File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Java in General and the fly likes Certificate Signature Validation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Java in General
Bookmark "Certificate Signature Validation" Watch "Certificate Signature Validation" New topic
Author

Certificate Signature Validation

Patrick McDonogh
Ranch Hand

Joined: Oct 13, 2005
Posts: 89
Hi all,

I was hoping someone may be able to shed some light on this problem. Sorry about there being so much text, i know its a pain.
I am trying to validate an enveloped xml digital signature.
The signature element is shown below:

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference>
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>4PUm1HQqYCBO734SQFmPJPRCFyM=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>Q+yEfnM5PA2punGmevuvLtwj4+XRsWeeiq7SJ9Ekd28NJ9jVtCa9oB3bU2aGl5wlX8HufH2GFJgg9o9OFFrSvRAPpgWKW4/+3aL06S9B7YT4MQP/7St2gL1v2+v4tmQ7CSvF+VTFVugIezewAQPKvhJaNLHD+njOD+60W9pK17U=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIID9DCCAtygAwIBAgIEQd28HjANBgkqhkiG9w0BAQUFADAyMQwwCgYDVQQKEwNuaHMxCzAJBgNVBAsTAkNBMRUwEwYDVQQDFAxOSVMyX1NVQkNBQ0MwHhcNMDUwNjAzMDg0OTM5WhcNMDcwNjAzMDkxOTM5WjBFMQwwCgYDVQQKDANuaHMxDzANBgNVBAsMBlBlb3BsZTEkMCIGA1UEAwwbNjY5ODEwODE5MDEzX2pvaG5fd2hpdGVzaWRlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCd56UQCtS3DFH7gy851azIEcPXwwqnhR1U7/a6xGqVjw+eKzBr2JW96loo6qDyCvhyokkYfteRP428e9euU11YdcOXQkqlRp7OpqAJSGdcgdMn5GCpKOU5eQVkvKq7eVXRBGoHfDbK5eakY3g51VorjVrRWK3UTNHLaJ9i265+cwIDAQABo4IBgTCCA X0wDgYDVR0PAQH/BAQDAgZAMCsGA1UdEAQkMCKADzIwMDUwNjAzMDg0OTM5WoEPMjAwNzA2MDMwOTE5MzlaMIGBBgNVHSABAf8EdzB1MHMGCyqGOgCJe2YAAwIAMGQwYgYIKwYBBQUHAgEWVmh0dHA6Ly9ud3cubnBmaXQubmhzLnVrL2luZm9ybWF0aW9uX2dvdmVybmFuY2UvY2VydGlmaWNhdGVfcG9saWNpZXMvY29udGVudF9jb21taXRtZW50MFQGA1UdHwRNMEswSaBHoEWkQzBBMQwwCgYDVQQKEwNuaHMxCzAJBgNVBAsTAkNBMRUwEwYDVQQDFAxOSVMyX1NVQkNBQ0MxDTALBgNVBAMTBENSTDYwHwYDVR0jBBgwFoAUf9nfwHnN3lyRuNDqm6KbL5rJrbswHQYDVR0OBBYEFJwcDZUFw6Ycp+tbiRfSNc9O8sGcMAkGA1UdEwQCMAAwGQYJKoZIhvZ9B0EABAwwChsEV jcuMQMCBLAwDQYJKoZIhvcNAQEFBQADggEBAER1g1MwPA6t+y2TJYKEx/fgGUSCCqaCoNvCPNTG32rr8Xcn6csMPn0YunxQe2QrOImRwgbNzgAA1mwggVXt7SpFyhSsAy8k3MdtFeypgbjRpuG5m9IWS9pqoztYnmUfgtsBoms5s4y4exGr68OsF1f2hum96bQ4Ee6De9kAnFJBfCHHNW2NqhdVZ/83VCe09iOYEuJAubGTsWkhMWvqrbsrjmVR7KakiMNkRTPQ4KaexX8coC7+AR/ijvoCMjBXS5vcIX60I2359M2gaQjGjA6bzcuq9y6/MlkAJYo3bbCvwJI4721eHml2X61IAm8nllO0iuRYNf+Vot6nOWhtHc4=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>

The code then takes this element and does the following.

NodeList nl = document.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0)
{
throw new Exception("Cannot find Signature element");
}
Node signatureNode = nl.item(0);

String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory fac =
XMLSignatureFactory.getInstance("DOM", (Provider) Class.forName(providerName).newInstance());

DOMValidateContext valContext = new DOMValidateContext(key, nl.item(0));

XMLSignature signature = fac.unmarshalXMLSignature(valContext);

boolean coreValidity = signature.validate(valContext);

When i check the core validity i get the following error(I am also not running a Junit test, this must be from somewhere else):

junit.framework.AssertionFailedError: javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.URIReferenceException: com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException: Could not find a resolver for URI null and Base null
at com.qxlva.nhs.hl7.helperclasses.DigitalSignatureValidationTest.testDigitalSignature(DigitalSignatureValidationTest.java:48)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at com.intellij.rt.execution.junit2.JUnitStarter.main(JUnitStarter.java:32)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
at com.intellij.rt.execution.application.AppMain.main(AppMain.java:90)

I would really appreciate any help on this as i just cannot understand why this is failing.
Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

That stack trace says that your main() method is calling an invoke() method
at line 90. The code you posted doesn't do that, so I would agree with you
that the error must be coming from somewhere else. I would go further and
suggest you look at line 90, which appears to be that somewhere else.
[ August 03, 2006: Message edited by: Paul Clapham ]
Patrick McDonogh
Ranch Hand

Joined: Oct 13, 2005
Posts: 89
Hi Paul,

Thanks for the reply.

The code throwing the error is actually in the java web service development pack. I think that i am not setting something befor calling the : boolean coreValidity = signature.validate(valContext); line.

Do you have an more ideas of where i could look.

Thanks patrick
 
Consider Paul's rocket mass heater.
 
subject: Certificate Signature Validation
 
Similar Threads
Unable to parse an xml string using builder.parse
Digital Signature Validation
Rampart alias name is null
Is this XML valid?
Validating XML Digital Signature with Certificate Chain