OSB: fn-bea:inlinedXML format my signed XML

Hello.
I'm trying to replace my output xml message with the same message, but digitally signed.
My proxy flow looks like:
1. Call to BS.
2. In response, take the output from BS and digitally sign it (Service callout to a signing service).
3. Take the output from that service (it returns the signed xml into a "CDATA" section).
4. Extract the xml (CDATA), and call to fn-bea:inlinedXML
5. Substitute the output message with the xml in point 4).
But "inlinedXML" seems to format the xml string (whitespace, line breaks,...), so the sign is no longer valid.
¿Can OSB convert from string to xml without formatting?.
Thanks.

Hello.
Does anyone knows how to tell OSB to stop formatting my XML?.
Thanks.

Similar Messages

Bea-inlinedxml + OSB 11.1.1.7

Hi-
Looks like bea-inlinedxml() is not working as expected on 11.1.1.7
I used to use bea-inlinedxml() to return a CDATA into a XML node but now OSB is returning it empty.
OSB 11.1.1.7 ChangeLog shows:
+13902323 - The bea-inlinedxml() function trims whitespace when parsing text to XML+
Assign Activity Produces an Empty Message Body if a New Line Character Exists
Bug: 16205232
Added: 07-March-2013
Platform: All
The resulting message body is empty if a proxy service processes an XML string with a newline character after the XML declaration (<?xml version="1.0" encoding="UTF-8"?>), the message flow includes an Assign activity that uses fn-bea:inlinedXML() to assign that XML string to a variable, and the message flow uses the variable to replace the contents of $body. This is related to issue 13902323, caused by the fn-bea:inlinedxml() function trimming whitespace when parsing text to XML.
Maybe this fix broke inlinedXML behavior??
Please help.

Hi,
We are also facing the same issue. Do we have any suggested patch from Oracle yet ?
In the mean time, we have worked around the issue by doing the following
<soap-env:Body>{fn-bea:inlinedXML($xmlParseResult)}</soap-env:Body>
regards.

Using fn-bea:inlinedXML and I have no result

Hello everyone:
I´m using with OEPE PS3 and testing a Proxy (with Biz, wsdl, xsd, and xquery etc).
I´m developing a proxy and into Message Flow , My Request Action is OK, but in Response Action I´m using a Replace action with values:
XPATH: +./executeResponse/executeReturn+
In variable: anyType1*
Expression: I map to xquery file --> PERSON_RESPONSE.xq,
I have one parameter (variable name) called: anyType1 and value: fn-bea:inlinedXML(data($anyType1/node()))
I have been a request and receive this:
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">+
+<soapenv:Body>+
+<executeResponse soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">+
+<executeReturn xsi:type="xsd:string"><![CDATA[<?xml version="1.0" encoding="UTF-8"?><person></person>]]></executeReturn>+
+</executeResponse>+
+</soapenv:Body>+
+</soapenv:Envelope>+
My PERSON_RESPONSE.xq is:
declare namespace ns1 = "http://www.domain.com/XSD/ABCD";
declare namespace ns3 = "http://www.domain.com/XSD/1234";
declare namespace ns0 = "http://www.domain.com/XSD/PERSONS";
declare namespace xf = "http://tempuri.org/PROJECT/XQUERY/XQ_DETAIL_PERSON_RESPONSE/";
declare namespace ns1 = "http://www.domain.com/XSD/ABCD";
declare namespace ns3 = "http://www.domain.com/XSD/1234";
declare namespace ns0 = "http://www.domain.com/XSD/PERSONS";
declare namespace xf = "http://tempuri.org/PROJECT/XQUERY/XQ_DETAIL_PERSON_RESPONSE/";
declare function xf:XQ_DETAIL_PERSON_RESPONSE($anyType1 as element(*))
as element(ns0:processDetailPersonResponse) {
<ns0:processDetailPersonResponse>
<ns0:bodyResponse>
<ns0:person>
<ns0:data>
<ns0:id>{ *$anyType1/ns3:person/ns3:data* }</ns0:id>
</ns0:data>
</ns0:person>
</ns0:bodyResponse>
</ns0:processDetailPersonResponse>
declare variable $anyType1 as element(*) external;
xf:XQ_DETAIL_PERSON_RESPONSE($anyType1)
Finally my result in Response Action is not correct, because my Xquery function not receive a correct value. I´m using from Replace Action:
fn-bea:inlinedXML(data($anyType1/node()))
Why? What is the problem,
Someone can give me any help, please ?
Thanks in advance

Hi
I am also facing the same problem.
for me default namespace is getttin added but not sure how to remove.
Following is the message we are getting in OSB to send
<Notification>
<Type>Data</Type>
<Channel>webservice</Channel>
<Security>NONSSL</Security>
<Message>
<type>Transfer</type>
<msg><![CDATA[<Transfer></Transfer>]]></msg>
</Message>
<Destination>XXXXXX</Destination>
<Priority>HIGH</Priority>
</Notification>>
Ideally what we are sending in our CDATA there should not be any change.
but when we are printing out body variable after inlinedxml() function.
its adding default namespace in Transfer tag.
<Body xmlns:soap-env="http://schemas.xmlsoap.org/soap/envelope/" xmlns="http://schemas.xmlsoap.org/soap/envelope/">
<Transfer xmlns=""></Transfer>
</Body>>
why OSB is putting xmlns="" in Transfer tag.
Edited by: abhishek on Sep 11, 2012 12:51 AM
Edited by: abhishek on Sep 11, 2012 1:03 AM

NullPointerException while sending signed XML via SOAP to Axis webservice

Hello,
I was wondering if it was possible to change the behavior of Apache XML Security libraries and delete "ds:" namespaces while digitally signing XML files.
We are trying to send signed XML to a local chilean IRS, as a part of an automatic autentication process. The steps to authenticate are quite straightforward and involve:
1. Obtain from webservice 1 a "seed", which is a random number representing temporal session opened
2. Sign this seed (in XML format) using our certificate
3. Send signed XML to another webservice 2, which should validate it and open a permanent session, returning a "token", which is an alphanumeric string
What happens is that steps 1 and 2 are completed without problems, while we cannot pass step 3. The webservice (as far I know mounted on Apache Axis) fails with ugly error "NullPointerException".
The IRS says that our signed XML, although valid, seems strange to them, as it contains those "ds:" added by Apache Xml Security libraries while signing the file.
So here comes the question: is it possible to obtain valid signed XML without those "ds:"? What other reasons may result in that NullPointerException error?
We use simple Java class and VeriSign certificate stored in Java keystore to sign XML files, and Apache Xml Security 1.2.0 jars.
For any clues that could help us thank you in advance.
Jack

Hi,
Few months ago we had also problems with "locked user" in XI, in our case XIAPPLUSER was sometimes (b)locked.
Perhaps note:
721548 Changing the passwords of the XI 3.0 service users
will help you.
We removed and entered the service users again, with the password in CAPITALS and language blank.
After that our problem was solved, I hope yours too.
Regards
Jack

Use Sign.xml and Encrypt.xml for both request AND response within WSDL?

Hi,
ALSB: 2.6
I was wandering if it's possible to use abstract outof the box WS-Policy file within WSDL file to specify encryption
(Encrypt.xml) and digital signature(Sign.xml) with X509 for both request and response???
So far, it only works for either request or response BUT not both. i.e. within WSDL file
.....
<wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
    <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
    <wsdl:operation name="Message">
            <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                          <wsdl:input>
                           
                         <wsp:Policy>
                                        <wsp:PolicyReference URI="policy:Sign.xml"/>
                                        <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                   </wsp:Policy>
                                 <soap:body use="literal" />
                           </wsdl:input>
                         <wsdl:output>
                              <soap:body use="literal" />
                           </wsdl:output>
    </wsdl:operation>
</wsdl:binding>
           Or

<wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
    <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
    <wsdl:operation name="Message">
            <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                          <wsdl:input>
                                 <soap:body use="literal" />
                           </wsdl:input>
                         <wsdl:output>
                                   
                                   <wsp:Policy>
                                        <wsp:PolicyReference URI="policy:Sign.xml"/>
                                        <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                   </wsp:Policy>
                              <soap:body use="literal" />
                           </wsdl:output>
    </wsdl:operation>
</wsdl:binding>
But not both

<wsdl:binding name="DexService2Soap" type="tns:DexService2Soap">
    <soap:binding transport="http://schemas.xmlsoap.org/soap/http" style="document" />
    <wsdl:operation name="Message">
            <soap:operation soapAction="urn:moe:dex:dexservice:2.0.0/Message" style="document" />
                          <wsdl:input>
                                    
                                   <wsp:Policy>
                                        <wsp:PolicyReference URI="policy:Sign.xml"/>
                                        <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                   </wsp:Policy>
                                 <soap:body use="literal" />
                           </wsdl:input>
                         <wsdl:output>
                                   
                                   <wsp:Policy>
                                        <wsp:PolicyReference URI="policy:Sign.xml"/>
                                        <wsp:PolicyReference URI="policy:Encrypt.xml"/>
                                   </wsp:Policy>
                              <soap:body use="literal" />
                           </wsdl:output>
    </wsdl:operation>
</wsdl:binding>
...      Instead, I got error message like
<15/01/2008 10:15:04 AM NZDT> <Error> <ALSB Security> <BEA-387023> <An error ocurred during web service security inbound response processing [error-code: Fault
, message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fdb, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: Message]
--- Error message:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault><faultcode>soapenv:Server</faultcode>
<faultstring>Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</faultstring></soapenv:Fa
ult></soapenv:Body></soapenv:Envelope>
weblogic.xml.crypto.wss.WSSecurityException: Failed to get token for tokenType: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#
X509v3
at weblogic.xml.crypto.wss.SecurityBuilderImpl.addEncryption(SecurityBuilderImpl.java:308)
at weblogic.wsee.security.wss.SecurityPolicyDriver.processConfidentiality(SecurityPolicyDriver.java:280)
at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:75)
at weblogic.wsee.security.wss.SecurityPolicyDriver.processOutbound(SecurityPolicyDriver.java:64)
at weblogic.wsee.security.WssServerHandler.processOutbound(WssServerHandler.java:86)
Truncated. see log file for complete stacktrace
>
<15/01/2008 10:15:24 AM NZDT> <Error> <com.bea.weblogic.kernel> <000000> <Failed to build CertPath
java.security.cert.CertPathBuilderException: [Security:090603]The certificate chain is invalid because it could not be completed. The trusted CAs did not inclu
de CN=x509,OU=x509,O=x509,L=Wellington,ST=Wellington,C=NZ.
at weblogic.security.providers.pk.WebLogicCertPathProviderRuntimeImpl$JDKCertPathBuilder.engineBuild(WebLogicCertPathProviderRuntimeImpl.java:669)
at java.security.cert.CertPathBuilder.build(CertPathBuilder.java:194)
at com.bea.common.security.internal.legacy.service.CertPathBuilderImpl$CertPathBuilderProviderImpl.build(CertPathBuilderImpl.java:67)
at com.bea.common.security.internal.service.CertPathBuilderServiceImpl.build(CertPathBuilderServiceImpl.java:86)
at jrockit.reflect.VirtualNativeMethodInvoker.invoke(Ljava.lang.Object;[Ljava.lang.Object;)Ljava.lang.Object;(Unknown Source)
        Truncated. see log file for complete stacktrace
>
<15/01/2008 10:15:24 AM NZDT> <Error> <ALSB Security> <BEA-387022> <An error ocurred during web service security inbound request processing [error-code: Fault,
message-id: 3917705281899426819-4368b1eb.117762cff6e.-7fd8, proxy: DexServiceX509-Stub/Proxy Services/DexServiceX509-ProxyService, operation: null]
--- Error message:
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header/><soapenv:Body><soapenv:Fault xmlns:wsse="http://docs.oasis-open.or
g/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd"><faultcode>wsse:InvalidSecurityToken</faultcode><faultstring>Security token failed to validate. weblo
gic.xml.crypto.wss.SecurityTokenValidateResult@3c5347b[status: false][msg [
Version: V1
Subject: CN=x509, OU=x509, O=x509, L=Wellington, ST=Wellington, C=NZ
Signature Algorithm: MD5withRSA, OID = 1.2.840.113549.1.1.4
Key: Sun RSA public key, 1024 bits
modulus: 13052787793731294943682394984664645854838424340012907077330623....
The 'System Error Handler' from 'Invocation Trace' in ALSB test console is something like
[pre]
$fault:
<con:fault xmlns:con="http://www.bea.com/wli/sb/context">
     <con:errorCode>BEA-386201</con:errorCode>
     <con:reason>
          A web service security fault
          occurred[{http://schemas.xmlsoap.org/soap/envelope/}Server][Failed
          to get token for tokenType:
          http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3]
     </con:reason>
     <con:details>
          <err:WebServiceSecurityFault
               xmlns:err="http://www.bea.com/wli/sb/errors">
               <err:faultcode
                    xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
                    soapenv:Server
               </err:faultcode>
               <err:faultstring>
                    Failed to get token for tokenType:
                    http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3
               </err:faultstring>
          </err:WebServiceSecurityFault>
     </con:details>
     <con:location>
          <con:path>response-pipeline</con:path>
     </con:location>
</con:fault>
So is this a feature not supported in ALSB 2.6 yet or am I missing something dead simple?
Thanks in advance
Sam

Instead of specifying policies for input and output separately you could place the policy reference only once in the operation element. Maybe will this solve your problem...
http://e-docs.bea.com/alsb/docs26/security/ws_policy.html#wp1061166

Signed XML in SOAP Adapter

Hello Experts,
I have a scenario with receiver SOAP adapter, I have used the security profile in the channel and receiver agreement i have selected sign and all rudimentary requirements..
But im unable to see the signed payload in the CC monitoring..it should be in the format
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd">
<wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="................</wsse:BinarySecurityToken>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<ds:Reference URI="#id-24819136">
<ds:Transforms>
<ds:Transform Algorithm=...........
Im not able to see it in the SOAP adapter...have i missed something in the config...I have generated the cert in visual admin and given the correct values too in the channel and recv agreement.
Can ne one elucidate on this please...
How can i view the signed xml coming from the SOAP adapter?
Regards,
Farooq
Edited by: Farooq Hussain on Nov 12, 2008 7:46 PM

Hi Farooq
You have generated certificates? this will encrypt complete xml while sending. for that you need to set procedure as Encrypt this is what my understanding in this.
XML Signature
https://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/55814003-0b01-0010-1ca2-c683a191ebfc
Did you have checked with this
Using Digital Signatures in XI
it doesn't talk about generating the certificate and encrypting complete message but it actually encrypt complete message when you generate certificate.
How XML Encryption can be done using web services security in SAP NetWeaver XI
This also speaks similar. I am not able to get the link .. try search for "Ensure the Confidentiality of Your SOAP Message Content" to understand more on this
Thanks
Gaurav

Fn-bea:inlinedXML

Hi. I'm having problems trying to convert a string to a XML document in order to validate it.
This is my XML document:
<soa:execute xmlns:soa="http://com/accenture/tim/soa">
<soa:data><![CDATA[
<?xml version='1.0' encoding='UTF-8'?>
<customer>
<name>customer name</name>
</customer>
]]>
</soa:data>
</soa:execute>
That is actually inside a SOAP Body and I'm trying to use the following XPath
fn-bea:inlinedXML($body/soa:execute/soa:data/text())
to create de XML based on the element 'soa:data' (which it is defined as string) but it's not working.
Does anyone have an idea of how to do that?
I do not have the error string right now but it's something complaining about a wrong type.
That function accepts only xs:string as argument.
Thank you!
Edited by filipems at 08/20/2007 4:20 PM
Edited by filipems at 08/20/2007 4:21 PM
Edited by filipems at 08/21/2007 2:14 PM

Hi,
I am facing the same kind of error. Can you share how this issue is solved.Your reply is very helpful.
Thanks in advance.

Error Error oracle.iam.platform.context.ContextManager BEA-000000 IAM-0030007 org.xml.sax.SAXParseException: Line 1, Column 1 : XML-20108: (Fatal Error) Start of root element expected. error in oim logs

Hi ,
I am getting the below error at times in oim logs not able to find the reason please help.
<Error> <oracle.iam.platform.context.ContextManager> <BEA-000000> <IAM-0030007
org.xml.sax.SAXParseException: <Line 1, Column 1>: XML-20108: (Fatal Error) Start of root element expected.
    at oracle.xml.parser.v2.XMLError.flushErrorHandler(XMLError.java:422)
    at oracle.xml.parser.v2.XMLError.flushErrors1(XMLError.java:287)
    at oracle.xml.parser.v2.NonValidatingParser.parseRootElement(NonValidatingParser.java:414)
    at oracle.xml.parser.v2.NonValidatingParser.parseDocument(NonValidatingParser.java:355)
    at oracle.xml.parser.v2.XMLParser.parse(XMLParser.java:226)
<XELLERATE.DATABASE> <BEA-000000> <Class/Method: tcDataBaseClient/bindToInstance encounter some problems: java.lang.ClassNotFoundException: weblogic/jndi/WLInitialContextFactory
oracle.iam.platform.utils.ServiceInitializationException: java.lang.ClassNotFoundException: weblogic/jndi/WLInitialContextFactory
    at oracle.iam.platform.Platform.getService(Platform.java:265)
    at oracle.iam.platform.OIMInternalClient.getService(OIMInternalClient.java:188)
    at com.thortech.xl.dataaccess.tcDataBaseClient.bindToInstance(tcDataBaseClient.java:151)
    at com.thortech.xl.client.dataobj.tcDataBaseClient.recoverConnection(tcDataBaseClient.java:401)
    at com.thortech.xl.client.dataobj.tcDataBaseClient.getInterface(tcDataBaseClient.java:385)
    at com.thortech.xl.dataaccess.tcDataBaseClient.close(tcDataBaseClient.java:349)
    at com.thortech.xl.server.tcDataBaseClient.close(tcDataBaseClient.java:62)
    at com.thortech.xl.server.tcDataBaseClient.finalize(tcDataBaseClient.java:43
Caused By: java.lang.ClassNotFoundException: weblogic/jndi/WLInitialContextFactory
    at java.lang.Class.forName0(Native Method)
    at java.lang.Class.forName(Class.java:247)
    at com.sun.naming.internal.VersionHelper12.loadClass(Ve
<Class/Method: tcDataBaseClient/getInterface encounter some problems: RuntimeException encountered. Reconnecting!
java.lang.NullPointerException
    at oracle.iam.platform.context.ContextManager.getCounter(ContextManager.java:697)
    at oracle.iam.platform.context.ContextManager.incrementCounter(ContextManager.java:684)
<Error> <XELLERATE.DATABASE> <BEA-000000> <Class/Method: tcDataBaseClient/close encounter some problems: Bean has been deleted.
javax.ejb.NoSuchEJBException: Bean has been deleted.
Thanks,
Sahana

hi Antara
about "... Though I have imported the following JDK parsers in the code , the Oracle's SAX parser is taking other inside the application server ..."
If you have used the SAXParserFactory.newSAXParser() method to get a parser, the documentation for this method says "Creates a new instance of a SAXParser using the currently configured factory parameters.".
So you might get a different parser in a different environment.
regards
Jan Vervecken

Unwanted Default Formatting with import XML

I have a problem of unwanted default formatting with import XML. Under InDesign CS6, I import XML with merge mode.
One frame is difficult to apply with the placeholder, I should put the XML element A inside by hand. InDesign automatically applies the character style of the child element B to the following text in element A.
I tried the steps of this article http://indesignsecrets.com/fixing-unwanted-default-formatting.php/comment-page-1#comment-5 62875
But it doesn't work for me.
Dose anyone have an idea? Thanks.

Kasyan, I agree with you!
So this is what i did in xslt.
First I added the following namespace to the stylesheet.
xmlns:file="http://www.jclark.com/xt/java/java.io.File"
This is not supported by indesign, you have to do this with a parser. I used saxon to parse the xml.
And this is the part for the existing file lookup.
If the file exists the image is placed as a href, if it doesn't exist i put the name of the image between brackets. In this case we can see in which image doesn't exist.
<xsl:choose>
     <xsl:when test="file:exists(file:new(string($imagefile)))">
          <xsl:element name="Articleimage">
               <xsl:attribute name="href">file://../images/<xsl:value-of select="Properties/Property[@field = 9]"/></xsl:attribute>
          </xsl:element>
      </xsl:when>
      <xsl:otherwise>
          <xsl:text>[</xsl:text><xsl:value-of select="Properties/Property[@field = 9]"/><xsl:text>]</xsl:text>
      </xsl:otherwise>
</xsl:choose>
I hope it helps for others.
Good luck!
Glen

Problem signing XML when applying XPATH2 filer

I have a problem when applying XPATH2 filter to a XML Signature, because it inserts the namespaces from the main XML node to all descendants. I'm doing this:
1. XMLSignatureFactory fac = XMLSignatureFactory.getInstance(AppConstants.DOM);
2. XPathType tipoFiltro = new XPathType("//mainNode", Filter.INTERSECT);
     3. ArrayList<XPathType> lista = new ArrayList<XPathType>();
     4. lista.add(tipoFiltro);
     5. XPathFilter2ParameterSpec listaXPath = new XPathFilter2ParameterSpec(lista);
     6. Transform filtro = fac.newTransform(Transform.XPATH2, listaXPath);
     7. Transform enveloped = fac.newTransform(Transform.ENVELOPED,(TransformParameterSpec) null);
     8. ArrayList<Transform> listaTransformadas = new ArrayList<Transform>();
     9. listaTransformadas.add(filtro); //If comented, no problem
     10. listaTransformadas.add(enveloped);
     11. ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), listaTransformadas,null,null);
     12. SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
     ... more code (KeyInfo,...)
     13. DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
     14. XMLSignature signature = fac.newXMLSignature(si, ki);
     15. signature.sign(dsc);
     If I do the same without XPATH2 filter (Line 9 commented), it doesn't insert the namespaces in any node (they're only in the main node). The objetive of applying this xpath2 filter is to exclude XSLT reference (<?xml-stylesheet type="text/xsl" href=".\xsl\myTemplate.xsl"?>) from the signature.
     How can I avoid this situation? Is there another method for signing XML documents that allows this? Is there another way to exclude XLST reference that doesn't insert namespaces in all nodes?

I have a problem when applying XPATH2 filter to a XML Signature, because it inserts the namespaces from the main XML node to all descendants. I'm doing this:
1. XMLSignatureFactory fac = XMLSignatureFactory.getInstance(AppConstants.DOM);
2. XPathType tipoFiltro = new XPathType("//mainNode", Filter.INTERSECT);
     3. ArrayList<XPathType> lista = new ArrayList<XPathType>();
     4. lista.add(tipoFiltro);
     5. XPathFilter2ParameterSpec listaXPath = new XPathFilter2ParameterSpec(lista);
     6. Transform filtro = fac.newTransform(Transform.XPATH2, listaXPath);
     7. Transform enveloped = fac.newTransform(Transform.ENVELOPED,(TransformParameterSpec) null);
     8. ArrayList<Transform> listaTransformadas = new ArrayList<Transform>();
     9. listaTransformadas.add(filtro); //If comented, no problem
     10. listaTransformadas.add(enveloped);
     11. ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), listaTransformadas,null,null);
     12. SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
     ... more code (KeyInfo,...)
     13. DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
     14. XMLSignature signature = fac.newXMLSignature(si, ki);
     15. signature.sign(dsc);
     If I do the same without XPATH2 filter (Line 9 commented), it doesn't insert the namespaces in any node (they're only in the main node). The objetive of applying this xpath2 filter is to exclude XSLT reference (<?xml-stylesheet type="text/xsl" href=".\xsl\myTemplate.xsl"?>) from the signature.
     How can I avoid this situation? Is there another method for signing XML documents that allows this? Is there another way to exclude XLST reference that doesn't insert namespaces in all nodes?

Copy Signed XML without altering it

Hi everyone,
I have a windows 2003 svr with JRE 1.6.0_18, and xmlsec v1.2.97 jar imported.
I'm building a new module of an existing application, which creates xml for invoices, signs them, and sends them to another company. This signed XMLs are stored on the filesystem.
I need to copy one of such xml files, lets call it A.xml (with valid signature, I checked using DOM's security validation tools) into another xml, lets say B.xml, without altering the contents of A.xml ( therefore voiding the signature ).
Then I have to sign B.xml
I have tried the following so far:
1. using Filereader to copy byte by byte to B.xml.
2. using inputstreamreaders (with apropriate encoding parameter) and copy line by line.
3. using DOM to add new node, and Transformer API to generate B.xml (proper enconding parameters are being set)
when I run a signature validation on B.xml, the signature has become invalid.
One intresting thing though, is that if I use method 1 to copy A.xml to another xml having only A's tree, this new XML has a valid signature.
Has anyone gone through something similar?
I'm I missing something?
or is it that whenever I insert an XML into another, it's signature will become void?
Thank you in advance for your help and time!
Regards,
Reynod

Well, #1 should work. Although I didn't understand what you said about "A's tree". Either you copy the file byte for byte (in which case you don't break the signature) or you produce something different (in which case you break the signature).
Anything which changes the contents of the XML should generate a document whose signature is invalid. That's the main point of signing a document.

How do you differentiate IDOC XML format and ordinary XML format

how do you differentiate IDOC XML format and ordinary XML format since they are used by IDOC adapter and RFC adapter???

Hi,
Cremas Structure starts with Header and followed by Segments...
Normally it begins like this
<CREMAS03><IDOC BEGIN="1">
The second node is Idoc in the header..
Thanks
Anju

XML design/suggestions - common format for multiple xml files?

Hi,
I'm working on a project where I need to collect data from different XML files. The format of these xml files differs from eachother, but all information I need can be found in each xml file. (date, time, name, etc..), but the elements have different names. Also the files contains redundant information that I don't need.
So, what is the best method to use if I want to summarize all the data and create a common format for the information?
I would be happy if I could convert to a commom format so, I will basically have all information in one single xml-file.
Many thanks,
-- beachen

Yep, use XSLT to transform them all into the same format.

On start node ina cluster a have Error OSB-Reporting BEA-473500

every time that I start my node in the cluster I have this error:
<Error> <OSB-Reporting> <BEA-473500>
I'm using Oracle Service Bus 11g
what I should do to solve this?

Hi Alex,
I would suggest you to check with your network team because BEA-000109 error which points to the NIC card and the network issues.
Ensure that no physical problems exist in your network:
- Verify the network connection for each machine that hosts servers within the cluster.
- Verify that all components of the network, including routers and DNS servers, are connected and functioning correctly.
- Address conflicts within a network can disrupt multicast communications.
- Use the netstat utility to verify that no other network resources are using the cluster multicast address.
- Verify that each machine has a unique IP address.
Workaround: Try using a different multicast address.
Detail Information about the Error Code BEA-000109
Error: An error occurred while sending multicast message:
Description: An IO error occurred while trying to send a message over multicast.
Cause: An error occurred while trying to send a message over multicast.
Action :WebLogic Server will try to recover from this error. If the problem continues to persist, make sure that the network infrastructure and NIC are functioning properly.
a) Suggest you to change the address and port to be certainly unique to have another try.
Is your machine multihomed for managed server?
b) If it is, try specifying Interface Address for each server.
From admin console, you can go to the managed server -> Configuration -> Cluster ->
Interface Address.
Hope this helps.
Thanks,
Cris

Oracle.security.crypto.cert.PKCS7 signing xml message

Dear All
Can anybody have java sample code to sign xml message by using oracle.security.crypto.cert.PKCS7 libarary.
Regards
Aamir

Hi Michal,
> about a WM application (which only has SAP in the name)
I'm afraid you have a completely wrong understanding of the Business Connector...
About 10-20% of the code (everything that deals with RFC communication, IDoc processing and conversion of IDoc/function module data to and from XML) has been developed here at SAP. And with release 4.7 (2003), SAP obtained 100% control over the source code, and we have done many fixes and enhancements in the webMethods part of the code (as well as in our own...) since then.
I just wanted to make this point clear...
BTW: the problem reported here is neither related to webMethods, nor to SAP: it's simply a problem with the certificate (probably a mismatch between private key and public key?!)
Best Regards, Ulrich
(SAP BC team)

OSB: fn-bea:inlinedXML format my signed XML

Similar Messages

Maybe you are looking for