Calculation XML signature value with timestamp

I know how to calculate a signature value based on the elment "SignedInfo" in a xml document.
The problem is when a timstamp is used, hash value is also added to the signedinfo, but the calculation of the signature value is not the signature of that element, there is an extra calculation with that timestamp. Does anyone know the algorythm with timestamp?

If you are trying to add a timestamp to your document, put it into a SignatureProperty and include the property for the signautre calculation; see here for an example: XML dsig: Can I sign a SignatureProperty of the Signature?
If you are trying to do something else, you need to elaborate.
Arshad Noor
StrongAuth, Inc.

Similar Messages

Overwrite the system calculated VAT - Condition Value with Inbound VAT Amou

Hello experts:
We have a following requirement in my customer for Inbound VAT Processing.
We want to overwrite the system calculated VAT - Condition Value with Inbound VAT Amount
Details :
Aggregated sales Idoc ( WPUUMS01) is used here for posting the daily sale.
Inbound pricing procedure is ZPOS00 ( copy of POS000)
VAT is maintained with condition Type ZMWS. Using Tax Codes
When idoc get posted system calculates the ZMWS and working fine.
However we would like to overwrite this condition value with inbound condition value (from segment 5 of WPUUMS)
Example :
For Article A : inbound aggregated sales Amount= 100 INR and ZMWS is 10%( VAT code B1)
Then system will calculate 90 INR revenue and 10 INR as VAT
However due to rounding in POS system we may get from POS the VAT Amount =9.99 for example.
Tisak wants to overwrite the condition value 10 INR with 9.99 INR.
I will appreciate if anybody can suggest some approach or share experience if came across the same scenario (Tax condition type).
Thanks and regards,

Hi,
Either you can use rounding in POS such that it round up for 9.99 to 10.
And then in SAP pricing procedure you can use alternate calculation type as 16 or 17 (17 should be used with decimal point assigned to currency for rounding like 2 decimal for INR).
doing this will also round the figure from 9.99 to 10 is SAP.
Hope this solves your query.
Regards,
Ashutosh

Formating and calculating xml tag value

I have an xml file that holds xml tag such as <weight>.55 kg</weight>
I want to have two outputs:
Output 1) Output to print: 0.55
Output 2) Output to print 0.8 of the xml tag value (0.55 * 0.8) : 0.44
I was able to get the Output 1) by using <?format-number:weight;'9G990D00'?>
However, I can not get the Output2) as expected.
If I put <?format-number:(weight)*0.8;'9G990D00'?>,
I get the error message "Caused by: oracle.xdo.parser.v2.XPathException: Cannot convert .55 kg to number."
Appreciate any help on how to solution for Output2)
Edited by: user4697912 on Jun 22, 2010 1:23 AM
Edited by: user4697912 on Jun 22, 2010 1:23 AM

If that is the case then try using
<?format-number:( substring-before(WEIGHT,'kg')*0.8);'9G990D00'?>

How to assign to variable from XML type values with extract function?

Hi ,
I have XMLTYPE variable LeXml having below record
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/">
<soap:Body>
<AddListing xmlns="http://www.christielites.com/">
<sComCode>string</sComCode>
<sLocCode>string</sLocCode>
<dStart>dateTime</dStart>
<dEnd>dateTime</dEnd>
<sEcode>string</sEcode>
<iAvail>int</iAvail>
<iOwned>int</iOwned>
<sPostTrans>string</sPostTrans>
</AddListing>
</soap:Body>
</soap:Envelope>
I want to get sEcode value string into one varialbe using extract function or alternate?
can any one give me syntax fro it?
I tried with Mstring:=LeXml.extract('AddListing/scomcode/text()').getStringval(); but iam getting error
ERROR at line 1:
ORA-31011: XML parsing failed
ORA-19202: Error occurred in XML processing
LPX-00601: Invalid token in: 'soap:Envelope/text()'
ORA-06512: at "SYS.XMLTYPE", line 111
ORA-06512: at "BLUEWATER.CREATELERESPONSELOG", line 12
ORA-06512: at line 1
Please guide Me..

Hi Ravi kumar,
I have similar type of problem like above . My xml file is like below:
<doSingleRecordResponse xmlns="urn:mdWebService">
<doSingleRecordResult xsi:type="ResponseRecord" id="1" version="2.30" action="Response" timeout="10" timestamp="12-17-2009" transmissionReference="ABCDEF" TimeToProcess="31.25" xmlns:xsi="http://www
.w3.org/2001/XMLSchema-instance">
<CustomerCredentials>
<CustomerID>111111</CustomerID>
</CustomerCredentials>
<ServiceResult>
<ErrorCode> </ErrorCode>
<ErrorDesc>OK;</ErrorDesc>
</ServiceResult>
<Address version="2.30">
<Faults count="0"/>
<Result>
<ErrorCode> </ErrorCode>
<ErrorDesc>OK</ErrorDesc>
<StatusCode>9</StatusCode>
<StatusD
esc>(U.S.) The address was fully coded.</StatusDesc>
</Result>
<Company/>
<Urbanization>
<Name/>
<Code/>
</Urbanization>
<Type>
<String>Highrise</String>
<Code>H</Code>
</Type>
<Street>XXXXXXXXXXXXX</Street>
<Street2/>
<Suite/>
<PrivateMailBox/>
<CarrierRoute>C048</CarrierRoute>
<Lacs> </Lacs>
<LacsLink>
<LacsStatusCode/>
<LacsReturnCode/>
</LacsLink>
<DeliveryPointCode>99</DeliveryPointCode>
<DeliveryPointCheckDigit>6</DeliveryPointCheckDigit>
<DPV>
<Footnotes/>
<CMRA/>
<AddressStatus/>
</DPV>
<DeliveryIndicator>
<Code/>
</DeliveryIndicator>
<City>
<Name>String</Na
me>
<Abbreviation>Memphis</Abbreviation>
</City>
<County>
<Name>String</Name>
<Fips>41111</Fips>
</County>
<State>
<Name>Tennessee</Name>
<Abbreviation>TN</Abbreviation>
</State>
<Zip>
<Type> </Type>
<Zip5>38111</Zip5>
<Plus4>1111</Plus4>
</Zip>
<GeoCode>
<Latitude/>
<Longitude/>
</GeoCode>
<TimeZone>
<Name/>
<Code/>
</TimeZone>
<Msa>
<Code/>
</Msa>
<Pmsa>
<Code/>
</Pmsa>
<Census>
<Block/>
<Tract/>
</Census>
<CongressionalDistrict>
<Code/>
</CongressionalDistrict>
<Parsed>
<StreetName/>
<AddressRange/>
<Suffix/>
<Direction>
<Post/>
<Pre/>
</Direction>
<Suite>
<Name/>
<Range/>
</Suite>
<PrivateMailBox>
<Name/>
<Range/>
</PrivateMailBox>
<Garbage/>
</Parsed>
<Country>
<Abbreviation>US</Abbreviation>
<Name>United St
ates of America</Name>
</Country>
</Address>
<Telephone version="" action="">
<Result>
<ErrorCode/>
<ErrorDesc/>
<StatusCode/>
<StatusDesc/>
</Result>
<Number/>
<PhoneAreaCode/>
<NewAreaCode/>
<Prefix/>
<Suffix/>
<Extension/>
<City>
<Name/>
</City>
<State>
<Name/>
<Abbreviation/>
</State>
<GeoCode>
<Latitude/>
<Longitude/>
</GeoCode>
<TimeZone>
<Name/>
<Code/>
</TimeZone>
<Msa>
<Code/>
</Msa>
<Pmsa>
<Code/>
</Pmsa>
<County>
<Name/>
<Fips/>
</County>
<Country>
<Abbreviation/>
<Name/>
</Country>
</Telephone>
<Name version="" action="">
<Result>
<ErrorCode/>
<ErrorDesc/>
<StatusCode/>
<StatusDesc/>
</Result>
<Company/>
<Prefix/>
<Suffix/>
<Full/>
<First/>
<Middle/>
<Last/>
<Gender/>
</Name>
</doSingleRecordResult>
</doSingleRecordResponse>
This is the response i got from a webservice , from this i need to extract customer id .
I tried like this :
response := UTL_DBWS.invoke ( l_call,request);
if RESPONSE.extract('/doSingleRecordResponse/doSingleRecordResult/CustomerCredentials/CustomerID/text()','xmlns:xsi="http://www
.w3.org/2001/XMLSchema-instance" xmlns="urn:mdWebService"') is not NULL
then
errorcode :=RESPONSE.extract('/doSingleRecordResponse/doSingleRecordResult/CustomerCredentials/CustomerID/text()','xmlns:xsi="http://www
.w3.org/2001/XMLSchema-instance" xmlns="urn:mdWebService"').getStringVal;
end if;
I am getting null value into errorcode,
Can youplease let me know what i am doing wrong?
Thanks

MTOM combined with WS-Security (XML signature)

I'm testing the support of MTOM together with WS-Security (XML-DSIG) on OEG. When verifying the XML signature I noticed I had to add the "Insert MTOM attachments"-filter first. Is this the right way? Shouldn't the signature verification do this transparently?
My other question is how OEG handles the attachments? Does it page them to disk? What happens if my attachments are very large? With the default setup of OEG I encountered out-of-memory issues with attachments above 200MB
Edited by: wsalembi on Sep 22, 2011 12:45 AM

If you just sign the <xop:Include> element, you are effectively only signing the reference to the attachment, i.e. the value of the href attribute. This will only prevent someone changing the href to point to a different attachment.
If you in-line the base64 encoded contents of the attachment into the XML message and only sign the base64 encoded string, you are only preventing anyone from changing the contents of the attachment.
You are not stopping somebody from changing what the <xop:Include> href attribute points to.
So I think there is value in signing BOTH the contents AND the <xop:Include> element so that:
- The integrity of the contents of the attachment is ensured, and
- The integrity of the reference to the attachment in the <xop:Include> element is ensured.
Interestingly, the XOP spec acknowledges this issue in Section 6.1:
http://www.w3.org/TR/xop10/#package_integrity
6.1 XOP Package Integrity
The integrity of Infosets optimized using XOP may need to be ensured. As XOP packages can be transformed to recover such Infosets (see 3.2 Interpreting XOP Packages), existing XML Digital Signature techniques can be used to protect them. Note, however, that a signature over the Infoset does not necessarily protect against modifications of other aspects of the XOP packaging; for example, an Infoset signature check might not protect against re-ordering of non-root parts.
In the future a transform algorithm for use with XML Signature could provide a more efficient processing model where the raw octets are digested directly.
In OEG, it would be possible to use 2 XML Signature Validation filters with an Insert MTOM Attachment filter to validate both signatures.
The flow in the policy would be as follows:
1. 1st XML Signature Filter :- Validate the Signature over the <xop:Include> element
2. Insert MTOM Attachment Filter :- Inline the base64 encoded contents of the attachment
3. 2nd XML Signature Filter :- Validate the Signature over the element now containing the in-lined base64 encoded data.
This policy would ensure the integrity of the attachment contents AND the reference to this attachment in the <xop:Include> element.

Web Service Security with SAML - Invalid XML signature

Hello together,
we want to build a scenario where we want to use Web Service Security with SAML.
The scenario will be
WS Client (Java Application) -> WS Adapter -> Integration Engine -> WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
SAP PI release is 7.11 (SP Level 4)
We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
But we get following error at calling the CRM system when we want to communicate with SAML:
<E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
Has somebody an idea of the possible reason for the error.
Thanks in advance
Stefan

Error Messages in the Trace/Log Viewer:
CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48 with internal error id 1001 and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1 ).
Invalid XML signature

I would like to know how i can create a bell graph with out using sub VIs, the data that i created consists in 500 readings with values of 0 to 100, i calculated the mean value and standard diviation. I hope some one can help me

I would like to know how i can create a bell graph with out using sub VIs, the data that i created consists in 500 readings with values of 0 to 100, i calculated the mean value and standard diviation. I hope some one can help me

Here's a quick example I threw together that generates a sort-of-bell-curve shaped data distribution, then performs the binning and plotting.
-Kevin P.
Message Edited by Kevin Price on 12-01-2006 02:42 PM
Attachments:
Binning example.vi ‏51 KB
Binning example.png ‏12 KB

Problem with XML signature

Can anybody tell me how to generate an xml signature
with the base 64 transform(Transform.BASE64)?
I just can't find any documentation on the web.
It would be great to provide a small code exemple.
Thanks
Antoine

Thanks for the reply.
I'm applying appropriate namespaces to the generated xml string. Could it be the probelem?
this is how the generated xml looks in final stage, I mean after I'm doing some rework on the generated xml.
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#PAYMENTS"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>IXgHx5ioixsJ13jyg767D8UCU9s=</DigestValue></Reference></SignedInfo><SignatureValue>DO+Fngf3h0Q5iDoMq2mZFL+bxL3vY1i1fyqzBbKRPhHlzqWrW2wP3SFHjVzPLXdj92W8hMx9I8Jq
QBV/D+pUKa32aZB7kPwOGZqR63X+d6Hca58jnTK7+zq8Fzi2DPlE+omQhgT3xeXp/lQpKI8vAgVT
eX+eylRYTAZDSfDw7qk=</SignatureValue><Object Id="PAYMENTS"><PAYMENTS xmlns=""><Payment><PaymentIdA></PaymentIdA><PaymentIdB>aa</PaymentIdB><SrcBank>bb</SrcBank><SrcAccount>cc</SrcAccount><PayerId>dd</PayerId><PayerName>Dato</PayerName><TaxPayerId>00022023</TaxPayerId><TaxPayerName></TaxPayerName><ReceiverName>mof</ReceiverName><AdditinalInfo>racxa</AdditinalInfo><Amount>521</Amount><TreasuryCode>hello</TreasuryCode><PaymentTime>hi</PaymentTime><PaymentChannel>ib</PaymentChannel></Payment></PAYMENTS></Object></Signature>

Change a attribute value with XSLT before importing an XML

I need change the attribute value with XSLT before importing an XML
<table class="x" style="width="50pt">...
I have to divide by 200 the value of "width", and the result multiplied by 100:
(50/200) * 100
It's possible with a XLST?

Hi,
Yes you can do this via XSLT.
You can try similar to the one below:
<table>
   <xsl:attribute name="width">
     <xsl:value-of select="((./width) div 200)*(100)" />
   </xsl:attribute>
</table>
I have not tested yet... Try it....
Green4ever
(I am back after long time)....

Signature Schemas/Status values with Signature schemas need to be locked?

I am tying to assign a signature schema to multiple values in a single status schema. If I assign a signature schema to a status it automaticaly locks the document into that status so that no further changes to status can be made. I need to have a signature schema assigned to mutliple status values in the same status schema so I cant have A approved be locked because I still need the document to be B approved as well.
Does anyone know how I can adjust the setting so the status values with sig. schemas attached will not automatically be locked.
Status Schema:
Not Started
A Approved X signature schema
B Approved y signature schema

Hello James,
this is not possible. As I do not quite understand why you want to set up your status schema like that, it is difficult to propose another solution.
If you want to stay with the schema you have mentioned, you will have to unlock a document which has been approved by A on the attribute dialog and set the new status "B Approved" there. But this means that the person who is doing that has to sign the document as first signee of the second signature process.
Best regards
Jürgen

XML Signature with Barcoded Form

I have a form that has a number of fields that need to be filled out. When this is complete, the user should digitally sign (with a certificate) the form. However, due to legal requirements, the form must then be printed and mailed back to the organization. Is it possible to encode the signature data within the barcode (PDF417) so it can be validated?

After finding the sign function and playing around with the resulting XML Signature, I've found it's just too much data to put in a barcode, even a 2D one.

How to insert date with timestamp into table values

hi,
I have a table
create table abc1(dob date);
insert into abc1 values (to_date(sysdate,'RRRR/MM/DD HH24:MI:SS'))
but when i see in data base it shows as normal date without time stamp.
Is it possible to insert into back end with timestamp.
Thanks..

First, SYSDATE is a DATE already, no need to convert it to a DATE using the TO_DATE() function.
The date ALWAYS has a time component, whether or not it is displayed is up to your NLS settings. for example:
SQL> CREATE TABLE ABC1(DOB DATE);
Table created.
SQL> ALTER SESSION SET NLS_DATE_FORMAT='MM/DD/YYYY';
Session altered.
SQL> INSERT INTO ABC1 VALUES(SYSDATE);
1 row created.
SQL> SELECT * FROM ABC1;
DOB
02/04/2010
SQL> ALTER SESSION SET NLS_DATE_FORMAT='MM/DD/YYYY HH24:MI:SS';
Session altered.
SQL> SELECT * FROM ABC1;
DOB
02/04/2010 12:54:57
SQL> DROP TABLE ABC1;
Table dropped.

Problem verifying xml signature

We have a problem with verifying XML Signatures which are part of a SOAP message. Thanks a lot for helping! Hope my problem is understandable - otherwise ask.
We use the following enviroment:
Java6
Axis 2 V1.2 with XML Beans
Step 1:
The Java 6 XML Signature is an enveloped signature over an element called payload with exclusive XML canonicalization. We sign the payload and send the payload including signature to the server. At first I discovered the following namespace problem.
DigesterOutputstream Create Signature:
FEINER: <Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp><Created>UNDO</Created></Timestamp></Payload>
DigesterOutput Verify Signature:
FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
31.10.2007 08:25:48 org.jcp.xml.dsig.internal.dom.DOMReference validate
FEIN: Expected digest: 71PfJ/xxn38TtQrpZOpRdqTZsBw=
31.10.2007 08:25:48 org.jcp.xml.dsig.internal.dom.DOMReference validate
FEIN: Actual digest: B1Qdei/0yW1mqR2T50LXKFfxhl0=
Soap request with payload:
<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header><TelematikHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><ConversationID /><ServiceLocalization><Type>VSD</Type><Provider>101575519</Provider></ServiceLocalization><MessageType><Component>VSD</Component><Operation>PerformUpdates</Operation></MessageType><RoleDataProcessor /></TelematikHeader><TransportHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><InterfaceVersion>0.0.24.3</InterfaceVersion></TransportHeader></soapenv:Header><soapenv:Body><TelematikExecute xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#c623c3be-529b-4d6d-8f1e-a4a29660f344"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>71PfJ/xxn38TtQrpZOpRdqTZsBw=</DigestValue></Reference></SignedInfo><SignatureValue>FuhOdrz9kHR0MeAUq9Rxkg6w++7foR77s9AYQUQxb8qPJ44Ba6By8R/H+CCn5JP5cPFz8/mGOgOD NGKLgZp66xbVSWe1UeehmZLH1a2kvHsx/VvYo3Lr5foHsl6YikUBMXCBdhI4ukKJTuwBOK/7m3lu 7Zl07SFo0zWL73gUTxc=</SignatureValue><KeyInfo><X509Data><X509SubjectName>CN=Harris Knafla,OU=IP,O=TK,ST=Hamburg,C=DE</X509SubjectName><X509Certificate>MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgT B0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIG A1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGlu ZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYD VQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBL bmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayv HO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2q xJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5 MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl MB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vai Zst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6f MqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupi vlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</X509Certificate></X509Data></KeyInfo></Signature></Payload></TelematikExecute></soapenv:Body></soapenv:Envelope>
The problem is the namespaces under the elements payload and timestamp. For verification the namespaces are inherited from parent element. I wonder why this happens - I thought this should not happen when using exclusive canonicalization, or?
Step 2:
Then I added the namespaces before creating the signature , e.g.
payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://ws.gematik.de/Schema/Telematik/Transport/V1");
for all attributes that are not part of the create signature log. Then the xml signature was verify successfully when I tested this against my own server. See log files:
DigesterOutputstream for create signature:
31.10.2007 11:16:00 org.jcp.xml.dsig.internal.DigesterOutputStream write
FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
DigesterOutputstream verify signature:
31.10.2007 11:19:00 org.jcp.xml.dsig.internal.DigesterOutputStream write
FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
The whole soap request:
<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-3596382">MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIGA1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGluZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBLbmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayvHO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2qxJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vaiZst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6fMqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupivlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-8331318"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#id-28000914"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>Q2LregRFO//cXlkcThu9Bx0jal4=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-10464309"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>BX651XEWk4u4pGgshQhocYxPkSo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-7651652"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>ezisLn/pGWNqMHbT6UlHyM4Ez64=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> Xl4SSEwrtyUnsqf8xOmfzojLLU18tOrikOhK+HRyqHqv0lPF+AqANLU6yygNdhbfI5qyef9BLr6I CmSPIX4QQR+Hq45l/Ewa+M2K1OOjqvBUGYyQqrKCqUFtsISr9xPudB8ZmaVfaUu5chjIvy/sPYYx TuYv2Ma6uEwek1YZpbE= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-1823783"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-17125267"><wsse:Reference URI="#CertId-3596382" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /></wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-7651652"><wsu:Created>2007-10-31T10:16:00.474Z</wsu:Created><wsu:Expires>2007-10-31T10:21:00.474Z</wsu:Expires></wsu:Timestamp></wsse:Security><TelematikHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-10464309"><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><ConversationID /><ServiceLocalization><Type>VSD</Type><Provider>101575519</Provider></ServiceLocalization><MessageType><Component>VSD</Component><Operation>PerformUpdates</Operation></MessageType><RoleDataProcessor /></TelematikHeader><TransportHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><InterfaceVersion>0.0.24.3</InterfaceVersion></TransportHeader></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-28000914"><TelematikExecute xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#c623c3be-529b-4d6d-8f1e-a4a29660f344"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>XHIiHK4NYczByvAJSZH8u3hSvuQ=</DigestValue></Reference></SignedInfo><SignatureValue>JQnTQJ1TidrMuWmSmpHE3ZR5M728A3tlvKjrM3GxFPuy5YOmmybxR0T7xe72WSdWsqvFT9QGE+iP GL5POuc3s8lLc1QGZRKhZvjHAKFldDNyxAMWRL7ZXmhpjsRXT3HethKWew3669SKjJFkZ1IYEnZz QrJOmgt1MMjWx99CgaQ=</SignatureValue><KeyInfo><X509Data><X509SubjectName>CN=Harris Knafla,OU=IP,O=TK,ST=Hamburg,C=DE</X509SubjectName><X509Certificate>MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgT B0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIG A1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGlu ZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYD VQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBL bmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayv HO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2q xJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5 MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl MB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vai Zst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6f MqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupi vlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</X509Certificate></X509Data></KeyInfo></Signature></Payload></TelematikExecute></soapenv:Body></soapenv:Envelope>
As you can see in the soap request on top of the xml signature there is a Webservice Security signature (WSSE) over three elements. This should be no problem altough WSSE adds the wsu:id attribute to the body element. WSSE was omitted in step 1 for simplicity.
I wonder that the attributes which have been set to the payloadElement are not part of the actual message. But it works!
Step 3:
The same request was sent to an external webservice server and the server reports a xml signature verification problem. I don't have any logs or further information. But I have to get this to work against this server.
Java Files for Create + Verify Signature. For Create I get a DOM Node from a XML Bean. For step 1 the attribute setting should be in comments. I use VerifySignature for step 1 + 2.
SignPayload.java:
package de.tk.signature;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.apache.xmlbeans.XmlObject;
import de.tk.schemaTools.TkSchemaHandler;
import de.tk.util.ClientProperties;
public class SignPayload {
     public static void signDocument(XmlObject telematikExecuteXmlObject, String payloadId) {
          try {
               // get Document
               org.w3c.dom.Node node = telematikExecuteXmlObject.getDomNode();
               Document documentTo = node.getOwnerDocument();
               XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
               Reference ref = fac.newReference("#"+payloadId, fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac
                         .newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
               // Create the SignedInfo.
               SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
                         Collections.singletonList(ref));
               KeyStore keyStore = KeyStore.getInstance("JKS");
               String keyStoreFilename = ClientProperties.getKeystorefile();
               FileInputStream keyStoreFile = new FileInputStream(keyStoreFilename);
               keyStore.load(keyStoreFile, "storePwd".toCharArray());
               keyStoreFile.close();
               KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("harris", new KeyStore.PasswordProtection("keyPwd".toCharArray()));
               X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
               // Create the KeyInfo containing the X509Data.
               KeyInfoFactory kif = fac.getKeyInfoFactory();
               List x509Content = new ArrayList();
               x509Content.add(cert.getSubjectX500Principal().getName());
               x509Content.add(cert);
               X509Data xd = kif.newX509Data(x509Content);
               KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
               Node payloadNode = new TkSchemaHandler().getNode(documentTo, "Payload");
               String prefix = payloadNode.getPrefix();
               NamedNodeMap nameNodeMap = payloadNode.getAttributes();
               // String baseUri = payloadNode.getBaseURI(); not implemented
               boolean attributes = payloadNode.hasAttributes();
               Element payloadElement = (Element) payloadNode;
               //xmlns is the prefix and first parameter the namespaceURI
               // xmlns existiert ohne WSSE, beim Create XMLOutputter ausgegeben
               payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://ws.gematik.de/Schema/Telematik/Transport/V1");
               // existiert ohne WSSE
               // bei Create nicht; aber bei Verify im DigestOutputter mit drin
               payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:soapenv", "http://schemas.xmlsoap.org/soap/envelope/");
               // existiert nur bei WSSE
               payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
               Node timestampNode = new TkSchemaHandler().getNode(documentTo, "Timestamp");
               Element timestampElement = (Element) timestampNode;
               // existiert ohne WSSE
               // beim Create Outputter angegeben sowie beim Verify
               timestampElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
               // existiert nur bei WSSE, war wohl nur notwendig da bei WSSE Signature auf falschen Timestamp zugegriffen worden ist.
               // Create a DOMSignContext and specify the RSA PrivateKey and
               // location of the resulting XMLSignature's parent element.
               DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(),payloadNode);
               // Create the XMLSignature, but don't sign it yet.
               XMLSignature signature = fac.newXMLSignature(si, ki);
               // DomInfo.visualize(document);
               SAXBuilderDemo2.print(documentTo);
               // Marshal, generate, and sign the enveloped signature.
               signature.sign(dsc);
          } catch (Exception exc) {
               throw new RuntimeException(exc.getMessage());
VerifySignature.java:
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
public class VerifySignature {
     * @param args
     public static void main(String[] args) {
          // TODO Auto-generated method stub
          try {
               String filename = args[0];
               System.out.println("Verify Document: " + filename);
               XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
               DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
               dbf.setNamespaceAware(true);
               Document doc = dbf
               .newDocumentBuilder()
               .parse(
                         new FileInputStream(filename));
//               Find Signature element.
//               NodeList nl =
//               doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
               Node node = TkSchemaHandler.getNode(doc,"/*[local-name()='Envelope' and namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/']/*[local-name()='Body' and namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/'][1]/*[local-name()='TelematikExecute' and namespace-uri()='http://ws.gematik.de/Schema/Telematik/Transport/V1'][1]/*[local-name()='Payload' and namespace-uri()='http://ws.gematik.de/Schema/Telematik/Transport/V1'][1]/*[local-name()='Signature' and namespace-uri()='http://www.w3.org/2000/09/xmldsig#'][1]");
               if (nl.getLength() == 0) {
               throw new Exception("Cannot find Signature element");
               Node node = nl.item(0); */
//               Create a DOMValidateContext and specify a KeySelector
//               and document context.
               DOMValidateContext valContext = new DOMValidateContext
               (new X509KeySelector(), node);
//               Unmarshal the XMLSignature.
               XMLSignature signature = fac.unmarshalXMLSignature(valContext);
//               Validate the XMLSignature.
               boolean coreValidity = signature.validate(valContext);
               // sample 6
//               Check core validation status.
               if (coreValidity == false) {
               System.err.println("Signature failed core validation");
               boolean sv = signature.getSignatureValue().validate(valContext);
               System.out.println("signature validation status: " + sv);
               if (sv == false) {
               // Check the validation status of each Reference.
               Iterator i = signature.getSignedInfo().getReferences().iterator();
               for (int j=0; i.hasNext(); j++) {
               boolean refValid = ((Reference) i.next()).validate(valContext);
               System.out.println("ref["+j+"] validity status: " + refValid);
               } else {
               System.out.println("OK! Signature passed core validation!");
          } catch (Exception exc) {
               exc.printStackTrace();
Questions:
1. Do I really have to set all the namespace attributes? I thought with exclusive xml this should not be necessary. Is there any other solution?
2. Do you think I got all the settings right in SignPayload.java?
Thanks a lot in advance.
Cheers !
Nils

It seems to be a bug with the JDK you are using. What is the JDK version you are using?

Get millisecond values from timestamp column in v$logmnr_contents

Hello
How do we get millisecond values from timestamp column in v$logmnr_contents.
I tried with following query.
select scn,To_Char(timestamp,'DD-MON-YYYY HH24:MI:SS:FF') from v$logmnr_contents WHERE OPERATION NOT IN('START') and username ='SCOTT' and sql_redo is not null and (seg_owner is null or seg_owner not in('SYS'));
it says ORA-01821: date format not recognized. I want to find the relation of scn with timestamp. In forums i found, scn is derived from timestamp value. I dont know its correct or not.
if i query with out FF in time format i get like
scn timestamp
808743 27-NOV-2007 00:12:53
808743 27-NOV-2007 00:12:53
808743 27-NOV-2007 00:12:53
808744 27-NOV-2007 00:12:53
808744 27-NOV-2007 00:12:53
808744 27-NOV-2007 00:12:53
if scn is derived from timestamp with milliseconds, each scn should be different right?More help please

May be there's an easy way solving your problem, I did it like that:
CREATE TABLE quota_test (test VARCHAR2(50))
INSERT INTO quota_test
VALUES ('update "SCOTT"."NEWTAB1" set a="34" and b="45"')
SELECT test normal, REPLACE(SUBSTR(test,INSTR(test,'"',1),INSTR(test,'.',1)+2),'"','') changed
FROM quota_test
Result is :
NORMAL
update "SCOTT"."NEWTAB1" set a="34" and b="45"
CHANGED
SCOTT.NEWTAB1
If you didn't understand, I can explain what I wrote

How to pass session variable value with GO URL to override session value

Hi Gurus,
We have below requirement.Please help us at the earliest.
How to pass session variable value with GO URL to override session value. ( It is not working after making changes to authentication xml file session init block creation as explained by oracle (Bug No14372679 : which they claim it is fixed in 1.7 version Ref No :Bug 14372679 : REQUEST VARIABLE NOT OVERRIDING SESSION VARIABLE RUNNING THRU A GO URL )
Please provide step by step solution.No vague answers.
I followed below steps mentioned.
RPD:
****-> Created a session variable called STATUS
-> Create Session Init block called Init_Status with SQL
select 'ACTIVE' from dual;
-> Assigned the session variable STATUS to Init block Init_Status
authenticationschemas.xml:
Added
<RequestVariable source="url" type="informational"
nameInSource="RE_CODE" biVariableName="NQ_SESSION.STATUS"/>
Report
Edit column "Contract Status" and added session variable as
VALUEOF(NQ_SESSION.STATUS)
URL:
http://localhost:9704/analytics/saw.dll?PortalGo&Action=prompt&path=%2Fshared%2FQAV%2FTest_Report_By%20Contract%20Status&RE_CODE='EXPIRED'
Issue:
When I run the URL above with parameter EXPIRED, the report still shows for ACTIVE only. The URL is not making any difference with report.
Report is picking the default value from RPD session variable init query.
could you please let me know if I am missing something.

Hi,
Check those links might help you.
Integrating Oracle OBIEE Content using GO URL
How to set session variables using url variables | OBIEE Blog
OBIEE 10G - How to set a request/session variable using the Saw Url (Go/Dashboard) | GerardNico.com (BI, OBIEE, O…
Thanks,
Satya

Calculation XML signature value with timestamp

Similar Messages

Maybe you are looking for