How to validate XML Digital Signature with XML DB (o PL/SQL) in Oracle 11g
Hi,
Do you know if there is possibility to validate XML Digital Signature using XML DB (or PL/SQL) in Oracle 11g?
Let say I have CLOB/XMLType containing Digitally Signed XML, and I want to validate, that thsi is proper signature. I also have public key of signer (I could store it in CLOB or file or Oracle wallet).
Is it possible to do?
If there is need to install additional component - then which one?
Regards,
Paweł
Hi,
this is what i got from someone...
but the links he gave are not opening up...
u have to place a picture there and have to load the digital signatures as Jpegs on to the server to OA top
and have to refer them in the XML for dynamically get the signature on the reports
when u select the properties of the picture placed in the XML template,
there will be one tab with "URL"... in that u have to give the path for that jpegs
Pls refer the following documents for enabling digital signature on pdf documents.
http://iasdocs.us.oracle.com/iasdl/bi_ee/doc/bi.1013/e12187/T421739T481159.htm#5013638 (refer section 'Adding or Designating a Field for Digital Signature'
http://iasdocs.us.oracle.com/iasdl/bi_ee/doc/bi.1013/e12188/T421739T475591.htm#5013688
(Implementing a Digital Signature
Is the BI Publisher installed on your instance of version 10.1.3.4 or higher?
Pls procure a digital signature as soon as possible. The process can take time. OR we could use any certificate that you already might have OR generate a certificate using Oracle Certificate Authority for demo.
Similar Messages
-
How to add a digital signature in xml publisher report
The problem is: There is a existing pick slip report.This is a xml publisher report and the data source is RDF. We have to add digital signature there. Now this signature is stored in a table with type Long Raw and format BMP. XML Publisher do not support Long Raw and BMP format. It supports BLOB and jpg format.
Could you please guide how to add this signature in the existing RDF with datatype as BLOB and format as jpg.
Please provide the steps with example.Hi,
Have a look at this thread.
Implementing electronic signatures on an existing AP check run
Re: Implementing electronic signatures on an existing AP check run
Regards,
Hussein -
Use XML Digital Signature(Apache XML security) with Applet
I have problem when I use xml-security-1_2_1 library from Apache with applet and access denied errors occur.
6 May 2005 10:06:45 org.apache.xml.security.Init init
SEVERE: Bad:
java.security.AccessControlException: access denied (java.util.PropertyPermission org.apache.xml.security.resource.config read)
bla bla....
How should I do ? Please! T_T and thank you ..An applet cannot read the local file system, connect to any other computer than the one
it came from or read properties it's not supposed to read. And I think it cannot write to any
property.
If you sign the applet or set up a policy for it the applet can do the same as an application
allthough the jre will still check the stack trace if the entire stack has the same privileges
as you signed applet.
http://forum.java.sun.com/thread.jsp?forum=63&thread=524815
second post and last post for the java class file -
Digital Signature in XML Report
Hi Friends,
In Oracle EBS R12, I have a custom XML report developed and running fine.
There is a requirement to add the feature of Digital Signature in the output of this report. Please help me with the detailed steps to achieve this.
PS: I have tried a few links from Google and Article notes from oracle support. But, no success.
If anyone has implemented this successfully, some hints would be of great help.
The XML report is form-16 of employees.
Regards,
GursangatDuplicate thread (please post only once).
How to add a digital signature in xml publisher report
How to add a digital signature in xml publisher report -
Java XML Digital Signature API, how to sign different files
Hello,
I need to sign several files: binary and/or xml (in some cases just part of xml), and to implement digitla signatures in xAdes standard. So I'm looking to use Java XML Digital signature API, but can't find any examples, that would cover issues I encountered:
How to sign binary file?
Just to sign some simple "aaa.png" file and have it's signature in XML. How in right way to create referece?
(should it be something like: Reference ref = fac.newReference("aaa.png", fac.newDigestMethod(DigestMethod.SHA1, null), null, null, null); )
And how to pass file for signing? what to add/change to this code:
Document doc = dbf.newDocumentBuilder().parse(new FileInputStream("aaa.png"));
DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
(I have only found some information about needing to "dereference" or so - but no examples, how to make things work.)
How to sing several different files?
As I wrote before, several files needs to be signed, but in all examples, it's only one Document object (and only one file), how/where to add more files and if API will be capable to deal with such thing?
In one of examples what I have to achive was such code:
<Reference URI="aaa.png" xmlns="http://www.w3.org/2000/09/xmldsig#">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>8rl/xzjAnE4yQQ2LTBvFTU2JH+c=</DigestValue>
</Reference>
If I do write code like: "fac.newReference("aaa.png", <...> );
I'll get an error during signing: signature.sign(dsc);
*"java.net.MalformedURLException: no protocol: aaa.png"*
How to avoid this?
Also, from exmaple (what to reach) above:
<Reference URI="aaa.png" xmlns="http://www.w3.org/2000/09/xmldsig#">
There is additional attribute "xmlns=<...>" - the question is if it is possible to add it by XMLSignatureFactory.newReference ?
Java API adds a lot of prefixes "ds:" , like:
<...>
<ds:Reference URI="file:/D:/try5/SignableMetadata0.xml">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</ds:Transforms>
<...>
Is it possible to avoid them?
Any help on any of these questions would be very appreciatedHi,
I would like to sign a specific part of a xml message [Only the contents under the <Buyer> tag]. I have also pasted the code which i used to do this. I am getting an output xml after the xml is signed, but when I validate the xml , the xml is valid even after I change the xml contents. Could you pls tell me what I am doing wrong here. I want to know whether the xpath implementation which I have done is correct.
<?xml version="1.0" encoding="UTF-8"?>
<PurchaseOrder>
<Item number="130046593231">
<Description>Video Game</Description>
<Price>10.29</Price>
</Item>
*<Buyer id="8492340">*
*<Name>My Name</Name>*
*<Address>*
*<Street>One Network Drive</Street>*
*<Town>Burlington</Town>*
*<State>MA</State>*
*<Country>United States</Country>*
*<PostalCode>01803</PostalCode>*
*</Address>*
*</Buyer>*</PurchaseOrder>
// The code which i have used to perform the xpath transformation.
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
XPathFilterParameterSpec xpathFilter = new XPathFilterParameterSpec("PurchaseOrder/Buyer");
javax.xml.crypto.dsig.Reference ref = fac.newReference
("", fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList
(fac.newTransform
(Transform.XPATH, xpathFilter)),
null, null);
SignedInfo si = fac.newSignedInfo
(fac.newCanonicalizationMethod
(CanonicalizationMethod.INCLUSIVE,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
Collections.singletonList(ref));
// Load the KeyStore and get the signing key and certificate.
KeyStore ks = KeyStore.getInstance("JKS");
char[] password = "changeme".toCharArray();
ks.load(new FileInputStream("c:\\KeyStore"), password);
KeyStore.PrivateKeyEntry keyEntry =
(KeyStore.PrivateKeyEntry) ks.getEntry
("EISKeys", new KeyStore.PasswordProtection(password));
X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
// System.out.println("X509Certificate:"+cert);
// Create the KeyInfo containing the X509Data.
KeyInfoFactory kif = fac.getKeyInfoFactory();
List x509Content = new ArrayList();
x509Content.add(cert.getSubjectX500Principal().getName());
x509Content.add(cert);
X509Data xd = kif.newX509Data(x509Content);
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
// Instantiate the document to be signed.
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse
(new FileInputStream("C:\\Life2012\\DigSign\\ACORD_Request.xml"));
NodeList rootChildList = doc.getDocumentElement().getChildNodes();
Node bodyNode = null;
for(int i=0;i<rootChildList.getLength();i++){
if("Buyer".equalsIgnoreCase(rootChildList.item(i).getLocalName())){
bodyNode = rootChildList.item(i);
System.out.println("Body Node is obtained"+bodyNode);
break;
// Create a DOMSignContext and specify the RSA PrivateKey and
// location of the resulting XMLSignature's parent element.
//DOMSignContext dsc = new DOMSignContext
// (keyEntry.getPrivateKey(), doc.getDocumentElement());
// Sign only the body node
DOMSignContext dsc = new DOMSignContext
(keyEntry.getPrivateKey(), bodyNode);
// Create the XMLSignature, but don't sign it yet.
XMLSignature signature = fac.newXMLSignature(si, ki);
// Marshal, generate, and sign the enveloped signature.
signature.sign(dsc); -
Implementing XAdES in Java XML Digital Signature API
Hi,
I've got some problems with implementing XAdES standard with Java XML Digital Signature API. Below is a code (SignatureTest1), that produces a digital signature with some XAdES tags placed in <ds:Object> tag. The signature is later validated with a Validator class. Everything works fine, until I set a XAdES namespace (SignatureTest1.xadesNS="http://uri.etsi.org/01903/v1.3.2#"). In this case validation of XAdES elements fails.
The reason of validation failture is a difference between arguments passed to a digest method when document is being signed and validated. When the document is being signed a log looks like this:
FINER: Pre-digested input:
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <SignedProperties xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SignP"></SignedProperties>
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference object uri = #SignP
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference digesting completed,but while validating:
FINER: Pre-digested input:
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <SignedProperties xmlns="http://uri.etsi.org/01903/v1.3.2#" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SignP"></SignedProperties>
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Expected digest: MAQ/vctdkyVHVzoQWnOnQdeBw8g=
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Actual digest: D7WajkF0U5t1GnVJqj9g1IntLQg=
2007-08-21 15:38:44 org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
FINE: Reference[#SignP] is valid: falseHow can I fix this?
Signer class:
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLObject;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NodeList;
import com.sun.org.apache.xml.internal.security.utils.IdResolver;
public class SignatureTest1 {
public static String xadesNS=null;//"http://uri.etsi.org/01903/v1.3.2#";
public static String signatureID="Sig1";
public static String signedPropID="SignP";
public static void main(String[] arg) {
try{
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
List<Reference> refs = new ArrayList<Reference>();
Reference ref1 = fac.newReference
("", fac.newDigestMethod(DigestMethod.SHA1, null),
Collections.singletonList
(fac.newTransform
(Transform.ENVELOPED, (TransformParameterSpec) null)),
null, null);
refs.add(ref1);
Reference ref2 = fac.newReference("#"+signedPropID,fac.newDigestMethod(DigestMethod.SHA1,null),null,"http://uri.etsi.org/01903/v1.3.2#SignedProperties",null);
refs.add(ref2);
SignedInfo si = fac.newSignedInfo
(fac.newCanonicalizationMethod
(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
(C14NMethodParameterSpec) null),
fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
refs);
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(kp.getPublic());
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc =
dbf.newDocumentBuilder().parse("purchaseOrder.xml");
DOMSignContext dsc = new DOMSignContext
(kp.getPrivate(), doc.getDocumentElement());
dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
Element QPElement = createElement(doc, "QualifyingProperties",null,xadesNS);
QPElement.setAttributeNS(null, "Target", signatureID);
Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
SPElement.setAttributeNS(null, "Id", signedPropID);
IdResolver.registerElementById(SPElement, signedPropID);
QPElement.appendChild(SPElement);
Element UPElement = createElement(doc, "UnsignedProperties", null,xadesNS);
QPElement.appendChild(UPElement);
DOMStructure qualifPropStruct = new DOMStructure(QPElement);
List<DOMStructure> xmlObj = new ArrayList<DOMStructure>();
xmlObj.add(qualifPropStruct);
XMLObject object = fac.newXMLObject(xmlObj,"QualifyingInfos",null,null);
List objects = Collections.singletonList(object);
XMLSignature signature = fac.newXMLSignature(si, ki,objects,signatureID,null);
signature.sign(dsc);
OutputStream os = new FileOutputStream("signedPurchaseOrder.xml");
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(doc), new StreamResult(os));
}catch(Exception e){
e.printStackTrace();
try{
Validator.main(null);
}catch(Exception e){
System.out.println("Validator exception");
e.printStackTrace();
public static Element createElement(Document doc, String tag,String prefix, String nsURI) {
String qName = prefix == null ? tag : prefix + ":" + tag;
return doc.createElementNS(nsURI, qName);
}Validator class:
import javax.xml.crypto.*;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dom.*;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.*;
import java.io.FileInputStream;
import java.security.*;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.xml.parsers.DocumentBuilderFactory;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
* This is a simple example of validating an XML
* Signature using the JSR 105 API. It assumes the key needed to
* validate the signature is contained in a KeyValue KeyInfo.
public class Validator {
// Synopsis: java Validate [document]
// where "document" is the name of a file containing the XML document
// to be validated.
public static void main(String[] args) throws Exception {
// Instantiate the document to be validated
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc =
dbf.newDocumentBuilder().parse(new FileInputStream("signedPurchaseOrder.xml"));
// Find Signature element
NodeList nl =
doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("Cannot find Signature element");
// Create a DOM XMLSignatureFactory that will be used to unmarshal the
// document containing the XMLSignature
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
// Create a DOMValidateContext and specify a KeyValue KeySelector
// and document context
DOMValidateContext valContext = new DOMValidateContext
(new KeyValueKeySelector(), nl.item(0));
// unmarshal the XMLSignature
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
// Validate the XMLSignature (generated above)
boolean coreValidity = signature.validate(valContext);
// Check core validation status
if (coreValidity == false) {
System.err.println("Signature failed core validation");
boolean sv = signature.getSignatureValue().validate(valContext);
System.out.println("signature validation status: " + sv);
// check the validation status of each Reference
Iterator i = signature.getSignedInfo().getReferences().iterator();
for (int j=0; i.hasNext(); j++) {
boolean refValid =
((Reference) i.next()).validate(valContext);
System.out.println("ref["+j+"] validity status: " + refValid);
} else {
System.out.println("Signature passed core validation");
* KeySelector which retrieves the public key out of the
* KeyValue element and returns it.
* NOTE: If the key algorithm doesn't match signature algorithm,
* then the public key will be ignored.
private static class KeyValueKeySelector extends KeySelector {
public KeySelectorResult select(KeyInfo keyInfo,
KeySelector.Purpose purpose,
AlgorithmMethod method,
XMLCryptoContext context)
throws KeySelectorException {
if (keyInfo == null) {
throw new KeySelectorException("Null KeyInfo object!");
SignatureMethod sm = (SignatureMethod) method;
List list = keyInfo.getContent();
for (int i = 0; i < list.size(); i++) {
XMLStructure xmlStructure = (XMLStructure) list.get(i);
if (xmlStructure instanceof KeyValue) {
PublicKey pk = null;
try {
pk = ((KeyValue)xmlStructure).getPublicKey();
} catch (KeyException ke) {
throw new KeySelectorException(ke);
// make sure algorithm is compatible with method
if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
return new SimpleKeySelectorResult(pk);
throw new KeySelectorException("No KeyValue element found!");
//@@@FIXME: this should also work for key types other than DSA/RSA
static boolean algEquals(String algURI, String algName) {
if (algName.equalsIgnoreCase("DSA") &&
algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)) {
return true;
} else if (algName.equalsIgnoreCase("RSA") &&
algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)) {
return true;
} else {
return false;
private static class SimpleKeySelectorResult implements KeySelectorResult {
private PublicKey pk;
SimpleKeySelectorResult(PublicKey pk) {
this.pk = pk;
public Key getKey() { return pk; }
}PurchaseOrder.xml
<?xml version="1.0" encoding="UTF-8"?>
<PurchaseOrder>
<Item number="130046593231">
<Description>Video Game</Description>
<Price>10.29</Price>
</Item>
<Buyer id="8492340">
<Name>My Name</Name>
<Address>
<Street>One Network Drive</Street>
<Town>Burlington</Town>
<State>MA</State>
<Country>United States</Country>
<PostalCode>01803</PostalCode>
</Address>
</Buyer>
</PurchaseOrder>signedPurchaseOrder.xml with XAdES namespace:
<?xml version="1.0" encoding="UTF-8" standalone="no"?><PurchaseOrder>
<Item number="130046593231">
<Description>Video Game</Description>
<Price>10.29</Price>
</Item>
<Buyer id="8492340">
<Name>My Name</Name>
<Address>
<Street>One Network Drive</Street>
<Town>Burlington</Town>
<State>MA</State>
<Country>United States</Country>
<PostalCode>01803</PostalCode>
</Address>
</Buyer>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Sig1"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/><ds:Reference URI=""><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>tVicGh6V+8cHbVYFIU91o5+L3OQ=</ds:DigestValue></ds:Reference><ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties" URI="#SignP"><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>MAQ/vctdkyVHVzoQWnOnQdeBw8g=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>lSgzfZCRIlgrgr6YpNOdB3XWdF9P9TEiXfkNoqUpAru/I7IiyiFWJg==</ds:SignatureValue><ds:KeyInfo><ds:KeyValue><ds:DSAKeyValue><ds:P>/KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0ImbzRMqzVDZkVG9
xD7nN1kuFw==</ds:P><ds:Q>li7dzDacuo67Jg7mtqEm2TRuOMU=</ds:Q><ds:G>Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMOHCBiNU0Nogps
QW5QvnlMpA==</ds:G><ds:Y>p48gU203NGPcs9UxEQQQzQ19KBtDRGfEs3BDt0cbCRJHMh3EoySpeqOnuTeKLXuFr96nzAPq4BEU
dNAc7XpDvQ==</ds:Y></ds:DSAKeyValue></ds:KeyValue></ds:KeyInfo><ds:Object Id="QualifyingInfos"><QualifyingProperties Target="Sig1" xmlns="http://uri.etsi.org/01903/v1.3.2#"><SignedProperties Id="SignP"/><UnsignedProperties/></QualifyingProperties></ds:Object></ds:Signature></PurchaseOrder>I believe the problem is that you are not explicitly adding the xades namespace
attribute to the SignedProperties element before generating the signature. Thus,
the namespace attribute is not visible when canonicalizing, but when you serialize the
DOM tree to an output stream, (for reasons I'm not entirely sure why), the namespace
attribute is visible and is added to the SignedProperties element, which breaks the
signature.
You must always explicitly add namespace attributes using the Element.setAttributeNS
method. Try changing the following code from:
Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
to:
Element SPElement = createElement(doc, "SignedProperties", null,xadesNS);
SPElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", xadesNS); -
XML digital signature universal validator
Hello,
I am looking into the xml digital signaturing and i have a few questions about this:
1.I wondered if anybody had any idea's for making a universal validator.
I made this validator that validates an example xml file. But i would like to hava a validator that works on all signed xml files.
2.Also in the jwsdp examples they create an enveloping signed file from scratch with a sample program. I think with some modifications it should be possible to have a program that does this for random xml files.
Just use an xml file as input, en get a signed xml file as output file.
I am looking for ppl with the same problems or solutions.
Idea's are welcome.Nevermind, the xml security suite of IBM takes care of that problem already :)
-
hello
Has anyone tried to use the xml digital signature api on an application deployed on appserver 8.2 bundled with stucio?
I am trying to,,but it seems i cannot work it out,.Here is what i do,,i ve built a sample application where when i clik a button the following code runs.I have imported the xmldsig.jar file i found on jwsdp-1.5 that includes the needed classes and i am using jdk 1.4.2.07.
I should mention that when i deploy the application on tomcat 4.1.31 everything works fine and the xml file is properly signed.But it never works on when i run it on appserver.for ANY help i would be grateful!!!!!!!!
the following code is on the click button action
ypografi ob2 =new ypografi();
boolean ok ;
ok = ob2.ypegrapse("C:/attach.xml");
the following code is the ypografi.java file
package dokimi;
import javax.xml.crypto.*;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dom.*;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.*;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.security.*;
import java.util.Collections;
import java.util.Iterator;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.*;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
public class ypografi {
/** Creates a new instance of ypografi */
public ypografi() {
public boolean ypegrapse(String nameoffile){
// Create a DOM XMLSignatureFactory that will be used to generate the
// enveloped signature
try {
String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",(Provider) Class.forName(providerName).newInstance());
// Create a Reference to the enveloped document (in this case we are
// signing the whole document, so a URI of "" signifies that) and
// also specify the SHA1 digest algorithm and the ENVELOPED Transform.
Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null),Collections.singletonList(fac.newTransform(Transform.ENVELOPED, null)),null, null);
// Create the SignedInfo
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, null),fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),Collections.singletonList(ref));
// Create a DSA KeyPair
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
kpg.initialize(512);
KeyPair kp = kpg.generateKeyPair();
// Create a KeyValue containing the DSA PublicKey that was generated
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(kp.getPublic());
// Create a KeyInfo and add the KeyValue to it
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
// Instantiate the document to be signed
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(new FileInputStream(nameoffile));
// Create a DOMSignContext and specify the DSA PrivateKey and
// location of the resulting XMLSignature's parent element
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc.getDocumentElement());
// Create the XMLSignature (but don't sign it yet)
XMLSignature signature = fac.newXMLSignature(si, ki);
// Marshal, generate (and sign) the enveloped signature
signature.sign(dsc);
// output the resulting document
OutputStream os;
os = new FileOutputStream(nameoffile);
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(doc), new StreamResult(os));
}catch(Exception e){
System.out.println(e);
return false;
return true;
}Something like this should work:
Text text = doc.createTextNode("testContent");
SignatureProperty sp = fac.newSignatureProperty
(Collections.singletonList(new DOMStructure(text)),
"#testTarget", "testID");
SignatureProperties sps = fac.newSignatureProperties
(Collections.singletonList(sp), null);
objs.add(fac.newXMLObject(Collections.singletonList(sps), null,
null, null)); -
XML Digital Signature and sun PKCS#11
Hi,
I am trying to use xmldsig/xmlsec from Java Web Services Developer's Pack to do signing of XML documents. My goal is to use the keys from the card via sunpkcs11 to perform this signature.
At this stage, i'm able to get the correct key from the card via sun pkcs 11 (J2SE 5) and able to sign some data with it.
However, when i try to sign a xml document via xmldsig, i get the error which i believe to occur while trying to read the private key from the card as a string, which results in a "not a byte[]" exception.
At this stage, are there any ways to configure the xmldsig/xmlsec to use the pkcs11 provider?
I understand that the current implementation of XML Digital signature is using apache XML libraries. Is the source code for the wsdp downloadable from SUN?
If not, will it be possible to make use of the open-source apache XML jars, set it up for pkcs11 and use it instead?
Finally, has anyone done what I'm trying to do? Will be glad to know
Thank u in advance,
LouisHello
Did you resolve yout problem, because i have the same when i try to sign message
String testData = "Hello World";
p11KeyStore = KeyStore.getInstance("PKCS11");
p11KeyStore.load(null, new char[] {'1', '2', '3', '4'});
sig = Signature.getInstance("SHA1withRSA");
sig.initSign( (PrivateKey) p11KeyStore.getKey(myAlias, null));
sig.update(testData.getBytes());
signatureBytes = sig.sign()
This code fails and i get java.lang.RuntimeException: Not a byte[]
at sun.security.pkcs11.wrapper.CK_ATTRIBUTE.getBigInteger(CK_ATTRIBUTE.java:168)
at sun.security.pkcs11.P11Key$P11RSAPrivateKey.fetchValues(P11Key.java:419) -
XML digital signature XAdES support
Are there any plans for supporting XaDES Advanced electronic signature as specified by ETSI TS 101-93?
It's a quite common format, and well acknowledged (for instance by italian and other EU countries regulations).
Should i file or vote an RFE?Charles_F wrote:
Hi.
I would appreciate any help regarding the topic.
I need to create xml digital signature of files that are located in the same directory,
let's say working directory (current directory) of application.
I only get in the Reference tag with URI
<Reference URI="file:/D:/projects/netbeans/CryptoHelpers/form.xml>
althought I'd like to achieve
<Reference URI="form.xml">To do that, just specify "form.xml" when creating the Reference and not the complete path. Change:
Reference refList = xmlSignatureFactory.newReference(
srcFile.toURI().toString(),
digestMethod);
referenceList.add(refList);to:
Reference refList = xmlSignatureFactory.newReference(
filePath, digestMethod);
referenceList.add(refList);Also, make sure your baseURI is set to the directory that the file is located in and ends with a trailing slash. Change:
signContext.setBaseURI("file:/");to
signContext.setBaseURI("file:/D:/projects/netbeans/CryptoHelpers/"); -
XML Digital Signature Canonicalisation Error.
Hi,
I am writing JAVA code to perform XML Digital Signature and Verification. I am using jwsdp-2.0 jar files xmldsig.jar and xmlsec.jar.
I am successfully able to sing the xml but still have few issues.
1. Canoniclisation on SignedInfo is not happening. API is signing the SignedInfo Element without performing Canonicalisation. I turned on debugging and it shows FINE: Canonicalized SignedInfo:error. Because its not able to perform Canonicalisation verification fails on other end.
fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,(C14NMethodParameterSpec)null) is the canonicalisation param I am passing to SI.
2. Not able to specify XPointer in URI string when creating Reference object. It works fine with, just id of element as reference, but not with xpointer.
Any help on these issue is greatly appreciated.
Thanks for your help.
Ajit Rathod
CODE :
============================================================
import javax.crypto.SecretKey;
import javax.crypto.spec.SecretKeySpec;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.spec.*;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.net.URLEncoder;
import java.security.*;
import java.util.Collections;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.*;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.NodeList;
public class GenEnveloped {
public static void main(String[] args) throws Exception {
String providerName = System.getProperty
("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",(Provider) Class.forName(providerName).newInstance());
String strRefURI = "";
strRefURI = "#testID";
Transform trf = fac.newTransform(CanonicalizationMethod.EXCLUSIVE,(TransformParameterSpec)null);
Reference ref = fac.newReference (strRefURI, fac.newDigestMethod(DigestMethod.SHA1,null), Collections.singletonList(trf),null,null);
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,(C14NMethodParameterSpec)null),fac.newSignatureMethod(SignatureMethod.HMAC_SHA1, null),Collections.singletonList(ref));
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(new FileInputStream("testSamlData.xml"));
NodeList nlWSSESecurity = doc.getElementsByTagName("wsse:Security");
String strKey = "asefasfsadfasdfsfasfdfsdasdfasdf";
ByteArrayOutputStream baos = new ByteArrayOutputStream();
byte keyBytes[] = strKey.getBytes();
SecretKey sk = new SecretKeySpec(keyBytes,SignatureMethod.HMAC_SHA1);
XMLSignature signature = fac.newXMLSignature(si,null);
DOMSignContext dsc = new DOMSignContext (sk,nlWSSESecurity.item(0));
//DOMSignContext dsc = new DOMSignContext (sk,doc.getDocumentElement());
dsc.setDefaultNamespacePrefix("ds");
signature.sign(dsc);
OutputStream os;
boolean blFile = true;
if (blFile)
os = new FileOutputStream("testSamlDataSigned.xml");
System.out.println("Result is written out to File system");
else
os = System.out;
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(doc), new StreamResult(os));
}Charles_F wrote:
Hi.
I would appreciate any help regarding the topic.
I need to create xml digital signature of files that are located in the same directory,
let's say working directory (current directory) of application.
I only get in the Reference tag with URI
<Reference URI="file:/D:/projects/netbeans/CryptoHelpers/form.xml>
althought I'd like to achieve
<Reference URI="form.xml">To do that, just specify "form.xml" when creating the Reference and not the complete path. Change:
Reference refList = xmlSignatureFactory.newReference(
srcFile.toURI().toString(),
digestMethod);
referenceList.add(refList);to:
Reference refList = xmlSignatureFactory.newReference(
filePath, digestMethod);
referenceList.add(refList);Also, make sure your baseURI is set to the directory that the file is located in and ends with a trailing slash. Change:
signContext.setBaseURI("file:/");to
signContext.setBaseURI("file:/D:/projects/netbeans/CryptoHelpers/"); -
I am using the javax.xml.crypto.dsig.XMLSignatureFactory to generate XML Signatures. Now when I try to validate the generated signature with java, the validation succeeds, however when I attempt the validation with .NET the validation fails.
Java adds a break line after the 76th character to produce separate lines. On the other hand .NET does not exhibit this behavior.
Please help...........
String inputXMLPath = "C:\\wessam\\GATS-CBE-20110404-0013.xml";
String outSignedPath = "C:\\efOut.xml";
XMLSignatureFactory factory =
XMLSignatureFactory.getInstance("DOM", (Provider)Class.forName("org.jcp.xml.dsig.internal.dom.XMLDSigRI").newInstance());
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(new File(inputXMLPath));
NodeList nl =
doc.getElementsByTagNameNS("http://cbe.gatsfile.efinance.com.eg",
"GATSFile");
Node node = nl.item(0);
XMLStructure content = new DOMStructure(node);
DigestMethod digestMethod =
factory.newDigestMethod(DigestMethod.SHA1, null);
Reference reference = factory.newReference("#GATSFile", digestMethod);
SignedInfo signedInfo =
factory.newSignedInfo(factory.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE,
(C14NMethodParameterSpec)null),
factory.newSignatureMethod(SignatureMethod.RSA_SHA1,
null),
Collections.singletonList(reference));
KeyInfoFactory kif = factory.getKeyInfoFactory();
X509Data x509d =
kif.newX509Data(Collections.singletonList(getCertificate()));
KeyInfo keyInfo = kif.newKeyInfo(Collections.singletonList(x509d));
XMLObject obj =
factory.newXMLObject(Collections.singletonList(content),
"GATSFile", null, null);
DOMSignContext dsc = new DOMSignContext(getPrivateKey(), doc);
XMLSignature signature =
factory.newXMLSignature(signedInfo, keyInfo, Collections.singletonList(obj),
null, null);
signature.sign(dsc);
FileOutputStream fos = new FileOutputStream(outSignedPath);
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
trans.transform(new DOMSource(doc), new StreamResult(fos));
fos.close();
}user13461536 wrote:
I am using the javax.xml.crypto.dsig.XMLSignatureFactory to generate XML Signatures. Now when I try to validate the generated signature with java, the validation succeeds, however when I attempt the validation with .NET the validation fails.
Java adds a break line after the 76th character to produce separate lines. On the other hand .NET does not exhibit this behavior.These line breaks should be properly normalized by a standards-compliant canonicalizer. However, if you are using JDK 7, try setting the following property which will eliminate the line breaks when you generate the signature:
java -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true ... -
I followed a procedure described in a book.
1. insert "Inventory.xml" file to a project "WpfXmlDataBinding" .
2. add the XML data source through the data panel of "blend for 2013", named it "InventoryXmlDataStore" and store it in the current document.
3. dragged and droppped the nodes from the Data panel onto the artboard.
Then I checked my Xaml file against the one provided by the book
Xaml file by the book:
<Window.Resources>
<!-- This part is missing in my xaml file --><XmlDataProvider x:Key="InventoryDataSource"
Source="\Inventory.xml"
d:IsDataSource="True"/>
<!-- This part is missing in my xaml file -->
<DataTemplate x:Key="ProductTemplate">
<StackPanel>
<TextBlock Text="{Binding XPath=@ProductID}"/>
<TextBlock Text="{Binding XPath=Cost}"/>
<TextBlock Text="{Binding XPath=Description}"/>
<CheckBox IsChecked="{Binding XPath=HotItem}"/>
<TextBlock Text="{Binding XPath=Name}"/>
</StackPanel>
</DataTemplate>
</Window.Resources>
<Grid>
<ListBox HorizontalAlignment="Left"
ItemTemplate="{DynamicResource ProductTemplate}"
ItemsSource="{Binding XPath=/Inventory/Product}"
Margin="89,65,0,77" Width="200"/>
</Grid>
my Xaml file:
<Window x:Class="WpfXmlDataBinding.MainWindow"
xmlns="http://schemas.microsoft.com/winfx/2006/xaml/presentation"
xmlns:x="http://schemas.microsoft.com/winfx/2006/xaml"
Title="MainWindow" Height="922" Width="874">
<Window.Resources>
<DataTemplate x:Key="ProductTemplate">
<StackPanel>
<TextBlock Text="{Binding XPath=@ProductID}"/>
<TextBlock Text="{Binding XPath=Cost}"/>
<TextBlock Text="{Binding XPath=Description}"/>
<CheckBox IsChecked="{Binding XPath=HotItem}"/>
<TextBlock Text="{Binding XPath=Name}"/>
</StackPanel>
</DataTemplate>
</Window.Resources>
<Grid DataContext="{Binding Source={StaticResource InventoryXmlDataStore}}">
<ListBox HorizontalAlignment="Left" Height="370"
ItemTemplate="{DynamicResource ProductTemplate}"
ItemsSource="{Binding XPath=/Inventory/Product}"
Margin="65,55,0,0" VerticalAlignment="Top" Width="270"/>
</Grid>
</Window>
All looks quite the same except the <XmlDataProvider ....> part under <Window.Resources>, which is gone completely in my Xaml file.
1, Why?
2, How many different ways to deal with xml data source through WPF?
Thanks, guys.
(ps My "WpfXmlDataBinding" runs without problem through.)Never do yourself down Richard.
Leave that to other people.
It's quite common for smart developers to think they're not as good as they are.
I coach a fair bit and it's a surprisingly common feeling.
And to repeat.
Never use anything ends .. provider. They're for trivial demo apps. Transform xml into objects and use them. Write it back as xml. Preferably, use a database.
You want to read a little mvvm theory first.
http://en.wikipedia.org/wiki/Model_View_ViewModel
Whatever you do, don't read Josh Smiths explanation. I used to recommend it but it confuses the heck out newbies. Leave that until later.
Laurent Bugnion did a great presentation at mix10. Unfortunately that doesn't seem to be working on the MS site, but I have a copy. Download and watch:
http://1drv.ms/1IYxl3z
I'm writing an article at the moment which is aimed at beginners.
http://social.technet.microsoft.com/wiki/contents/articles/30564.wpf-uneventful-mvvm.aspx
The sample is just a collection of techniques really.
I have a sample which involves no real data but is intended to illustrate some aspects of how viewmodels "do stuff" and how you use datatemplates to generate UI.
I can't remember if I recommended it previously to you:
https://gallery.technet.microsoft.com/WPF-Dialler-simulator-d782db17
And I have working samples which are aimed at illustrating line of business architecture. This is an incomplete step by step series but I think more than enough to chew on once you've done the previous stuff.
http://social.technet.microsoft.com/wiki/contents/articles/28209.wpf-entity-framework-mvvm-walk-through-1.aspx
The write up for step2 is work in progress.
https://gallery.technet.microsoft.com/WPF-Entity-Framework-MVVM-78cdc204
Hope that helps.
Recent Technet articles: Property List Editing;
Dynamic XAML -
How does the LiveCycle Digital Signatures work?
Hi,
I´m new working with liveCycle, and I would like to know how it works at technical level.
I have read documentation but I can not understand the procedure to generate the digital signature
I appreciate someone explain a bit about it or send a link to a page with detailed information.
Thank´s!Your question is pretty broad...
What are you trying to achieve with your workflow? For example, do you want to...
Generate Digital Certificates (self-signed or otherwise)
Have end users digitally sign PDF document or forms (with Acrobat Pro or Reader)
Have the PDF document or forms digitally signed on the server side
Validate the digital signature on the client
Validate the digital signature on the server side
I have attached a document that should help as well.
Regards
Steve -
Hi,
I'm developing a secure flex application in order to mantain user and password catalog, i need to create SSL Transport channel and a non-repudiation request mechanism. I already review that i could achieve first with HTTP Service for SSL and the second with XML Digital Signature but only i find java and .NET APIs for last. Is there an equivalent flex mechanism (or Action Script) to achieve XML Digital Signature?
Thanks in advance.Some time ago I was researching for this but never fallowed through it... I can only give some hints I've found during the process, hope they help:
http://code.google.com/p/as3crypto/ (this is a lib that handles a lot of encryption methods including public encryption)
http://www.adobe.com/devnet/air/flex/quickstart/xml_signatures.html (this article talks about what your are trying to achieve, but with Air)
HTH
Gus
Maybe you are looking for
-
I have Keynote and Numbers for my iPad and they will not update. Now it says they are waiting to update but never does and I can't even open them.
-
Unable to install PS CS3 in Windows 7 64bit
I have the 64bit version of Windows 7. I, apparently, successfully installed PS but when I click on the icon to open it I get the opening screen, but no splash screen and that's it. I finally get a message that PS is not responding. When I "X" ou
-
DB Structure Parent Table - Incident --> Child Table - IncidentCharges --> Child Table of IncidentCharges --> IncidentChargeWeapons Container Oracle Containers for JAVA(OC4J) We have a schema (Incident.xsd) which comprises of our entire database stru
-
Hello, has anybody a idea how to get the size of a existing web dynpro window? The API of IWDWindow only delivers methods for setting the size. Regards, Florian
-
I am running Windows 98 on a laptop. AFter downloading the drivers for LAbVIEW 5.x and trying to open the VI tree in LabVIEW 5.0, I obtain the error message for about three of the VIs. One of them is the initialization VI.