https://issues.apache.org/bugzilla/show_bug.cgi?id=47758
--- Comment #1 from bhupinder <bhupinder.sa...@gmail.com> 2009-08-28 06:10:49
PDT ---
Below is code used with JDK 6 testing
Document doc =
dbf.newDocumentBuilder().parse(byteArrayInputStream);
NodeList nl =
doc.getElementsByTagNameNS(XMLSignature.XMLNS,
"Signature");
if (nl.getLength() == 0) {
System.out.println("0");
return;
}
String providerName = System.getProperty(
"jsr105Provider",
"org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory fac =
XMLSignatureFactory.getInstance("DOM",
(Provider)
Class.forName(providerName).newInstance());
DOMValidateContext valContext = new DOMValidateContext(new
KeyValueKeySelector(), nl.item(0));
XMLSignature signature =
fac.unmarshalXMLSignature(valContext);
signature.getSignatureValue().validate(valContext);
boolean coreValidity = signature.validate(valContext);
if (coreValidity == false) {
System.err.println("Signature failed");
} else {
System.out.println("Signature passed");
}
******************************************************************
When I try to validate this signature with xmlsecurity jar I tried latest 1.4.3
it give me error
XMLSignature [WARN] Signature verification failed
code snippet used for this
XMLSignature sig = null;
public void verify(Key k)
throws SAMLException {
if (!isSigned()) {
throw new InvalidCryptoException("SAMLSignedObject.verify() can't
verify unsigned object");
}
try {
// Validate the signature content by checking for specific
Transforms.
boolean valid = false;
SignedInfo si = sig.getSignedInfo();
if (si.getLength() == 1) {
Reference ref = si.item(0);
if (ref.getURI() == null || ref.getURI().equals("") ||
ref.getURI().equals("#" + getId())) {
Transforms trans = ref.getTransforms();
for (int i = 0; i < trans.getLength(); i++) {
if
(trans.item(i).getURI().equals(Transforms.TRANSFORM_ENVELOPED_SIGNATURE)) {
valid = true;
} else if (!trans.item(i).getURI().equals(
Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS))
{
valid = false;
break;
}
}
}
}
if (!valid) {
throw new InvalidCryptoException(
"SAMLSignedObject.verify() detected an invalid
signature profile");
} else {
log.debug("\n SAMLSignedObject is Valid for Id - " + getId());
}
// If k is null, try and find a key inside the signature.
if (k == null) {
if (sig_from_parse) {
k = sig.getKeyInfo().getPublicKey();
} else {
// This is really, ugly, but when the signature hasn't been
fully built from a DOM,
// none of the interesting bits of keying material are
reachable via the API.
// We have to serialize out the KeyInfo piece, and reparse
it.
ByteArrayOutputStream out = new ByteArrayOutputStream();
Canonicalizer c =
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
out.write(c.canonicalizeSubtree(sig.getElement().getLastChild()));
ByteArrayInputStream in = new
ByteArrayInputStream(out.toByteArray());
KeyInfo temp = new
KeyInfo(XML.parserPool.parse(in).getDocumentElement(), "");
k = temp.getPublicKey();
}
}
----------------> if (!sig.checkSignatureValue(k)) {
throw new InvalidCryptoException(
"SAMLSignedObject.verify() failed to validate signature
value");
}
} catch (XMLSecurityException e) {
throw new InvalidCryptoException("SAMLSignedObject.verify()
detected an XML security exception: " +
e.getMessage(), e);
} catch (java.io.IOException e) {
throw new InvalidCryptoException("SAMLSignedObject.verify()
detected an I/O exception: " +
e.getMessage(), e);
} catch (SAXException e) {
throw new InvalidCryptoException("SAMLSignedObject.verify()
detected a XML parsing exception: " +
e.getMessage(), e);
}
}
verification fails here
----------------> if (!sig.checkSignatureValue(k))
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
