Signature validation problem - C14N transform returns null

Wed, 06 Aug 2008 09:06:11 -0700 

I am facing a issue with validating the xml signature. I have enveloped
transform followed by ex-C14N. I did search xmlsec mail archive but to no
success. Then I tried with debugging the xmlsec src code:
 
 The Reference object loops through all the configured transforms, the

 http://www.w3.org/2000/09/xmldsig#enveloped-signature 

   transform returns a (modified, i assume) XMLSignatureInput, then we  

 run through the C14N and it returns null!



 The block of code is in CanonicalizerBase.java in method  

 engineCanonicalizeXPathNodeSetInternal.



           this.canonicalizeXPathNodeSet(doc,doc);

           System.out.println("canonicalizeXPathNodeSet is ok i  

 guess...");

           this._writer.close();

           if (this._writer instanceof ByteArrayOutputStream) {

              byte []  

 sol=((ByteArrayOutputStream)this._writer).toByteArray();

              if (reset) {

                ((ByteArrayOutputStream)this._writer).reset();

              }

                return sol;

           }  else if (this._writer instanceof  

 UnsyncByteArrayOutputStream) {

                 byte  

 []result=((UnsyncByteArrayOutputStream)this._writer).toByteArray();

               if (reset) {

                   ((UnsyncByteArrayOutputStream)this._writer).reset();

               }

                 return result;

           }

           return null;   <------ returns this null!



 The _writer instance in this case was created in Reference.java method  

 calculateDigest. Thus the ByteArrayOutputStreams of CanonicalizeBase do not
match with the BufferedOutputStreams of Reference class, causing it to
return null.



           MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm();



           mda.reset();

           DigesterOutputStream diOs=new DigesterOutputStream(mda);

           OutputStream os=new UnsyncBufferedOutputStream(diOs);   <---  

 not check via instanceof in CanonicalizerBase

           XMLSignatureInput  

 output=this.dereferenceURIandPerformTransforms(os);

           output.updateOutputStream(os);

           os.flush();



Pls help me in resolving this. The signedInfo element is this:
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/
<http://www.w3.org/TR/2001/REC-xml-c14n-20010315> >
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/
<http://www.w3.org/2000/09/xmldsig#rsa-sha1> >

 <ds:Reference URI="#id-23761097">

 <ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/
<http://www.w3.org/2000/09/xmldsig#enveloped-signature> >
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/
<http://www.w3.org/2001/10/xml-exc-c14n#> >
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/
<http://www.w3.org/2000/09/xmldsig#sha1> >
<ds:DigestValue>SVUf+cO2NKZpSOHHhPfQjLQNhiE=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>

Reply via email to