Since using XPath expressions in XML Security Digital Signatures didn't
work as expected with Castor due to problems with <any> elements in XML
Schema, i'm now using the Reference element for identification.
Now, there's the next problem :-)
I've got an XML like this:
-------------------------------------------------
<ds:Signature xmlns="testnamespace"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></ds:CanonicalizationMethod>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1";></ds:SignatureMethod>
<ds:Reference URI="#TEST1234">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod>
<ds:DigestValue>ylnVcxYJeeEPMmhCt6IcU4rc57I=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>WGVIpRzKIHbFmXferMwUtFCr9fkAlTZ298oGDC/B7Cd1w86GcKBsIg==</ds:SignatureValue>
...
</ds:Signature>
-------------------------------------------------
And after marshalling/unmarshalling i get this (which is NOT valid
anymore, since the prefixes and namespaces changed):
(Email client wrapped the single line below:)
-------------------------------------------------
<ns1:Signature
xmlns:ns1="http://www.w3.org/2000/09/xmldsig#";><ns1:SignedInfo><ns1:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ns1:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/><ns1:Reference
URI="#TEST1234"><ns1:Transforms><ns1:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ns1:Transforms><ns1:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ns1:DigestValue>ylnVcxYJeeEPMmhCt6IcU4rc57I=</ns1:DigestValue></ns1:Reference></ns1:SignedInfo><ns1:SignatureValue>WGVIpRzKIHbFmXferMwUtFCr9fkAlTZ298oGDC/B7Cd1w86GcKBsIg==</ns1:SignatureValue>...</ns1:Signature>
-------------------------------------------------
As you can see, there are multiple problems:
1) The custom namespace "testnamespace" has been removed - this
invalidates the signature
2) The namespace prefix "ds" changed to "ns1" - this invalidates the
signature
3) The element "SignedInfo" is not indented like it was before - this
invalidates the signature.
How can I tell castor to unmarshall the Signature with the namespaces?
unmarshaller.addNamespaceToPackageMapping(nsURI,packageName) is not What
I want, i want something like
unmarshaller.addNamespacePrefix("ds","http://www.w3.org/2000/09/xmldsig#";);
unmarshaller.addNamespacePrefix("","testnamespace");
Or is this the wrong way?
kind regards
Mike
Mike Haller schrieb:
Can't get it to work.
I tried using a castor-mapping.xml, injecting custom code into an
abstract parent class for all generated classes.
"unable to find FieldDescriptor for 'XPath' in ClassDescriptor of
TransformType" is the only thing I get.
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Transform>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2";>
<dsig-xpath:XPath
xmlns:dsig-xpath="http://www.w3.org/2002/06/xmldsig-filter2";
Filter="intersect">License/SignedLicenseInfo[1]</dsig-xpath:XPath>
</ds:Transform>
</ds:Transforms>
The "XPath" element is the problem, and I don't know how to tell Castor
that there should be a getXPath/setXPath in the TransformType class.
Mike Haller schrieb:
Yes, this seems to be the problem.
Sorry for bothering, this seems to be the same as bug #1003 (Open,
Blocker): "Unmarshalling of sequence of <any> fails"
http://jira.codehaus.org/browse/CASTOR-1003
I was using castor-0.9.6-xml.jar, and updated to 0.9.7M1, but to no
avail. I am not using any mapping file. Is it possible to workaround
using mappings?
kind regards
Mike
Andrew Fawcett schrieb:
So it looks like the Xpath element isn't being picked up by the Source
Generator tool yes?
-----Original Message-----
From: Mike Haller [mailto:[EMAIL PROTECTED] Sent: 31 May
2005 15:59
To: [email protected]
Subject: Re: [castor-user] Castor and XML-Security
So, here's my first problem :-)
<complexType name="TransformType" mixed="true"> <choice minOccurs="0"
maxOccurs="unbounded"> <any namespace="##other" processContents="lax"/>
<element name="XPath" type="string"/> </choice> <attribute
name="Algorithm" type="anyURI" use="required"/> </complexType>
the element "XPath" is not created as Java class, hence cannot be
Unmarshalled. The class TransformType has getter and setter for "String
getContent()" and "setContent(String)"
Is it possible to use some sort of mapping? How?
kind regards
Mike
Mike Haller schrieb:
Hi all,
i'm pretty new to Castor, currently writing my diploma thesis.
I have my own business model as XML Schema, and I use Apache Axis to
transmit the objects between clients and server. The source code is
generated by Castor, and all this works like a charm.
Now I wanted them (the business objects) to be digitally signed
using XML-Security. But after being signed, they cannot be
Unmarshalled by Castor anymore.
Is it the right way to import the XML-Security Schema into my own
business schema, and thus creating lots of additional Java classes
of the XML-Security package, or should I use another way?
My Plan is:
- Import xmldsig-core-schema.xsd into my-business.xsd
- Generate business-classes and xmldsig-classes
If anyone can push me in the right direction, i'll appreciate it :-)
kind regards
Mike
-------------------------------------------------
If you wish to unsubscribe from this list, please send an empty
message to the following address:
[EMAIL PROTECTED]
-------------------------------------------------
-------------------------------------------------
If you wish to unsubscribe from this list, please send an empty message
to the following address:
[EMAIL PROTECTED]
-------------------------------------------------
The information in this message is confidential and may be legally
privileged. It may not be disclosed to, or used by, anyone other than
the addressee. If you receive this message in error, please advise us
immediately. Internet emails are not necessarily secure. CODA does
not accept responsibility for changes to any email which occur after
the email has been sent. Attachments to this email may contain
software viruses, which could damage your systems. CODA has checked
the attachments for viruses before sending, but you should
virus-check them before opening.
-------------------------------------------------
If you wish to unsubscribe from this list, please send an empty
message to the following address:
[EMAIL PROTECTED]
-------------------------------------------------
-------------------------------------------------
If you wish to unsubscribe from this list, please send an empty
message to the following address:
[EMAIL PROTECTED]
-------------------------------------------------
-------------------------------------------------
If you wish to unsubscribe from this list, please send an empty message
to the following address:
[EMAIL PROTECTED]
-------------------------------------------------
-------------------------------------------------
If you wish to unsubscribe from this list, please
send an empty message to the following address:
[EMAIL PROTECTED]
-------------------------------------------------
