Re: Signature verification issue

Tue, 05 Aug 2008 03:34:32 -0700 

You have to serialize the signature and deserialize it sadly the
internal structures doesn't manage signing and verifying and the same
time.

On Mon, Aug 4, 2008 at 1:42 PM,  <[EMAIL PROTECTED]> wrote:
>
> I am trying to create, then verify a signature, without much success.  I
> assume something I am doing is corrupting the XML, so I chnaged the code to
> call checkSignatureValue() immediately after calling sign():
>
>                 Document doc = assertion.getOwnerDocument();
>                 doc.normalize();
>                 // somehow the ID attribute is not yet really in the doc
>                 // so we regsiter the id of interest so the Resolver called
> by sign can
>                 // find it
>                 String assertionId =
> assertion.getAttributeNode("ID").toString().substring(4,37);
>                 IdResolver.registerElementById(assertion, assertionId);
>
>                 XMLSignature sig = new XMLSignature(doc, "",
>
> XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
>
> assertion.insertBefore(sig.getElement(),assertion.getFirstChild());
>
>                 // create the transforms object for the Document/Reference
>                 Transforms transforms = new Transforms(doc);
>
>                 // First we have to strip away the signature element (it's
> not part of
>                 // the signature calculations). The enveloped transform can
> be used.
>
> transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
>                 // Part of the signature element needs to be canonicalized.
> It is a kind
>                 // of normalizing algorithm for XML. For more information
> please take a
>                 // look at the W3C XML Digital Signature webpage.
>                     InclusiveNamespaces incNS = new InclusiveNamespaces(doc,
> "ds saml xenc xs");
>
>
> transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS,incNS.getElement());
>                 // Add the above Document/Reference
>                 sig.addDocument("#"+assertionId, transforms,
> Constants.ALGO_ID_DIGEST_SHA1);
>
>                 Key privKey = (Key) cred.get("privateKey");
>                 sig.sign(privKey);
>
>                     boolean isSuccess =  sig.checkSignatureValue(<public
> key>);
>                    LogManager.debug("First verification = " + isSuccess);
>
>       The call to sig.checkSignatureValue () fails.  Can anyone help explain
> why?  If I understand this, I am hoping I will better understand how to make
> the the rest work.
>
> Ed

Reply via email to