Problem in XML Signature

Hi,
i get an Exception in Registering mechanism for XML Signature factory
it says.
javax.xml.crypto.NoSuchMechanismException : Cannot find DOM Mechanism type
I use J2sdk1.4.2_05 with JWSDP 1.4
Following is the code do let me know where i go wrong.
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.DocumentBuilder;
import org.w3c.dom.Document;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.*;
import javax.xml.crypto.dsig.*;
import javax.xml.crypto.dom.*;
import java.security.Provider;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import java.security.KeyPairGenerator;
import java.security.KeyPair;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import java.io.FileInputStream;
import java.util.Collections;
//author Palani V. Rajan
// SafeScrypt Ltd
class XMLSign
XMLSign(){}
/*XMLSign(String inputFile)
public void signTheMarkup(String inputFilePath)
Document domDoc;
try{
System.out.println("Creating DOM");
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
domDoc = db.parse(new FileInputStream(inputFilePath));
System.out.println("Generating Key's.....");
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
kpg.initialize(1024);
KeyPair kp = kpg.generateKeyPair();
DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), domDoc.getDocumentElement());
String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
System.out.println("Creating xml sign.....");
System.out.println("Provider Name "+providerName);
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",(Provider) Class.forName(providerName).newInstance());
System.out.println("T 1");
Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null),Collections.singletonList(fac.newTransform(Transform.ENVELOPED, null)),null, null);
System.out.println("T 2");
SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, null),fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),Collections.singletonList(ref));
System.out.println("T 4");
KeyInfoFactory kif = fac.getKeyInfoFactory();
KeyValue kv = kif.newKeyValue(kp.getPublic());
KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
System.out.println("T 5");
XMLSignature signature = fac.newXMLSignature(si, ki);
signature.sign(dsc);
}catch(Exception e){e.printStackTrace();}
public static void main(String[] q)
System.out.println("Creating XML Signatures.....");
XMLSign xs = new XMLSign();
xs.signTheMarkup(q[0]);
Thnx in Advance
Vinodh

I have encountered the same problem. I am using Jbuilder 5 with JDK 1.3.0. I copied all the JAR files of jwsdp-1.5 by creating a custom library.
Even then It didnt work. Can some one who has resolved this please help.
I have tried running the same code in JDeveloper 10g (10.1.2) and got a same error.
Regards,
Srinivas.

Similar Messages

Problem verifying xml signature

We have a problem with verifying XML Signatures which are part of a SOAP message. Thanks a lot for helping! Hope my problem is understandable - otherwise ask.
We use the following enviroment:
Java6
Axis 2 V1.2 with XML Beans
Step 1:
The Java 6 XML Signature is an enveloped signature over an element called payload with exclusive XML canonicalization. We sign the payload and send the payload including signature to the server. At first I discovered the following namespace problem.
DigesterOutputstream Create Signature:
FEINER: <Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp><Created>UNDO</Created></Timestamp></Payload>
DigesterOutput Verify Signature:
FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
31.10.2007 08:25:48 org.jcp.xml.dsig.internal.dom.DOMReference validate
FEIN: Expected digest: 71PfJ/xxn38TtQrpZOpRdqTZsBw=
31.10.2007 08:25:48 org.jcp.xml.dsig.internal.dom.DOMReference validate
FEIN: Actual digest: B1Qdei/0yW1mqR2T50LXKFfxhl0=
Soap request with payload:
<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header><TelematikHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><ConversationID /><ServiceLocalization><Type>VSD</Type><Provider>101575519</Provider></ServiceLocalization><MessageType><Component>VSD</Component><Operation>PerformUpdates</Operation></MessageType><RoleDataProcessor /></TelematikHeader><TransportHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><InterfaceVersion>0.0.24.3</InterfaceVersion></TransportHeader></soapenv:Header><soapenv:Body><TelematikExecute xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDAyNDAwPC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:34D51D9DE4B7A19DD411938151524022</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#c623c3be-529b-4d6d-8f1e-a4a29660f344"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>71PfJ/xxn38TtQrpZOpRdqTZsBw=</DigestValue></Reference></SignedInfo><SignatureValue>FuhOdrz9kHR0MeAUq9Rxkg6w++7foR77s9AYQUQxb8qPJ44Ba6By8R/H+CCn5JP5cPFz8/mGOgOD NGKLgZp66xbVSWe1UeehmZLH1a2kvHsx/VvYo3Lr5foHsl6YikUBMXCBdhI4ukKJTuwBOK/7m3lu 7Zl07SFo0zWL73gUTxc=</SignatureValue><KeyInfo><X509Data><X509SubjectName>CN=Harris Knafla,OU=IP,O=TK,ST=Hamburg,C=DE</X509SubjectName><X509Certificate>MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgT B0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIG A1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGlu ZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYD VQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBL bmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayv HO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2q xJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5 MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl MB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vai Zst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6f MqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupi vlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</X509Certificate></X509Data></KeyInfo></Signature></Payload></TelematikExecute></soapenv:Body></soapenv:Envelope>
The problem is the namespaces under the elements payload and timestamp. For verification the namespaces are inherited from parent element. I wonder why this happens - I thought this should not happen when using exclusive canonicalization, or?
Step 2:
Then I added the namespaces before creating the signature , e.g.
payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://ws.gematik.de/Schema/Telematik/Transport/V1");
for all attributes that are not part of the create signature log. Then the xml signature was verify successfully when I tested this against my own server. See log files:
DigesterOutputstream for create signature:
31.10.2007 11:16:00 org.jcp.xml.dsig.internal.DigesterOutputStream write
FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
DigesterOutputstream verify signature:
31.10.2007 11:19:00 org.jcp.xml.dsig.internal.DigesterOutputStream write
FEINER: <Payload xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp></Payload>
The whole soap request:
<?xml version='1.0' encoding='utf-8'?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"><soapenv:Header> <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><wsse:BinarySecurityToken xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="CertId-3596382">MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgTB0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIGA1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGluZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYDVQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBLbmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayvHO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2qxJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vaiZst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6fMqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupivlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</wsse:BinarySecurityToken><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="Signature-8331318"> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <ds:Reference URI="#id-28000914"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>Q2LregRFO//cXlkcThu9Bx0jal4=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#id-10464309"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>BX651XEWk4u4pGgshQhocYxPkSo=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#Timestamp-7651652"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <ds:DigestValue>ezisLn/pGWNqMHbT6UlHyM4Ez64=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> Xl4SSEwrtyUnsqf8xOmfzojLLU18tOrikOhK+HRyqHqv0lPF+AqANLU6yygNdhbfI5qyef9BLr6I CmSPIX4QQR+Hq45l/Ewa+M2K1OOjqvBUGYyQqrKCqUFtsISr9xPudB8ZmaVfaUu5chjIvy/sPYYx TuYv2Ma6uEwek1YZpbE= </ds:SignatureValue> <ds:KeyInfo Id="KeyId-1823783"> <wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-17125267"><wsse:Reference URI="#CertId-3596382" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" /></wsse:SecurityTokenReference> </ds:KeyInfo> </ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="Timestamp-7651652"><wsu:Created>2007-10-31T10:16:00.474Z</wsu:Created><wsu:Expires>2007-10-31T10:21:00.474Z</wsu:Expires></wsu:Timestamp></wsse:Security><TelematikHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-10464309"><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><ConversationID /><ServiceLocalization><Type>VSD</Type><Provider>101575519</Provider></ServiceLocalization><MessageType><Component>VSD</Component><Operation>PerformUpdates</Operation></MessageType><RoleDataProcessor /></TelematikHeader><TransportHeader xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><InterfaceVersion>0.0.24.3</InterfaceVersion></TransportHeader></soapenv:Header><soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-28000914"><TelematikExecute xmlns="http://ws.gematik.de/Schema/Telematik/Transport/V1"><Payload Id="c623c3be-529b-4d6d-8f1e-a4a29660f344"><Parameter Encoding="base64"><Name>VSD</Name><Value>PFBlcmZvcm1VcGRhdGVzIHhtbG5zPSJodHRwOi8vd3MuZ2VtYXRpay5kZS9jbS9jYy9DbUNjU2VydmljZVJlcXVlc3QvdjEuMiIgeG1sbnM6djE9Imh0dHA6Ly93cy5nZW1hdGlrLmRlL2NtL2NvbW1vbi9DbUNvbW1vbi92MS4yIj4NCiAgPHYxOkljY3NuPjgwMjc2MDAxMDQwMDAwMDMwMjI5PC92MTpJY2Nzbj4NCiAgPHYxOlVwZGF0ZUlkPjAxPC92MTpVcGRhdGVJZD4NCjwvUGVyZm9ybVVwZGF0ZXM+</Value></Parameter><MessageID>urn:uuid:9E0D31C48FDB63BBCD11938257462232</MessageID><Timestamp xmlns="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><Created>UNDO</Created></Timestamp><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /><Reference URI="#c623c3be-529b-4d6d-8f1e-a4a29660f344"><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /><DigestValue>XHIiHK4NYczByvAJSZH8u3hSvuQ=</DigestValue></Reference></SignedInfo><SignatureValue>JQnTQJ1TidrMuWmSmpHE3ZR5M728A3tlvKjrM3GxFPuy5YOmmybxR0T7xe72WSdWsqvFT9QGE+iP GL5POuc3s8lLc1QGZRKhZvjHAKFldDNyxAMWRL7ZXmhpjsRXT3HethKWew3669SKjJFkZ1IYEnZz QrJOmgt1MMjWx99CgaQ=</SignatureValue><KeyInfo><X509Data><X509SubjectName>CN=Harris Knafla,OU=IP,O=TK,ST=Hamburg,C=DE</X509SubjectName><X509Certificate>MIIC0DCCAjmgAwIBAgIBBDANBgkqhkiG9w0BAQUFADCBjTELMAkGA1UEBhMCREUxEDAOBgNVBAgT B0hhbWJ1cmcxEDAOBgNVBAcTB0hhbWJ1cmcxCzAJBgNVBAoTAlRLMQswCQYDVQQLEwJJUDEUMBIG A1UEAxMLTmlscyBLbmFmbGExKjAoBgkqhkiG9w0BCQEWG0RyLk5pbHMuS25hZmxhQHRrLW9ubGlu ZS5kZTAeFw0wNzA2MjkxNzQ2MzBaFw0wODA2MjgxNzQ2MzBaMFExCzAJBgNVBAYTAkRFMRAwDgYD VQQIEwdIYW1idXJnMQswCQYDVQQKEwJUSzELMAkGA1UECxMCSVAxFjAUBgNVBAMTDUhhcnJpcyBL bmFmbGEwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAJMjAnKFGjXjbPbi4X1vnI/H7ArNfayv HO7+QbuV1FqIR+aZuAYZeR5v0s8NKyGOcMxscAQk59ZrdfqaaIiwtcXk2fNHphtSVqLqR4NLWO2q xJKXwBcAxIn7byjq/DqjiUr5nmw1cMWJtK1xwB6pVMvCv97KGg2Z8peronBxg6mVAgMBAAGjezB5 MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9wZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRl MB0GA1UdDgQWBBRaMTzoUhWt1wguyvPlPuUUV8VRtTAfBgNVHSMEGDAWgBQuZ2A4G1XF+GvL7vai Zst6RUCqYjANBgkqhkiG9w0BAQUFAAOBgQAr3rtJIVNchr3pMEfFcSzbJJWo/c0LRkUnWkP1gD6f MqLoLFUbl8k6tKJ9V4P0Oe2BODRIfNyTFjKLzD1lHAFFRz9pzYUx+hq4VDWooA3MsewNDDyJwupi vlmHcM+Y8Cv97q9pERiqAY88TRMZxntl/b98W61KARAO+HUDhTnA1g==</X509Certificate></X509Data></KeyInfo></Signature></Payload></TelematikExecute></soapenv:Body></soapenv:Envelope>
As you can see in the soap request on top of the xml signature there is a Webservice Security signature (WSSE) over three elements. This should be no problem altough WSSE adds the wsu:id attribute to the body element. WSSE was omitted in step 1 for simplicity.
I wonder that the attributes which have been set to the payloadElement are not part of the actual message. But it works!
Step 3:
The same request was sent to an external webservice server and the server reports a xml signature verification problem. I don't have any logs or further information. But I have to get this to work against this server.
Java Files for Create + Verify Signature. For Create I get a DOM Node from a XML Bean. For step 1 the attribute setting should be in comments. I use VerifySignature for step 1 + 2.
SignPayload.java:
package de.tk.signature;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.ExcC14NParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.apache.xmlbeans.XmlObject;
import de.tk.schemaTools.TkSchemaHandler;
import de.tk.util.ClientProperties;
public class SignPayload {
     public static void signDocument(XmlObject telematikExecuteXmlObject, String payloadId) {
          try {
               // get Document
               org.w3c.dom.Node node = telematikExecuteXmlObject.getDomNode();
               Document documentTo = node.getOwnerDocument();
               XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
               Reference ref = fac.newReference("#"+payloadId, fac.newDigestMethod(DigestMethod.SHA1, null), Collections.singletonList(fac
                         .newTransform(Transform.ENVELOPED, (TransformParameterSpec) null)), null, null);
               // Create the SignedInfo.
               SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.EXCLUSIVE, (C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null),
                         Collections.singletonList(ref));
               KeyStore keyStore = KeyStore.getInstance("JKS");
               String keyStoreFilename = ClientProperties.getKeystorefile();
               FileInputStream keyStoreFile = new FileInputStream(keyStoreFilename);
               keyStore.load(keyStoreFile, "storePwd".toCharArray());
               keyStoreFile.close();
               KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) keyStore.getEntry("harris", new KeyStore.PasswordProtection("keyPwd".toCharArray()));
               X509Certificate cert = (X509Certificate) keyEntry.getCertificate();
               // Create the KeyInfo containing the X509Data.
               KeyInfoFactory kif = fac.getKeyInfoFactory();
               List x509Content = new ArrayList();
               x509Content.add(cert.getSubjectX500Principal().getName());
               x509Content.add(cert);
               X509Data xd = kif.newX509Data(x509Content);
               KeyInfo ki = kif.newKeyInfo(Collections.singletonList(xd));
               Node payloadNode = new TkSchemaHandler().getNode(documentTo, "Payload");
               String prefix = payloadNode.getPrefix();
               NamedNodeMap nameNodeMap = payloadNode.getAttributes();
               // String baseUri = payloadNode.getBaseURI(); not implemented
               boolean attributes = payloadNode.hasAttributes();
               Element payloadElement = (Element) payloadNode;
               //xmlns is the prefix and first parameter the namespaceURI
               // xmlns existiert ohne WSSE, beim Create XMLOutputter ausgegeben
               payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://ws.gematik.de/Schema/Telematik/Transport/V1");
               // existiert ohne WSSE
               // bei Create nicht; aber bei Verify im DigestOutputter mit drin
               payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:soapenv", "http://schemas.xmlsoap.org/soap/envelope/");
               // existiert nur bei WSSE
               payloadElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:wsu", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
               Node timestampNode = new TkSchemaHandler().getNode(documentTo, "Timestamp");
               Element timestampElement = (Element) timestampNode;
               // existiert ohne WSSE
               // beim Create Outputter angegeben sowie beim Verify
               timestampElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns", "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd");
               // existiert nur bei WSSE, war wohl nur notwendig da bei WSSE Signature auf falschen Timestamp zugegriffen worden ist.
               // Create a DOMSignContext and specify the RSA PrivateKey and
               // location of the resulting XMLSignature's parent element.
               DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(),payloadNode);
               // Create the XMLSignature, but don't sign it yet.
               XMLSignature signature = fac.newXMLSignature(si, ki);
               // DomInfo.visualize(document);
               SAXBuilderDemo2.print(documentTo);
               // Marshal, generate, and sign the enveloped signature.
               signature.sign(dsc);
          } catch (Exception exc) {
               throw new RuntimeException(exc.getMessage());
VerifySignature.java:
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.KeyStore;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.List;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
public class VerifySignature {
     * @param args
     public static void main(String[] args) {
          // TODO Auto-generated method stub
          try {
               String filename = args[0];
               System.out.println("Verify Document: " + filename);
               XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
               DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
               dbf.setNamespaceAware(true);
               Document doc = dbf
               .newDocumentBuilder()
               .parse(
                         new FileInputStream(filename));
//               Find Signature element.
//               NodeList nl =
//               doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
               Node node = TkSchemaHandler.getNode(doc,"/*[local-name()='Envelope' and namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/']/*[local-name()='Body' and namespace-uri()='http://schemas.xmlsoap.org/soap/envelope/'][1]/*[local-name()='TelematikExecute' and namespace-uri()='http://ws.gematik.de/Schema/Telematik/Transport/V1'][1]/*[local-name()='Payload' and namespace-uri()='http://ws.gematik.de/Schema/Telematik/Transport/V1'][1]/*[local-name()='Signature' and namespace-uri()='http://www.w3.org/2000/09/xmldsig#'][1]");
               if (nl.getLength() == 0) {
               throw new Exception("Cannot find Signature element");
               Node node = nl.item(0); */
//               Create a DOMValidateContext and specify a KeySelector
//               and document context.
               DOMValidateContext valContext = new DOMValidateContext
               (new X509KeySelector(), node);
//               Unmarshal the XMLSignature.
               XMLSignature signature = fac.unmarshalXMLSignature(valContext);
//               Validate the XMLSignature.
               boolean coreValidity = signature.validate(valContext);
               // sample 6
//               Check core validation status.
               if (coreValidity == false) {
               System.err.println("Signature failed core validation");
               boolean sv = signature.getSignatureValue().validate(valContext);
               System.out.println("signature validation status: " + sv);
               if (sv == false) {
               // Check the validation status of each Reference.
               Iterator i = signature.getSignedInfo().getReferences().iterator();
               for (int j=0; i.hasNext(); j++) {
               boolean refValid = ((Reference) i.next()).validate(valContext);
               System.out.println("ref["+j+"] validity status: " + refValid);
               } else {
               System.out.println("OK! Signature passed core validation!");
          } catch (Exception exc) {
               exc.printStackTrace();
Questions:
1. Do I really have to set all the namespace attributes? I thought with exclusive xml this should not be necessary. Is there any other solution?
2. Do you think I got all the settings right in SignPayload.java?
Thanks a lot in advance.
Cheers !
Nils

It seems to be a bug with the JDK you are using. What is the JDK version you are using?

Problem with XML signature

Can anybody tell me how to generate an xml signature
with the base 64 transform(Transform.BASE64)?
I just can't find any documentation on the web.
It would be great to provide a small code exemple.
Thanks
Antoine

Thanks for the reply.
I'm applying appropriate namespaces to the generated xml string. Could it be the probelem?
this is how the generated xml looks in final stage, I mean after I'm doing some rework on the generated xml.
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#PAYMENTS"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>IXgHx5ioixsJ13jyg767D8UCU9s=</DigestValue></Reference></SignedInfo><SignatureValue>DO+Fngf3h0Q5iDoMq2mZFL+bxL3vY1i1fyqzBbKRPhHlzqWrW2wP3SFHjVzPLXdj92W8hMx9I8Jq
QBV/D+pUKa32aZB7kPwOGZqR63X+d6Hca58jnTK7+zq8Fzi2DPlE+omQhgT3xeXp/lQpKI8vAgVT
eX+eylRYTAZDSfDw7qk=</SignatureValue><Object Id="PAYMENTS"><PAYMENTS xmlns=""><Payment><PaymentIdA></PaymentIdA><PaymentIdB>aa</PaymentIdB><SrcBank>bb</SrcBank><SrcAccount>cc</SrcAccount><PayerId>dd</PayerId><PayerName>Dato</PayerName><TaxPayerId>00022023</TaxPayerId><TaxPayerName></TaxPayerName><ReceiverName>mof</ReceiverName><AdditinalInfo>racxa</AdditinalInfo><Amount>521</Amount><TreasuryCode>hello</TreasuryCode><PaymentTime>hi</PaymentTime><PaymentChannel>ib</PaymentChannel></Payment></PAYMENTS></Object></Signature>

XSLT Transform in XML Signature: Exception

Hello,
I have following problem with an XSLT tranform in my XML signature. Here is the code I use to add XSLT to signature:
main() {
DOMStructure stylesheet = new DOMStructure( getStylesheet() );
XSLTTransformParameterSpec spec = new XSLTTransformParameterSpec( stylesheet );
transforms.add( fac.newTransform( Transform.XSLT, spec ) );
private Element getStylesheet() throws Exception {
     String stylesheet = //"<?xml version=\"1.0\"?>" +
                    "<xslt:stylesheet version=\"1.0\" xmlns:xslt=\"http://www.w3.org/1999/XSL/Transform\">\n" +
                    " <xsl:include href=\"http://extern XSLT\" />\n" +
                    " <xslt:template match=\"/\">" +
                    " <xsl:apply-imports />" +
                    " </xslt:template>" +
                    "</xslt:stylesheet>\n";
     DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
     //dbf.setValidating( true );
     return dbf.newDocumentBuilder().parse( new ByteArrayInputStream( stylesheet.getBytes() ) ).getDocumentElement();
I get following exception:
javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.dsig.TransformException: com.sun.org.apache.xml.internal.security.transforms.TransformationException: Cannot find xslt:stylesheet in Transform
Original Exception was com.sun.org.apache.xml.internal.security.transforms.TransformationException: Cannot find xslt:stylesheet in Transform
     at org.jcp.xml.dsig.internal.dom.DOMReference.transform(Unknown Source)
     at org.jcp.xml.dsig.internal.dom.DOMReference.digest(Unknown Source)
     at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(Unknown Source)
     at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(Unknown Source)
In google I cannot find any details what can be wrong.
Any suggestions?
Thanks in advance,
errno

Thanks for your response. Sorry - I tried both versions with xslt and xsl - doesn't worked -> the error in my post is actually caused through the multiple changes of this part of code. Here once again:
private Element getStylesheet() throws Exception {
          String stylesheet = //"<?xml version=\"1.0\"?>" +
                                   "<xslt:stylesheet version=\"1.0\" xmlns:xslt=\"http://www.w3.org/1999/XSL/Transform\">\n" +
                                   " <xslt:include href=\"external XSLTl\" />\n" +
                                   " <xslt:template match=\"/\">" +
                                   " <xslt:apply-imports />" +
                                   " </xslt:template>" +
                                   "</xslt:stylesheet>\n";
          DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
          //dbf.setValidating( true );
          return dbf.newDocumentBuilder().parse( new ByteArrayInputStream( stylesheet.getBytes() ) ).getDocumentElement();
Thanks,
errno

XML signature

Hi All,
In one of our interfaces, we are implementing digital signature. We are creating a signature based on the four of all input fields. We are able to sign and sent the message successfully to the target system (Third party system). We are communicating with the target system via webservice and are using SOAP adapter at the receiver side. It's a party communication.
But the Third party is unable to verify the signature. I need help from you guys in confirming, whether the digital signatures generated using SAP standards conform to open standards and can be verified by any 3rd party system?
Note: We are using SHA algorithm for creating the digital signatures.
Regards,
Vishnu.

Hi Vishnu,
With XML signatures, the entire XML document becomes case-sensitive.
Also, extra spaces, between node names might pose to be a problem as well.
Ensure that the xml message you are sending out, and the message expected by the third party system match in case, and format.
Would you be able to post the error here?
Regards,
Smitha.

XML Signature ignoring tag

Hello
I have a java class that signs XML documents using the sap class com.sap.engine.lib.xml.signature.generator.SignatureGenerator.
The problem is that is ignores the tag <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">, if the document to be signed have a Signature included.
For example, the xml structured to be signed is:
<MainTag>
   <Xml1>
       <Xml1Info/>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
      </Signature>
</Xml1>
</MainTag>
The result should be:
<MainTag>
   <Xml1>
       <Xml1Info/>
      <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
      </Signature>
</Xml1>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
</Signature>
</MainTag>
The problem is that the generated signature is the same if we sign using this source xml:
<MainTag>
   <Xml1>
       <Xml1Info/>
</Xml1>
</MainTag>
Its completelly ignoring the tag Signature.
Does anyone have faced this problem?
I have another question, where I can find the Sap Javadoc for com.sap.engine.lib.xml.signature.generator.SignatureGenerator ?
Thanks

HI Vitor,
I have the same problem.. I am also trying to generate digital signature of an XML document. I dont know whether there is an api which can do it for me.
If you have solved it, Can you please share a simple code snippet with me ?
Regards
Jony Khatri

Problem signing XML when applying XPATH2 filer

I have a problem when applying XPATH2 filter to a XML Signature, because it inserts the namespaces from the main XML node to all descendants. I'm doing this:
1. XMLSignatureFactory fac = XMLSignatureFactory.getInstance(AppConstants.DOM);
2. XPathType tipoFiltro = new XPathType("//mainNode", Filter.INTERSECT);
     3. ArrayList<XPathType> lista = new ArrayList<XPathType>();
     4. lista.add(tipoFiltro);
     5. XPathFilter2ParameterSpec listaXPath = new XPathFilter2ParameterSpec(lista);
     6. Transform filtro = fac.newTransform(Transform.XPATH2, listaXPath);
     7. Transform enveloped = fac.newTransform(Transform.ENVELOPED,(TransformParameterSpec) null);
     8. ArrayList<Transform> listaTransformadas = new ArrayList<Transform>();
     9. listaTransformadas.add(filtro); //If comented, no problem
     10. listaTransformadas.add(enveloped);
     11. ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), listaTransformadas,null,null);
     12. SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
     ... more code (KeyInfo,...)
     13. DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
     14. XMLSignature signature = fac.newXMLSignature(si, ki);
     15. signature.sign(dsc);
     If I do the same without XPATH2 filter (Line 9 commented), it doesn't insert the namespaces in any node (they're only in the main node). The objetive of applying this xpath2 filter is to exclude XSLT reference (<?xml-stylesheet type="text/xsl" href=".\xsl\myTemplate.xsl"?>) from the signature.
     How can I avoid this situation? Is there another method for signing XML documents that allows this? Is there another way to exclude XLST reference that doesn't insert namespaces in all nodes?

I have a problem when applying XPATH2 filter to a XML Signature, because it inserts the namespaces from the main XML node to all descendants. I'm doing this:
1. XMLSignatureFactory fac = XMLSignatureFactory.getInstance(AppConstants.DOM);
2. XPathType tipoFiltro = new XPathType("//mainNode", Filter.INTERSECT);
     3. ArrayList<XPathType> lista = new ArrayList<XPathType>();
     4. lista.add(tipoFiltro);
     5. XPathFilter2ParameterSpec listaXPath = new XPathFilter2ParameterSpec(lista);
     6. Transform filtro = fac.newTransform(Transform.XPATH2, listaXPath);
     7. Transform enveloped = fac.newTransform(Transform.ENVELOPED,(TransformParameterSpec) null);
     8. ArrayList<Transform> listaTransformadas = new ArrayList<Transform>();
     9. listaTransformadas.add(filtro); //If comented, no problem
     10. listaTransformadas.add(enveloped);
     11. ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), listaTransformadas,null,null);
     12. SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
     ... more code (KeyInfo,...)
     13. DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
     14. XMLSignature signature = fac.newXMLSignature(si, ki);
     15. signature.sign(dsc);
     If I do the same without XPATH2 filter (Line 9 commented), it doesn't insert the namespaces in any node (they're only in the main node). The objetive of applying this xpath2 filter is to exclude XSLT reference (<?xml-stylesheet type="text/xsl" href=".\xsl\myTemplate.xsl"?>) from the signature.
     How can I avoid this situation? Is there another method for signing XML documents that allows this? Is there another way to exclude XLST reference that doesn't insert namespaces in all nodes?

Generating XML signature with prefix dsig ?

Hi everyone,
I'm facing a problem generating a signature of XML document. I'm using Jwsdp and the apache toolkit. So far, I can generate the signature of this form :
<Signature>
<SignedInfo> .....
I would like to generate the signature like this :
<dsig:Signature>
<dsig:SignedInfo> ....
The API doesn't specify how to add the prefix dsig befor tags element ...
It's very important for me to solve the problem, so any help would be really really appreciated :-)
Thanks a lot.

There is a method in DOMSignContext to do that:
// org.w3c.dom.Document doc;
DOMSignContext dsc = new DOMSignContext(privateKey, doc.getDocumentElement());
dsc.putNamespacePrefix(XMLSignature.XMLNS, "dsig"); // or "ds" which is my case

Problem with XML on Linux

hi everybody,
I've a big problem with XML on Linux, in details I see my program stopping on Linux at the instruction
XMLReader xr = XMLReaderFactory.createXMLReader("org.apache.crimson.parser.XMLReaderImpl");
and it's strange because on Windows it runs and there aren't problems about permissions on files, does anyone knows what to do?
thanks in advance!
Stefano

What happens on that line? I'm assuming you get some kind of error or exception.
Make sure the JAR file for Crimson is in your classpath.

Problem with XML in APEX ORA-06502

i, I have a problem with XML generation, I developed an application in APEX, and in a html page I have this process:
declare
l_XML varchar2(32767);
begin
select xmlElement
"iva",
xmlElement("numeroRuc",J.RUC),
xmlElement("razonSocial", J.RAZON_SOCIAL),
xmlElement("idRepre", J.ID_REPRE),
xmlElement("rucContador", J.RUC_CONTADOR),
xmlElement("anio", J.ANIO),
xmlElement("mes", J.MES),
xmlElement
"compras",
select xmlAgg
xmlElement
"detalleCompra",
--xmlAttributes(K.ID_COMPRA as "COMPRA"),
xmlForest
K.COD_SUSTENTO as "codSustento",
K.TPLD_PROV as "tpldProv",
K.ID_PROV as "idProv",
K.TIPO_COMPROBANTE as "tipoComprobante",
to_char(K.FECHA_REGISTRO, 'DD/MM/YYYY') as "fechaRegistro",
K.ESTABLECIMIENTO as "establecimiento",
K.PUNTO_EMISION as "puntoEmision",
K.SECUENCIAL as "secuencial",
to_char(K.FECHA_EMISION, 'DD/MM/YYYY') as "fechaEmision",
K.AUTORIZACION as "autorizacion",
to_char(K.BASE_NO_GRA_IVA, 9999999999.99) as "baseNoGraIva",
to_char(K.BASE_IMPONIBLE, 9999999999.99) as "baseImponible",
to_char(K.BASE_IMP_GRAV, 9999999999.99) as "baseImpGrav",
to_char(K.MONTO_ICE, 9999999999.99) as "montoIce",
to_char(K.MONTO_IVA, 9999999999.99) as "montoIva",
to_char(K.VALOR_RET_BIENES, 9999999999.99) as "valorRetBienes",
to_char(K.VALOR_RET_SERVICIOS, 9999999999.99) as "valorRetServicios",
to_char(K.VALOR_RET_SERV_100, 9999999999.99) as "valorRetServ100"
xmlElement
"air",
select xmlAgg
xmlElement
"detalleAir",
xmlForest
P.COD_RET_AIR as "codRetAir",
to_char(P.BASE_IMP_AIR, 9999999999.99) as "baseImpAir",
to_char(P.PORCENTAJE_AIR, 999.99) as "porcentajeAir",
to_char(P.VAL_RET_AIR, 9999999999.99) as "valRetAir"
from ANEXO_COMPRAS P
where P.ID_COMPRA = K.ID_COMPRA
AND P.ID_INFORMANTE_XML = K.ID_INFORMANTE_XML
xmlElement("estabRetencion1", K.ESTAB_RETENCION_1),
xmlElement("ptoEmiRetencion1", K.PTO_EMI_RETENCION_1),
xmlElement("secRetencion1", K.SEC_RETENCION_1),
xmlElement("autRetencion1", K.AUT_RETENCION_1),
xmlElement("fechaEmiRet1", to_char(K.FECHA_EMI_RET_1,'DD/MM/YYYY')),
xmlElement("docModificado", K.DOC_MODIFICADO),
xmlElement("estabModificado", K.ESTAB_MODIFICADO),
xmlElement("ptoEmiModificado", K.PTO_EMI_MODIFICADO),
xmlElement("secModificado", K.SEC_MODIFICADO),
xmlElement("autModificado", K.AUT_MODIFICADO)
from SRI_COMPRAS K
WHERE K.ID IS NOT NULL
AND K.ID_INFORMANTE_XML = J.ID_INFORMANTE
AND K.ID BETWEEN 1 AND 25
).getClobVal()
into l_XML
from ANEXO_INFORMANTE J
where J.ID_INFORMANTE =:P3_MES
and J.RUC =:P3_ID_RUC
and J.ANIO =:P3_ANIO
and J.MES =:P3_MES;
--HTML
sys.owa_util.mime_header('text/xml',FALSE);
sys.htp.p('Content-Length: ' || length(l_XML));
sys.owa_util.http_header_close;
sys.htp.print(l_XML);
end;
Now my table has more than 900 rows and only when I specifically selected 25 rows of the table "ANEXO_COMPRAS" in the where ( AND K.ID BETWEEN 1 AND 25) the XML is generated.+
I think that the problem may be the data type declared "varchar2", but I was trying with the data type "CLOB" and the error is the same.+
declare
l_XML CLOB;
begin
--Oculta XML
sys.htp.init;
wwv_flow.g_page_text_generated := true;
wwv_flow.g_unrecoverable_error := true;
--select XML
select xmlElement
from SRI_COMPRAS K
WHERE K.ID IS NOT NULL
AND K.ID_INFORMANTE_XML = J.ID_INFORMANTE
).getClobVal()
into l_XML
from ANEXO_INFORMANTE J
where J.ID_INFORMANTE =:P3_MES
and J.RUC =:P3_ID_RUC
and J.ANIO =:P3_ANIO
and J.MES =:P3_MES;
--HTML
sys.owa_util.mime_header('text/xml',FALSE);
sys.htp.p('Content-Length: ' || length(l_XML));
sys.owa_util.http_header_close;
sys.htp.print(l_XML);
end;
The error generated is ORA-06502: PL/SQL: numeric or value error+_
Please I need your help. I don`t know how to resolve this problem, how to use the data type "CLOB" for the XML can be generate+

JohannaCevallos07 wrote:
Now my table has more than 900 rows and only when I specifically selected 25 rows of the table "ANEXO_COMPRAS" in the where ( AND K.ID BETWEEN 1 AND 25) the XML is generated.+
I think that the problem may be the data type declared "varchar2", but I was trying with the data type "CLOB" and the error is the same.+
The error generated is ORA-06502: PL/SQL: numeric or value error+_
Please I need your help. I don`t know how to resolve this problem, how to use the data type "CLOB" for the XML can be generate+The likeliest explanation for this is that length of the XML exceeds 32K, which is the maximum size that <tt>htp.p</tt> can output. A CLOB can store much more than this, so it's necessary to buffer the output as shown in +{message:id=4497571}+
Help us to help you. When you have a problem include as much relevant information as possible upfront. This should include:
<li>Full APEX version
<li>Full DB/version/edition/host OS
<li>Web server architecture (EPG, OHS or APEX listener/host OS)
<li>Browser(s) and version(s) used
<li>Theme
<li>Template(s)
<li>Region/item type(s) (making particular distinction as to whether a "report" is a standard report, an interactive report, or in fact an "updateable report" (i.e. a tabular form)
And always post code wrapped in <tt>\...\</tt> tags, as described in the FAQ.
Thanks

Web Service Security with SAML - Invalid XML signature

Hello together,
we want to build a scenario where we want to use Web Service Security with SAML.
The scenario will be
WS Client (Java Application) -> WS Adapter -> Integration Engine -> WS Adapter-> CRM (Web AS ABAP 7.01 SP 3)
SAP PI release is 7.11 (SP Level 4)
We want to use the SAML Authentification from WS Client to PI and from PI to Web AS ABAP.
The SAML authentifications between the WS Client and PI works when there is no SAML auth between PI and CRM.
But we get following error at calling the CRM system when we want to communicate with SAML:
<E_TEXT>CX_WS_SECURITY_FAULT:Invalid XML signature</E_TEXT>
Has somebody an idea of the possible reason for the error.
Thanks in advance
Stefan

Error Messages in the Trace/Log Viewer:
CX_WS_SECURITY_FAULT : Invalid XML signature | program: CL_ST_CRYPTO==================CP include: CL_ST_CRYPTO==================CM00G line: 48
A SOAP Runtime Core Exception occurred in method CL_ST_CRYPTO==================CM00G of class CL_ST_CRYPTO==================CP at position id 48 with internal error id 1001 and error text CX_WS_SECURITY_FAULT:Invalid XML signature (fault location is 1 ).
Invalid XML signature

Problem in xml query

Hi
I am working on BLS and having problem in xml query.I want to perform some calculation over xml columns.Than total of this as a new column.I can do this part in logic editor itself but can i do these both task by XSLT.
Can be made our own XSLT for this ?
I am feeling kind of fear to xslt. Can anybody help me in this.
Thanks a lot in advance
thomas

Ram,
In xMII there is a list of predefined xslt transforms that do something similar to what you are explaining. The 3 that I think may be what you are looking for are
they are under Calculation Transformations and Subtotal Transformation take a look at these and tell me if they are doing what you want to accomplish. In the xMII help file do a search on Inline Transforms or navigate to Advanced Topics -> Inline Transforms -> Predefined Inline Transforms. In this section there are examples of how to use these transforms and apply them in the query templates. If this is not what you are looking for can you explain in a little more detail along with a simple example of how you want this transform to work. Also why do you want to use xslt if you can already accomplish this in BLS?
Regards,
Erik

Facing problem in xml schema xsd file registration

Hi,
i am facing problem in xml schema xsd file registration when
the number of column is more. It is showing persing error.
if i am deleting few column from xsd file . It is working otherwise
showing error. Is there any solution for that please suggest me.
The Error is
ORA-31011:XML parsing failed
ORA_19202: Error occurred in XML processing
LPX-00230 : (message vary time to time-like invalid tag ending etc.)
Regards
Manoranjan
and thanks in advance

Where is you XML coming from. Are you sure it's valid. If you are hard coding it as a SQL String constant are you hitting the 4k / 32K limit on the size of SQL / PL/SQL constant. Have you tried loading the content from a bfile..

Sap PI - XML signature

Hi Experts
We have to digitally Sign and Encrypt and Decrypt an XML file in PI7.11 system using soap adapter
To have an expert advise
can I use WSSE or Apache WSS4J or SAML or Apache axis soap adapter
My requirement is:
XML Documents shall be signed using XML signature and Use enveloped signatures
Support RSA signing in conformance with the algorithm indentified by sha1
Use exclusive canonicalization (with comment or without comments)
Will WSSE or Wss4j can support the above requirements...Please advise
Thanking you
Pooja

Hi ,
Thank you for your response...
I mean when you say java experts can do easily...yes we do have java experts who can develop a source code encrypt and sign the code and give it to us as an ear file
However I tried deploying EAR file on PI system my converting it into sda file ...no luck ..the file getting converted to ear file and i renamed and tried to deploy using jspm....no luck
As we cannot import the ear file directly to NWDS to deploy it on PI system ....what we are trying is to get the source code from Java developer and we are developing and EJB and Ear projects by replacing the source code
and later once deploy using adapter modules we can test it
My question is:
Can we configure WSSE on PI as per this link(/people/rajendra.badi/blog/2011/08/24/configuring-wsse-digital-signing-and-encryption-using-sap-pi-711-aae-soap-adapter) and try
Signing and Enc/Dec
or
How to configure and use Apache wss4j and Apache axis soap adapter...can you please forward me some documents on it
Thanking you
Pooja

Problem for xml generation using DBMS_XMLGEN

Hi All,
i have problem during xml generation using Any help would be highly appreciate
how could we publish xml data using data base API DBMS_XMLGEN in oracle applications (APPS) i.e. at 'View Output" using
Any help would be highly appreciate.
Let me know if need more explanation, this is High priority for me.
Thanks and Regards,
[email protected]
Message was edited by:
user553699

You can set the null attribute to true , so that the tag appears in your XML
see the statement in Bold.
DECLARE
queryCtx dbms_xmlquery.ctxType;
result CLOB;
BEGIN
-- set up the query context
queryCtx := dbms_xmlquery.newContext(
'SELECT empno "EMP_NO"
, ename "NAME"
, deptno "DEPT_NO"
, comm "COMM"
FROM scott.emp
WHERE deptno = :DEPTNO'
dbms_xmlquery.setRowTag(
queryCtx
, 'EMP'
dbms_xmlquery.setRowSetTag(
queryCtx
, 'EMPSET'
DBMS_XMLQUERY.useNullAttributeIndicator(queryCtx,true);
dbms_xmlquery.setBindValue(
queryCtx
, 'DEPTNO'
, 30
result := dbms_xmlquery.getXml(queryCtx);
insert into clobtable values(result);commit;
dbms_xmlquery.closeContext(queryCtx);
END;
select * from clobtable
<?xml version = '1.0'?>
<EMPSET>
<EMP num="1">
<EMP_NO>7499</EMP_NO>
<NAME>ALLEN</NAME>
<DEPT_NO>30</DEPT_NO>
<COMM>300</COMM>
</EMP>
<EMP num="2">
<EMP_NO>7521</EMP_NO>
<NAME>WARD</NAME>
<DEPT_NO>30</DEPT_NO>
<COMM>500</COMM>
</EMP>
<EMP num="3">
<EMP_NO>7654</EMP_NO>
<NAME>MARTIN</NAME>
<DEPT_NO>30</DEPT_NO>
<COMM>1400</COMM>
</EMP>
<EMP num="4">
<EMP_NO>7698</EMP_NO>
<NAME>BLAKE</NAME>
<DEPT_NO>30</DEPT_NO>
<COMM NULL="YES"/>
</EMP>
<EMP num="5">
<EMP_NO>7844</EMP_NO>
<NAME>TURNER</NAME>
<DEPT_NO>30</DEPT_NO>
<COMM>0</COMM>
</EMP>
<EMP num="6">
<EMP_NO>7900</EMP_NO>
<NAME>JAMES</NAME>
<DEPT_NO>30</DEPT_NO>
<COMM NULL="YES"/>
</EMP>
</EMPSET>
http://sqltech.cl/doc/oracle9i/appdev.901/a89852/d_xmlque.htm

Problem in XML Signature

Similar Messages

Maybe you are looking for