cert = keyStore.getCertificate("tomcat");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("tomcat",
"changeit".toCharArray());
this.cert = cert;
this.privateKey = privateKey;
}
private void signDoc(Document doc, Element assertion, String messageId) 
throws Exception {
XMLSignature signature = new XMLSignature(doc, "",
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
assertion.appendChild(signature.getElement());

Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms .addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS); 
signature.addDocument("#" + messageId, transforms,
Constants.ALGO_ID_DIGEST_SHA1);
signature.addKeyInfo(cert.getPublicKey());
signature.sign(privateKey);
}
private void verifyDoc(Document doc) {
}
private void dumpDoc(Document doc) throws Exception {
System.out.println("---------");
Transformer xformer = TransformerFactory.newInstance().newTransformer(); 
DOMSource source = new DOMSource(doc);
StreamResult result = new StreamResult(System.out);
xformer.transform(source, result);
System.out.println();
System.out.println("---------");
}
public static void main(String[] args) {
try {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
     dbf.setValidating(false);
      dbf.setNamespaceAware(true);
   DocumentBuilder db = dbf.newDocumentBuilder();
   Document doc = db.newDocument();
   Element assertion = doc.createElement("Assertion");
assertion.setAttribute("id", "mynode");
doc.appendChild(assertion);
Test t = new Test();
t.dumpDoc(doc);
t.signDoc(doc, assertion, "mynode");
t.dumpDoc(doc);
t.verifyDoc(doc);
} catch (Exception e) {
throw new RuntimeException("Error doing it", e);
}
}
}

Reply via email to