This is my code to generate xml signature :
DOMSignContext dsc = new DOMSignContext
(prk, xmldoc.getDocumentElement());
XMLSignatureFactory fac =
XMLSignatureFactory.getInstance("DOM");
DigestMethod digestMethod =
fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null);
C14NMethodParameterSpec spec = null;
CanonicalizationMethod cm = fac.newCanonicalizationMethod(
"http://www.w3.org/2001/10/xml-exc-c14n#",spec);
SignatureMethod sm = fac.newSignatureMethod(
"http://www.w3.org/2000/09/xmldsig#rsa-sha1",null);
ArrayList transformList = new ArrayList();
TransformParameterSpec transformSpec = null;
Transform envTransform = fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature",transformSpec);
Transform exc14nTransform = fac.newTransform(
"http://www.w3.org/2001/10/xml-exc-c14n#",transformSpec);
transformList.add(exc14nTransform);
transformList.add(envTransform);
Reference ref = fac.newReference("",digestMethod,transformList,null,null);
ArrayList refList = new ArrayList();
refList.add(ref);
SignedInfo si =fac.newSignedInfo(cm,sm,refList);
This gives a reference validation as false and also core validity as false. But when I remove envTrasnform
variable i.e fac.new Transform("http://www.w3.org/2001/10/xml-exc-c14n#",transformSpec)
and execute with the following code :
DOMSignContext dsc = new DOMSignContext
(prk, xmldoc.getDocumentElement());
XMLSignatureFactory fac =
XMLSignatureFactory.getInstance("DOM");
DigestMethod digestMethod =
fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null);
C14NMethodParameterSpec spec = null;
CanonicalizationMethod cm = fac.newCanonicalizationMethod(
"http://www.w3.org/2001/10/xml-exc-c14n#",spec);
SignatureMethod sm = fac.newSignatureMethod(
"http://www.w3.org/2000/09/xmldsig#rsa-sha1",null);
ArrayList transformList = new ArrayList();
TransformParameterSpec transformSpec = null;
Transform envTransform = fac.newTransform(
"http://www.w3.org/2000/09/xmldsig#enveloped-signature",transformSpec);
transformList.add(envTransform);
Reference ref = fac.newReference("",digestMethod,transformList,null,null);
ArrayList refList = new ArrayList();
refList.add(ref);
SignedInfo si =fac.newSignedInfo(cm,sm,refList);
This gives the core validity and the reference validity as true. Why is this happening. I got this code form this link(code fragment 2 in creating enveloped signature section).
Actually the c14n transformation should be performed after the enveloped signature transform. It should be canonicalized after the extracting the document to be signed(the document currently contains the signature element as well. So it has to be separated before canonicalizing the actual part to be signed). The order should be this way :
transformList.add(envTransform);
transformList.add(exc14nTransform);
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With