I created a bug for this -
https://issues.apache.org/bugzilla/show_bug.cgi?id=45586 that has sample
signature generated by the application I use. I am using xmlsec 1.2.1
version in which I get the same problem :
CanonicalizerBase.engineCanonicalizeSubTree:
..
if (this._writer instanceof ByteArrayOutputStream) {
byte
[]result=((ByteArrayOutputStream)this._writer).toByteArray();
if (reset) {
((ByteArrayOutputStream)this._writer).reset();
}
return result;
}
return null;
..
And in Reference.calculateDigest:
MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm();
mda.reset();
DigesterOutputStream diOs=new DigesterOutputStream(mda);
OutputStream os=new BufferedOutputStream(diOs);
//BufferedOutputstream here
XMLSignatureInput
output=this.dereferenceURIandPerformTransforms(os);
output.updateOutputStream(os);
os.flush();
I am now trying to shift the app to xmsec 1.4.1 but looking at the code that
I posted initially, I see the same issue here ie, the output stream classes
do not match.
-Satish
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of Raul Benito
Sent: Thursday, August 07, 2008 6:06 PM
To: security-dev@xml.apache.org
Subject: Re: Signature validation problem - C14N transform returns null
Sathis,
I think that particular code is correct, it is strange because the api,
that the transformation and the c14n is using looks like a pipeline one, but
after profiling it I change it to a visitor one, the problem is that in some
parts of the code there are some users as pipeline that is why I can
deprecated the several if instanceof, that I will love to.
Can you post the sighnature that is giving you the problem with the code
that is making a problem. Also take into account that envelope and exc-c14n
transformation was my base case and the default for all optimizations, so
I'm 98% sure that part is working
Regards,
Raul
On Wed, Aug 6, 2008 at 5:04 PM, Satish Burnwal <[EMAIL PROTECTED]> wrote:
> I am facing a issue with validating the xml signature. I have
> enveloped transform followed by ex-C14N. I did search xmlsec mail
> archive but to no success. Then I tried with debugging the xmlsec src
code:
>
>
> The Reference object loops through all the configured transforms, the
> http://www.w3.org/2000/09/xmldsig#enveloped-signature
> transform returns a (modified, i assume) XMLSignatureInput, then we
> run through the C14N and it returns null!
>
> The block of code is in CanonicalizerBase.java in method
> engineCanonicalizeXPathNodeSetInternal.
>
> this.canonicalizeXPathNodeSet(doc,doc);
> System.out.println("canonicalizeXPathNodeSet is ok i
> guess...");
> this._writer.close();
> if (this._writer instanceof ByteArrayOutputStream) {
> byte []
> sol=((ByteArrayOutputStream)this._writer).toByteArray();
> if (reset) {
> ((ByteArrayOutputStream)this._writer).reset();
> }
> return sol;
> } else if (this._writer instanceof
> UnsyncByteArrayOutputStream) {
> byte
> []result=((UnsyncByteArrayOutputStream)this._writer).toByteArray();
> if (reset) {
> ((UnsyncByteArrayOutputStream)this._writer).reset();
> }
> return result;
> }
> return null; <------ returns this null!
>
> The _writer instance in this case was created in Reference.java
> method calculateDigest. Thus the ByteArrayOutputStreams of
> CanonicalizeBase do not match with the BufferedOutputStreams of
> Reference class, causing it to return null.
>
> MessageDigestAlgorithm mda =
> this.getMessageDigestAlgorithm();
>
> mda.reset();
> DigesterOutputStream diOs=new DigesterOutputStream(mda);
> OutputStream os=new UnsyncBufferedOutputStream(diOs); <---
> not check via instanceof in CanonicalizerBase
> XMLSignatureInput
> output=this.dereferenceURIandPerformTransforms(os);
> output.updateOutputStream(os);
> os.flush();
>
> Pls help me in resolving this. The signedInfo element is this:
>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>
> <ds:Reference URI="#id-23761097">
>
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <ds:DigestValue>SVUf+cO2NKZpSOHHhPfQjLQNhiE=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
>
>
