Skip to Main Content
Forums

Java Security

Announcement

For appeals, questions and feedback about Oracle Forums, please email oracle-forums-moderators_us@oracle.com. Technical questions should be asked in the appropriate category. Thank you!

XML Digital Signature Problem

823199Apr 6 2011 — edited Apr 7 2011
I am using the javax.xml.crypto.dsig.XMLSignatureFactory to generate XML Signatures. Now when I try to validate the generated signature with java, the validation succeeds, however when I attempt the validation with .NET the validation fails.

Java adds a break line after the 76th character to produce separate lines. On the other hand .NET does not exhibit this behavior.

Please help...........

String inputXMLPath = "C:\\wessam\\GATS-CBE-20110404-0013.xml";
String outSignedPath = "C:\\efOut.xml";


XMLSignatureFactory factory =
XMLSignatureFactory.getInstance("DOM", (Provider)Class.forName("org.jcp.xml.dsig.internal.dom.XMLDSigRI").newInstance());


DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);


Document doc = dbf.newDocumentBuilder().parse(new File(inputXMLPath));

NodeList nl =
doc.getElementsByTagNameNS("http://cbe.gatsfile.efinance.com.eg",
"GATSFile");
Node node = nl.item(0);
XMLStructure content = new DOMStructure(node);


DigestMethod digestMethod =
factory.newDigestMethod(DigestMethod.SHA1, null);


Reference reference = factory.newReference("#GATSFile", digestMethod);
SignedInfo signedInfo =
factory.newSignedInfo(factory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,
(C14NMethodParameterSpec)null),
factory.newSignatureMethod(SignatureMethod.RSA_SHA1,
null),
Collections.singletonList(reference));


KeyInfoFactory kif = factory.getKeyInfoFactory();
X509Data x509d =
kif.newX509Data(Collections.singletonList(getCertificate()));
KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(x509d));

XMLObject obj =
factory.newXMLObject(Collections.singletonList(content),
"GATSFile", null, null);

DOMSignContext dsc = new DOMSignContext(getPrivateKey(), doc);

XMLSignature signature =
factory.newXMLSignature(signedInfo, keyInfo, Collections.singletonList(obj),
null, null);

signature.sign(dsc);
FileOutputStream fos = new FileOutputStream(outSignedPath);
TransformerFactory tf = TransformerFactory.newInstance();

Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(doc), new StreamResult(fos));
fos.close();
}
Comments
Locked Post
New comments cannot be posted to this locked post.
Post Details
Locked on May 5 2011
Added on Apr 6 2011
#other-security-apis-tools-and-issues
1 comment
1,078 views