Ian Hummel wrote:
hmmm you're right.
Another thing I noticed is that if I add
assertion.setIdAttribute("id", true);
things seem to work as well...
Can you comment on that?
Yes, you are registering the ID so it doesn't execute the same code path
that triggered the NPE.
But, you should still always use the DOM namespace aware methods because
even though this worked, you will definitely get problems in more
complicated scenarios.
--Sean
Thank you Sean!
On Jun 26, 2008, at 5:49 PM, Sean Mullan wrote:
You must always use the DOM namespace aware methods when creating
elements and attributes, change:
Element assertion = doc.createElement("Assertion");
assertion.setAttribute("id", "mynode");
to:
Element assertion = doc.createElementNS(null, "Assertion");
assertion.setAttributeNS(null,"id", "mynode");
Works fine after I made those changes.
That said, the XMLSec code could be a bit more robust and check for
nulls and throw a more descriptive exception in these cases so I will
open a bug on this.
--Sean
Ian Hummel wrote:
Hi everyone,
I cannot seem to get a simple example enveloped signature example to
work. I guess I am doing something stupid, but I can't for the life of
me figure out what's wrong!
I get this error using jdk 5 and xmlsec 1.4.0 or 1.4.2 (but it seems to
work with 1.3.0??):
Exception in thread "main" java.lang.RuntimeException: Error doing it
at test.Test.main(Test.java:82)
Caused by: java.lang.NullPointerException
at org.apache.xml.security.utils.IdResolver.isElement(Unknown Source)
at org.apache.xml.security.utils.IdResolver.getEl(Unknown Source)
at
org.apache.xml.security.utils.IdResolver.getElementBySearching(Unknown
Source)
at org.apache.xml.security.utils.IdResolver.getElementById(Unknown
Source)
at
org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolve(Unknown
Source)
at
org.apache.xml.security.utils.resolver.ResourceResolver.resolve(Unknown
Source)
at
org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Unknown
Source)
at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
Source)
at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
Source)
at
org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
Source)
at
org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
Source)
at org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
at test.Test.signDoc(Test.java:49)
at test.Test.main(Test.java:78)
Here is the sample code:
package test;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.utils.Constants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
public class Test {
private Certificate cert;
private PrivateKey privateKey;
static {
org.apache.xml.security.Init.init();
}
public Test() throws Exception {
KeyStore keyStore = KeyStore.getInstance("JKS");
keyStore.load(new java.io.FileInputStream("keystore.jks"),
"changeit".toCharArray());
Certificate cert = keyStore.getCertificate("tomcat");
PrivateKey privateKey = (PrivateKey) keyStore.getKey("tomcat",
"changeit".toCharArray());
this.cert = cert;
this.privateKey = privateKey;
}
private void signDoc(Document doc, Element assertion, String messageId)
throws Exception {
XMLSignature signature = new XMLSignature(doc, "",
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
assertion.appendChild(signature.getElement());
Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
signature.addDocument("#" + messageId, transforms,
Constants.ALGO_ID_DIGEST_SHA1);
signature.addKeyInfo(cert.getPublicKey());
signature.sign(privateKey);
}
private void verifyDoc(Document doc) {
}
private void dumpDoc(Document doc) throws Exception {
System.out.println("---------");
Transformer xformer = TransformerFactory.newInstance().newTransformer();
DOMSource source = new DOMSource(doc);
StreamResult result = new StreamResult(System.out);
xformer.transform(source, result);
System.out.println();
System.out.println("---------");
}
public static void main(String[] args) {
try {
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setValidating(false);
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
Document doc = db.newDocument();
Element assertion = doc.createElement("Assertion");
assertion.setAttribute("id", "mynode");
doc.appendChild(assertion);
Test t = new Test();
t.dumpDoc(doc);
t.signDoc(doc, assertion, "mynode");
t.dumpDoc(doc);
t.verifyDoc(doc);
} catch (Exception e) {
throw new RuntimeException("Error doing it", e);
}
}
}
