XML Digital Signature Canonicalisation Error.
Hi,
I am writing JAVA code to perform XML Digital Signature and Verification. I am using jwsdp-2.0 jar files xmldsig.jar and xmlsec.jar.
I am successfully able to sing the xml but still have few issues.
1. Canoniclisation on SignedInfo is not happening. API is signing the SignedInfo Element without performing Canonicalisation. I turned on debugging and it shows FINE: Canonicalized SignedInfo:error. Because its not able to perform Canonicalisation verification fails on other end.
fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,(C14NMethodParameterSpec)null) is the canonicalisation param I am passing to SI.
2. Not able to specify XPointer in URI string when creating Reference object. It works fine with, just id of element as reference, but not with xpointer.
Any help on these issue is greatly appreciated.
Thanks for your help.
Ajit Rathod
CODE :
============================================================
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.spec.*;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.net.URLEncoder;
import java.security.*;
import java.util.Collections;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.*;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
public class GenEnveloped {
public static void main(String[] args) throws Exception {
String providerName = System.getProperty
("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",(Provider) Class.forName(providerName).newInstance());
String strRefURI = "";
strRefURI = "#testID";
Transform trf = fac.newTransform(CanonicalizationMethod.EXCLUSIVE,(TransformParameterSpec)null);
Reference ref = fac.newReference (strRefURI, fac.newDigestMethod(DigestMethod.SHA1,null), Collections.singletonList(trf),null,null);
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,(C14NMethodParameterSpec)null),fac.newSignatureMethod(SignatureMethod.HMAC_SHA1, null),Collections.singletonList(ref));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(new FileInputStream("testSamlData.xml"));
NodeList nlWSSESecurity = doc.getElementsByTagName("wsse:Security");
String strKey = "asefasfsadfasdfsfasfdfsdasdfasdf";
ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte keyBytes[] = strKey.getBytes();
SecretKey sk = new SecretKeySpec(keyBytes,SignatureMethod.HMAC_SHA1);
XMLSignature signature = fac.newXMLSignature(si,null);
DOMSignContext dsc = new DOMSignContext (sk,nlWSSESecurity.item(0));
//DOMSignContext dsc = new DOMSignContext (sk,doc.getDocumentElement());
dsc.setDefaultNamespacePrefix("ds");
signature.sign(dsc);
OutputStream os;
boolean blFile = true;
if (blFile)
{
os = new FileOutputStream("testSamlDataSigned.xml");
System.out.println("Result is written out to File system");
}
else
{
os = System.out;
}
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(doc), new StreamResult(os));
}
}