Sathis, I think that particular code is correct, it is strange because the api, that the transformation and the c14n is using looks like a pipeline one, but after profiling it I change it to a visitor one, the problem is that in some parts of the code there are some users as pipeline that is why I can deprecated the several if instanceof, that I will love to. Can you post the sighnature that is giving you the problem with the code that is making a problem. Also take into account that envelope and exc-c14n transformation was my base case and the default for all optimizations, so I'm 98% sure that part is working
Regards, Raul On Wed, Aug 6, 2008 at 5:04 PM, Satish Burnwal <[EMAIL PROTECTED]> wrote: > I am facing a issue with validating the xml signature. I have enveloped > transform followed by ex-C14N. I did search xmlsec mail archive but to no > success. Then I tried with debugging the xmlsec src code: > > > The Reference object loops through all the configured transforms, the > http://www.w3.org/2000/09/xmldsig#enveloped-signature > transform returns a (modified, i assume) XMLSignatureInput, then we > run through the C14N and it returns null! > > The block of code is in CanonicalizerBase.java in method > engineCanonicalizeXPathNodeSetInternal. > > this.canonicalizeXPathNodeSet(doc,doc); > System.out.println("canonicalizeXPathNodeSet is ok i > guess..."); > this._writer.close(); > if (this._writer instanceof ByteArrayOutputStream) { > byte [] > sol=((ByteArrayOutputStream)this._writer).toByteArray(); > if (reset) { > ((ByteArrayOutputStream)this._writer).reset(); > } > return sol; > } else if (this._writer instanceof > UnsyncByteArrayOutputStream) { > byte > []result=((UnsyncByteArrayOutputStream)this._writer).toByteArray(); > if (reset) { > ((UnsyncByteArrayOutputStream)this._writer).reset(); > } > return result; > } > return null; <------ returns this null! > > The _writer instance in this case was created in Reference.java method > calculateDigest. Thus the ByteArrayOutputStreams of CanonicalizeBase do not > match with the BufferedOutputStreams of Reference class, causing it to > return null. > > MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm(); > > mda.reset(); > DigesterOutputStream diOs=new DigesterOutputStream(mda); > OutputStream os=new UnsyncBufferedOutputStream(diOs); <--- > not check via instanceof in CanonicalizerBase > XMLSignatureInput > output=this.dereferenceURIandPerformTransforms(os); > output.updateOutputStream(os); > os.flush(); > > Pls help me in resolving this. The signedInfo element is this: > > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> > <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > > <ds:Reference URI="#id-23761097"> > > <ds:Transforms> > <ds:Transform > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> > <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> > </ds:Transforms> > <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <ds:DigestValue>SVUf+cO2NKZpSOHHhPfQjLQNhiE=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > >
