aspose file tools*
The moose likes Web Services and the fly likes Using XML Signatures from JWSDP with JDOM Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Spring in Action this week in the Spring forum!
JavaRanch » Java Forums » Java » Web Services
Bookmark "Using XML Signatures from JWSDP with JDOM " Watch "Using XML Signatures from JWSDP with JDOM " New topic
Author

Using XML Signatures from JWSDP with JDOM

Tony Lentzino
Greenhorn

Joined: Sep 08, 2006
Posts: 5
Hi,

I currently am using the JWSDP's XML-signature library to sign and validate XML documents. I am able to successfully do this if I build a DOM document object from an InputStream. However, I also need to support receiving JDOM documents and converting those to DOM to sign and validate, as this is what the signature library supports.

The problem is that anytime I convert from JDOM to DOM, my signatures do not validate. However, when the same signed XML is loaded directly from an InputStream to DOM it validates. This leads me to believe that the problem is being caused by the way I am converting from JDOM to DOM:



This code is usually the standard example of how to perform the conversion and relies on the 3rd party APIs, no custom converter, etc.

Has anyone else run into this problem or have other suggestions?

Thanks,

Tony
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12805
    
    5
receiving JDOM documents

There is no such thing as a JDOM document, JDOM parses and writes XML.
As you have discovered, XML signatures are very sensitive to the exact format.
If you want to treat the XML document with both DOM and JDOM, why not read the entire document into a String and parse it twice.
Bill
Tony Lentzino
Greenhorn

Joined: Sep 08, 2006
Posts: 5
Bill,

Yes, that is a possible approach. However, the problem is more that the rest of my application works in JDOM, so it will be modifying other parts of that XML document and then writing it back to a file eventually. So I can write it back to a file, however, I'm worried that it's making enough changes then that it will invalidate the signature.

In my brief testing so far, I can read in a document, parse it with JDOM, and output it, with no formatting, and read it back into a DOM object and successfully validate it. However, it's interesting that if I apply the pretty printing formatter to that JDOM output, it caused invalidation of the signature later. This confused me because I am using the XML-C14 canonicalization method to create and validate the signature. I'm under the impression that this standard creates logically equivalent docs. If all the pretty print formatter does is indent the text nicely, why is it affecting the signature? Shouldn't the canonicalization take care of this?

Perhaps my only course of action will be to keep the static, signed portion of my XML in it's own file and the dynamic portion elsewhere. However, this seems to partially defeat the whole purpose of the W3C standard.

My larger concern here is that if I can't even work between XML libraries in Java and get this to work, what's happening to others who are working with web services across languages and libraries?

Thanks for the help,

Tony
William Brogden
Author and all-around good cowpoke
Rancher

Joined: Mar 22, 2000
Posts: 12805
    
    5
what's happening to others who are working with web services across languages and libraries?


That is a really good point - interoperability issues keep coming up due to stuff like XML signatures, Java to .NET, etc. Here is a link to the Web Services Interoperability Technology open source project.

Bill
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Using XML Signatures from JWSDP with JDOM