Hello,
I sign the following XML file using Apache.org XML Security (DigSig):
<?xml version='1.0' encoding='UTF-8'?>
<!DOCTYPE rdf:RDF [
<!ENTITY rdf 'http://www.w3.org/1999/02/22-rdf-syntax-ns#'>
<!ENTITY foo 'http://www.foo.net/metadata/foo#'>
<!ENTITY rdfs 'http://www.w3.org/2000/01/rdf-schema#'>
]>
<rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
xmlns:foo="&foo;"
xmlns:rdfs="&rdfs;">
<foo:metadata rdf:about="&foo;foo_metadata_Instance_0"
foo:fooID="1234OrgafooID"
rdfs:label="foo_metadata_Instance_0">
<foo:hasVersionInformation rdf:resource="&foo;foo_metadata_Instance_1"/>
<foo:hasAssociatedDocument rdf:resource="&foo;foo_metadata_Instance_10002"/>
<foo:hasData rdf:resource="&foo;foo_metadata_Instance_2"/>
</foo:metadata>
</rdf:RDF>
The signed XML file is as follows:
<rdf:RDF xmlns:foo="http://www.foo.net/metadata/foo#" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:rdfs="http://www.w3.org/2000/01/rdf-schema#">
<foo:metadata foo:fooID="1234OrgafooID" rdf:about="http://www.foo.net/metadata/foo#foo_metadata_Instance_0" rdfs:label="foo_metadata_Instance_0">
<foo:hasVersionInformation rdf:resource="http://www.foo.net/metadata/foo#foo_metadata_Instance_1"></foo:hasVersionInformation>
<foo:hasAssociatedDocument rdf:resource="http://www.foo.net/metadata/foo#foo_metadata_Instance_10002"></foo:hasAssociatedDocument>
<foo:hasData rdf:resource="http://www.foo.net/metadata/foo#foo_metadata_Instance_2"></foo:hasData>
</foo:metadata>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>kif1D...9U4c=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Nmlle...TbdU=
</ds:SignatureValue>
<ds:KeyInfo>
<ds:X509Data>
<ds:X509Certificate>
MIIGW...4I8Y=
</ds:X509Certificate>
</ds:X509Data>
</ds:KeyInfo>
</ds:Signature></rdf:RDF>
The code that I use to verify the signature is this:
org.apache.xml.security.Init.init();
javax.xml.parsers.DocumentBuilderFactory dbf =
javax.xml.parsers.DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
org.w3c.dom.Document doc = db.parse(XMLfilename);
Element root = doc.getDocumentElement();
NodeList xmlSigs = root.getElementsByTagName("Signature");
Element xmlSigElement = (Element)xmlSigs.item(0);
String baseURI = XMLfilename;
XMLSignature xmlSig = new XMLSignature(xmlSigElement, baseURI);
KeyInfo keyInfo = xmlSig.getKeyInfo();
X509Certificate cert = keyInfo.getX509Certificate();
boolean valid = xmlSig.checkSignatureValue(cert);
if (valid) { System.out.println("Signature is valid."); }
else { System.out.println("Signature is not valid."); }
Why do I get the following error? Why getElementsByTagName("Signature") cannot find node ds:Signature?
org.apache.xml.security.exceptions.XMLSecurityException: Cannot create an ElementProxy from a null argument
at org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
at org.apache.xml.security.utils.SignatureElementProxy.<init>(Unknown Source)
at org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
at com.mellon.security.xml.signature.XMLDoc.verifyEnveloped(XMLDoc.java:207) ...
xmlSigs.getLength() returns 0. I have tried to sign even simpler XML files without success. I followed the suggestion
posted in here: http://forum.java.sun.com/thread.jspa?forumID=34&threadID=541345 but it did not help.
I am stuck with this! Please help me.