I am trying to create, then verify a signature, without much success. I
assume something I am doing is corrupting the XML, so I chnaged the code
to call checkSignatureValue() immediately after calling sign():
Document doc = assertion.getOwnerDocument();
doc.normalize();
// somehow the ID attribute is not yet really in the doc
// so we regsiter the id of interest so the Resolver
called by sign can
// find it
String assertionId =
assertion.getAttributeNode("ID").toString().substring(4,37);
IdResolver.registerElementById(assertion, assertionId);
XMLSignature sig = new XMLSignature(doc, "",
XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
assertion.insertBefore(sig.getElement(),assertion.getFirstChild());
// create the transforms object for the Document/Reference
Transforms transforms = new Transforms(doc);
// First we have to strip away the signature element (it's
not part of
// the signature calculations). The enveloped transform
can be used.
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
// Part of the signature element needs to be
canonicalized. It is a kind
// of normalizing algorithm for XML. For more information
please take a
// look at the W3C XML Digital Signature webpage.
InclusiveNamespaces incNS = new
InclusiveNamespaces(doc, "ds saml xenc xs");
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS,incNS.getElement());
// Add the above Document/Reference
sig.addDocument("#"+assertionId, transforms,
Constants.ALGO_ID_DIGEST_SHA1);
Key privKey = (Key) cred.get("privateKey");
sig.sign(privKey);
boolean isSuccess = sig.checkSignatureValue(<public
key>);
LogManager.debug("First verification = " + isSuccess);
The call to sig.checkSignatureValue () fails. Can anyone help
explain why? If I understand this, I am hoping I will better understand
how to make the the rest work.
Ed
