• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Using XML Signatures from JWSDP with JDOM

 
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi,

I currently am using the JWSDP's XML-signature library to sign and validate XML documents. I am able to successfully do this if I build a DOM document object from an InputStream. However, I also need to support receiving JDOM documents and converting those to DOM to sign and validate, as this is what the signature library supports.

The problem is that anytime I convert from JDOM to DOM, my signatures do not validate. However, when the same signed XML is loaded directly from an InputStream to DOM it validates. This leads me to believe that the problem is being caused by the way I am converting from JDOM to DOM:



This code is usually the standard example of how to perform the conversion and relies on the 3rd party APIs, no custom converter, etc.

Has anyone else run into this problem or have other suggestions?

Thanks,

Tony
 
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

receiving JDOM documents


There is no such thing as a JDOM document, JDOM parses and writes XML.
As you have discovered, XML signatures are very sensitive to the exact format.
If you want to treat the XML document with both DOM and JDOM, why not read the entire document into a String and parse it twice.
Bill
 
Tony Lentzino
Greenhorn
Posts: 5
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Bill,

Yes, that is a possible approach. However, the problem is more that the rest of my application works in JDOM, so it will be modifying other parts of that XML document and then writing it back to a file eventually. So I can write it back to a file, however, I'm worried that it's making enough changes then that it will invalidate the signature.

In my brief testing so far, I can read in a document, parse it with JDOM, and output it, with no formatting, and read it back into a DOM object and successfully validate it. However, it's interesting that if I apply the pretty printing formatter to that JDOM output, it caused invalidation of the signature later. This confused me because I am using the XML-C14 canonicalization method to create and validate the signature. I'm under the impression that this standard creates logically equivalent docs. If all the pretty print formatter does is indent the text nicely, why is it affecting the signature? Shouldn't the canonicalization take care of this?

Perhaps my only course of action will be to keep the static, signed portion of my XML in it's own file and the dynamic portion elsewhere. However, this seems to partially defeat the whole purpose of the W3C standard.

My larger concern here is that if I can't even work between XML libraries in Java and get this to work, what's happening to others who are working with web services across languages and libraries?

Thanks for the help,

Tony
 
William Brogden
Author and all-around good cowpoke
Posts: 13078
6
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

what's happening to others who are working with web services across languages and libraries?



That is a really good point - interoperability issues keep coming up due to stuff like XML signatures, Java to .NET, etc. Here is a link to the Web Services Interoperability Technology open source project.

Bill
 
reply
    Bookmark Topic Watch Topic
  • New Topic