Problem verifying xml signature

Similar Messages

• Problem in XML Signature

  Hi,
  i get an Exception in Registering mechanism for XML Signature factory
  it says.
  javax.xml.crypto.NoSuchMechanismException : Cannot find DOM Mechanism type
  I use J2sdk1.4.2_05 with JWSDP 1.4
  Following is the code do let me know where i go wrong.
  import javax.xml.parsers.DocumentBuilderFactory;
  import javax.xml.parsers.DocumentBuilder;
  import org.w3c.dom.Document;
  import javax.xml.crypto.dsig.XMLSignatureFactory;
  import javax.xml.crypto.dsig.dom.DOMSignContext;
  import javax.xml.crypto.dsig.XMLSignatureFactory;
  import javax.xml.crypto.dsig.Reference;
  import javax.xml.crypto.dsig.SignedInfo;
  import javax.xml.crypto.dsig.XMLSignature;
  import javax.xml.crypto.dsig.CanonicalizationMethod;
  import javax.xml.crypto.dsig.Transform;
  import javax.xml.crypto.dsig.DigestMethod;
  import javax.xml.crypto.dsig.SignatureMethod;
  import javax.xml.crypto.*;
  import javax.xml.crypto.dsig.*;
  import javax.xml.crypto.dom.*;
  import java.security.Provider;
  import javax.xml.crypto.dsig.keyinfo.KeyInfo;
  import javax.xml.crypto.dsig.keyinfo.KeyValue;
  import java.security.KeyPairGenerator;
  import java.security.KeyPair;
  import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
  import java.io.FileInputStream;
  import java.util.Collections;
  //author Palani V. Rajan
  // SafeScrypt Ltd
  class XMLSign
  XMLSign(){}
  /*XMLSign(String inputFile)
  public void signTheMarkup(String inputFilePath)
  Document domDoc;
  try{
  System.out.println("Creating DOM");
  DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
  dbf.setNamespaceAware(true);
  DocumentBuilder db = dbf.newDocumentBuilder();
  domDoc = db.parse(new FileInputStream(inputFilePath));
  System.out.println("Generating Key's.....");
  KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
  kpg.initialize(1024);
  KeyPair kp = kpg.generateKeyPair();
  DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), domDoc.getDocumentElement());
  String providerName = System.getProperty("jsr105Provider", "org.jcp.xml.dsig.internal.dom.XMLDSigRI");
  System.out.println("Creating xml sign.....");
  System.out.println("Provider Name "+providerName);
  XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",(Provider) Class.forName(providerName).newInstance());
  System.out.println("T 1");
  Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null),Collections.singletonList(fac.newTransform(Transform.ENVELOPED, null)),null, null);
  System.out.println("T 2");
  SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, null),fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),Collections.singletonList(ref));
  System.out.println("T 4");
  KeyInfoFactory kif = fac.getKeyInfoFactory();
  KeyValue kv = kif.newKeyValue(kp.getPublic());
  KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
  System.out.println("T 5");
  XMLSignature signature = fac.newXMLSignature(si, ki);
  signature.sign(dsc);
  }catch(Exception e){e.printStackTrace();}
  public static void main(String[] q)
  System.out.println("Creating XML Signatures.....");
  XMLSign xs = new XMLSign();
  xs.signTheMarkup(q[0]);
  Thnx in Advance
  Vinodh

  I have encountered the same problem. I am using Jbuilder 5 with JDK 1.3.0. I copied all the JAR files of jwsdp-1.5 by creating a custom library.
  Even then It didnt work. Can some one who has resolved this please help.
  I have tried running the same code in JDeveloper 10g (10.1.2) and got a same error.
  Regards,
  Srinivas.

• Problem with XML signature

  Can anybody tell me how to generate an xml signature
  with the base 64 transform(Transform.BASE64)?
  I just can't find any documentation on the web.
  It would be great to provide a small code exemple.
  Thanks
  Antoine

  Thanks for the reply.
  I'm applying appropriate namespaces to the generated xml string. Could it be the probelem?
  this is how the generated xml looks in final stage, I mean after I'm doing some rework on the generated xml.
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#PAYMENTS"><Transforms><Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>IXgHx5ioixsJ13jyg767D8UCU9s=</DigestValue></Reference></SignedInfo><SignatureValue>DO+Fngf3h0Q5iDoMq2mZFL+bxL3vY1i1fyqzBbKRPhHlzqWrW2wP3SFHjVzPLXdj92W8hMx9I8Jq
  QBV/D+pUKa32aZB7kPwOGZqR63X+d6Hca58jnTK7+zq8Fzi2DPlE+omQhgT3xeXp/lQpKI8vAgVT
  eX+eylRYTAZDSfDw7qk=</SignatureValue><Object Id="PAYMENTS"><PAYMENTS xmlns=""><Payment><PaymentIdA></PaymentIdA><PaymentIdB>aa</PaymentIdB><SrcBank>bb</SrcBank><SrcAccount>cc</SrcAccount><PayerId>dd</PayerId><PayerName>Dato</PayerName><TaxPayerId>00022023</TaxPayerId><TaxPayerName></TaxPayerName><ReceiverName>mof</ReceiverName><AdditinalInfo>racxa</AdditinalInfo><Amount>521</Amount><TreasuryCode>hello</TreasuryCode><PaymentTime>hi</PaymentTime><PaymentChannel>ib</PaymentChannel></Payment></PAYMENTS></Object></Signature>

• XML signature

  Hi All,
                 In one of our interfaces, we are implementing digital signature. We are creating a signature based on the four of all input fields. We are able to sign and sent the message successfully to the target system (Third party system). We are communicating with the target system via webservice and are using SOAP adapter at the receiver side. It's a party communication.
               But the Third party is unable to verify the signature. I need help from you guys in confirming, whether the digital signatures generated using SAP standards conform to open standards and can be verified by any 3rd party system?
  Note:  We are using SHA algorithm for creating the digital signatures.
  Regards,
  Vishnu.

  Hi Vishnu,
  With XML signatures, the entire XML document becomes case-sensitive.
  Also, extra spaces, between node names might pose to be a problem as well.
  Ensure that the xml message you are sending out, and the message expected by the third party system match in case, and format.
  Would you be able to post the error here?
  Regards,
  Smitha.

• Architectural Difference Effect on Signing/Verifying XML Document

  Hi all,
  I am using Apache Santuario for signing XML.
  1. I have a Windows Server 2008 64 Bit, which is using JAVA 7 32 bit JVM. Let's say my signed document is Signed_A. On Windows Server 2008 I am signing the document but the verification fails for Signed_A.
  2. Same application is being run on Windows 7 32 bit with the same JVM version. And the document is Signed_B on this machine. I am signing the document and verifying it without a problem.
  3. If I move the document Signed_B (which I could sign & verify on Windows 7) to Windows 2008 Server, using the same application I can verify the document. So, my spider senses tell me that, there is a problem with signing.
  4. Again if I move the document Signed_A to Windows 7 machine, I could not verify the signature.
  I don't know whether the situation is occur because of the difference of processors on machines. But if you have anything that can help me please let me know. Anything could be helpful for now because I'm stuck in here.
  Please feel free to ask if you need further explanations. I am not providing any code, because I am suspecting a configuration issue here.
  Thanks in advance.

  Hi,
  Can you tell me about your project on short notes. For information.
  Regards
  R.Rajendran

• XSLT Transform in XML Signature: Exception

  Hello,
  I have following problem with an XSLT tranform in my XML signature. Here is the code I use to add XSLT to signature:
  main() {
  DOMStructure stylesheet = new DOMStructure( getStylesheet() );
  XSLTTransformParameterSpec spec = new XSLTTransformParameterSpec( stylesheet );
  transforms.add( fac.newTransform( Transform.XSLT, spec ) );
  private Element getStylesheet() throws Exception {
       String stylesheet = //"<?xml version=\"1.0\"?>" +
                      "<xslt:stylesheet version=\"1.0\" xmlns:xslt=\"http://www.w3.org/1999/XSL/Transform\">\n" +
                      " <xsl:include href=\"http://extern XSLT\" />\n" +
                      " <xslt:template match=\"/\">" +
                      " <xsl:apply-imports />" +
                      " </xslt:template>" +
                      "</xslt:stylesheet>\n";
       DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
       //dbf.setValidating( true );
       return dbf.newDocumentBuilder().parse( new ByteArrayInputStream( stylesheet.getBytes() ) ).getDocumentElement();
  I get following exception:
  javax.xml.crypto.dsig.XMLSignatureException: javax.xml.crypto.dsig.TransformException: com.sun.org.apache.xml.internal.security.transforms.TransformationException: Cannot find xslt:stylesheet in Transform
  Original Exception was com.sun.org.apache.xml.internal.security.transforms.TransformationException: Cannot find xslt:stylesheet in Transform
       at org.jcp.xml.dsig.internal.dom.DOMReference.transform(Unknown Source)
       at org.jcp.xml.dsig.internal.dom.DOMReference.digest(Unknown Source)
       at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference(Unknown Source)
       at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(Unknown Source)
  In google I cannot find any details what can be wrong.
  Any suggestions?
  Thanks in advance,
  errno

  Thanks for your response. Sorry - I tried both versions with xslt and xsl - doesn't worked -> the error in my post is actually caused through the multiple changes of this part of code. Here once again:
  private Element getStylesheet() throws Exception {
            String stylesheet = //"<?xml version=\"1.0\"?>" +
                                     "<xslt:stylesheet version=\"1.0\" xmlns:xslt=\"http://www.w3.org/1999/XSL/Transform\">\n" +
                                     " <xslt:include href=\"external XSLTl\" />\n" +
                                     " <xslt:template match=\"/\">" +
                                     " <xslt:apply-imports />" +
                                     " </xslt:template>" +
                                     "</xslt:stylesheet>\n";
            DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
            //dbf.setValidating( true );
            return dbf.newDocumentBuilder().parse( new ByteArrayInputStream( stylesheet.getBytes() ) ).getDocumentElement();
  Thanks,
  errno

• Failed to verify Authenticode signature on DLL msxmlsql.dll

  Hello, I got this error message. The server is experiencing issue of service broker suddenly stopping, so we are ruling out all errors at this point. Server is setup with HADR.
  Win Server 2008 R2 Ent SP1
  SQL 2012 11.0.3349 Ent
  Log Name:      Application
  Source:        MSSQL$SQL01
  Date:          4/18/2013 7:17:26 AM
  Event ID:      33081
  Task Category: Server
  Level:         Information
  Keywords:      Classic
  User:          N/A
  Computer:      SQL01.xxxxxx.xxx
  Description:
  Failed to verify Authenticode signature on DLL 'C:\Program Files\Microsoft SQL Server\MSSQL11.SQL01\MSSQL\Binn\msxmlsql.dll'.
  Event Xml:
  <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
      <Provider Name="MSSQL$SQL01" />
      <EventID Qualifiers="16384">33081</EventID>
      <Level>4</Level>
      <Task>2</Task>
      <Keywords>0x80000000000000</Keywords>
      <TimeCreated SystemTime="2013-04-18T11:17:26.000000000Z" />
      <EventRecordID>28935</EventRecordID>
      <Channel>Application</Channel>
      <Computer>SQL01.xxxxxx.xxx</Computer>
      <Security />
    </System>
    <EventData>
      <Data>C:\Program Files\Microsoft SQL Server\MSSQL11.SQL01\MSSQL\Binn\msxmlsql.dll</Data>
      <Binary>398100000A0000000F000000500052004F004400530051004C0031005C0043004F00530051004C000000040000004F006E0065000000</Binary>
    </EventData>
  </Event>
  Thanks.

  Hi ASR,
  Have you found C:\Program Files\Microsoft SQL Server\MSSQL11.SQL01\MSSQL\Binn\msxmlsql.dll? I think msxmlsql.dll is in the C:\Program Files\Microsoft SQL Server\110\Shared. Please check it. You could try to Copying msxmlsql.dll to the Binn folder to see
  if it would be OK.
  Or you could try to repair the SQL Server through SQL Server Installation Center.
  Thanks.
  If you have any feedback on our support, please click
  here.
  Maggie Luo
  TechNet Community Support

• XML Signature ignoring tag

  Hello
  I have a java class that  signs XML documents using the sap class com.sap.engine.lib.xml.signature.generator.SignatureGenerator.
  The problem is that is ignores the tag <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">, if the document to be signed have a Signature included.
  For example, the xml structured to be signed is:
  <MainTag>
     <Xml1>
         <Xml1Info/>
        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        </Signature>   
    </Xml1>
  </MainTag>
  The result should be:
  <MainTag>
     <Xml1>
         <Xml1Info/>
        <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
        </Signature>   
    </Xml1>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
  </Signature>   
  </MainTag>
  The problem is that the generated signature is the same if we sign using this source xml:
  <MainTag>
     <Xml1>
         <Xml1Info/>
    </Xml1>
  </MainTag>
  Its completelly ignoring the tag Signature.
  Does anyone have faced this problem?
  I have another question, where I can find the Sap Javadoc for com.sap.engine.lib.xml.signature.generator.SignatureGenerator ?
  Thanks

  HI Vitor,
  I have the same problem.. I am also trying to generate digital signature of an XML  document. I dont know whether there is an api which can do it for me.
  If you have solved it, Can you please share a simple code snippet with me ?
  Regards
  Jony Khatri

• Verify digital signature  mobile 5.0

  i have a jad file d2link and i get this error msg [unable to verify digital signature ] can any one help its on a 8525 phone with wm5 on it with the java program 6.1 i have downloaded opera it seem to work fine plus the golf tracker and gmail and them seem to work fine or is there any way to bypass this or add something to make it work
  Message was edited by:
  [email protected]

  Hi, I was wondering if you solved already the digital signature verifying error on the MDA.
  I am also trying to install something on my MDA and I get the error message "Unable to verify the digital signature"!
  I am desperate because I really dont know where the problem is!!!
  I would really appreciate if you could give me any hint!
  Thank you so much in advance.
  Clara Fdz

• Verify SHA1withRSA signature

  I have to verify the signature of files, the signature is included in an XML file generated throw C# .Net.
  The public key is also extracted from the XML file. Every time I want to verify a file it returns false, I'd like to know if my code is correct or not :
  Certificate cer = null;
  XMLCertificateExtraction extractor = XMLCertificateExtraction.getInstance( luxtrust.Configuration.getInstance(args) );
  String str = "d:\\projet_LUX_TRUST\\svn\\luxtrust.trunk
  full_middleware_packages.xml";
  cer = extractor.extractFromID( str );
  else try{
              /* input the signature bytes */*
  *            String __signature = "wIeY0g1MdbFDVsEjqfK2YGsvRfVgtofcvwmzQP6l8ZCMuud0t95GmywqT5BTPVrRWkbwzp7GzJIkaD9u629XQfz4i2q+Hfmmn8+cj+zwvXWCfG9Y+l/dL9lwcFwr6pfpnFsSucrxZTKKDA11vNerMtP7P5wC5XMyhMtI48MDBm09tsaNntr1LeJkH9FRXSbGzqStv7MAnBYQLYYPT83PBs0rnu1Kz0LRUJhxEe5EfmXeUMtkeaChzdgJCkr/eueOH/Gt1pdtOU8kl96cJSE4bmQfO+1r8uXgOpenzrw3yvMTSHqlVEIg9uttZN/QNHPpylQYpEwax2sfZN7Okxe4IA==";*
  *            /* create a Signature object and initialize it with the public key */
              Signature sig = Signature.getInstance("SHA1withRSA");
              sig.initVerify(cer.getPublicKey());
              FileInputStream datafis = new FileInputStream(args[0]);
              BufferedInputStream bufin = new BufferedInputStream(datafis);
              byte[] buffer = new byte[1024];
              int len;
              while (bufin.available() != 0) {
                  len = bufin.read(buffer);
                  sig.update(buffer, 0, len);
              bufin.close();
              boolean verifies = sig.verify(__signature.getBytes());
              System.out.println("signature verifies: " + verifies);

  I still didn't achieve the signature verification.
  I had a doubt about the signature validity so I've done the following steps.
  I took my pkcs#12 file, I used openssl to retrieve the private key, I than generated a certificate and a public key.
  I've signed a binary file using the generated private key , and than went to java and tried to verify the signature without sucess.
  While :
  $ openssl dgst -sha1 -verify x509lx.crt.pub -signature signature.sig install_sdc.exe
  Verified OKI used this code to verify the signature against the openssl generated siganture:
  File pubKeyFile = new File(
                      "D:\\projet_LUX_TRUST\\svn\\luxtrust.trunk\\keys\\openssl\\x509lx.crt");
            File sigFile = new File(
                      "D:\\projet_LUX_TRUST\\svn\\luxtrust.trunk\\keys\\openssl\\signature.sig");
            File fileToSign = new File(
                      "D:\\projet_LUX_TRUST\\svn\\luxtrust.trunk\\install_sdc.exe");
            java.security.cert.Certificate certLX = importCertificate(pubKeyFile);
            Signature rsa = Signature.getInstance("SHA1withRSA");
            /* Initializing signature verification */
            rsa.initVerify(certLX.getPublicKey());
            FileInputStream datafis = new FileInputStream(fileToSign);
            BufferedInputStream bufin = new BufferedInputStream(datafis);
            byte[] buffer = new byte[1024];
            int len = 0;
            while (bufin.read(buffer) != -1) {
                 rsa.update(buffer, 0, len);
            bufin.close();
            boolean verifies = rsa.verify(getBytesFromFile(sigFile));
            System.out.println("2..signature = " + getBytesFromFile(sigFile));
            System.out.println("2..signature verifies: " + verifies);
            return true;
  public static java.security.cert.Certificate importCertificate(File file) {
            try {
                 FileInputStream is = new FileInputStream(file);
                 CertificateFactory cf = CertificateFactory.getInstance("X.509");
                 java.security.cert.Certificate cert = cf.generateCertificate(is);
                 return cert;
            } catch (CertificateException e) {
            } catch (IOException e) {
            return null;
  private static byte[] getBytesFromFile(File file) throws IOException {
          InputStream is = new FileInputStream(file);
          System.out.println("\nDEBUG: FileInputStream is " + file);
          // Get the size of the file
          long length = file.length();
          System.out.println("DEBUG: Length of " + file + " is " + length + "\n");
           * You cannot create an array using a long type. It needs to be an int
           * type. Before converting to an int type, check to ensure that file is
           * not loarger than Integer.MAX_VALUE;
          if (length > Integer.MAX_VALUE) {
              System.out.println("File is too large to process");
              return null;
          // Create the byte array to hold the data
          byte[] bytes = new byte[(int)length];
          // Read in the bytes
          int offset = 0;
          int numRead = 0;
          while ( (offset < bytes.length)
                  ( (numRead=is.read(bytes, offset, bytes.length-offset)) >= 0) ) {
              offset += numRead;
          // Ensure all the bytes have been read in
          if (offset < bytes.length) {
              throw new IOException("Could not completely read file " + file.getName());
          is.close();
          return bytes;
      }What's wrong in my code or in my comprehension of RSA SHA1 usage ?

• Problem signing XML when applying XPATH2 filer

  I have a problem when applying XPATH2 filter to a XML Signature, because it inserts the namespaces from the main XML node to all descendants. I'm doing this:
  1. XMLSignatureFactory fac = XMLSignatureFactory.getInstance(AppConstants.DOM);
  2. XPathType tipoFiltro = new XPathType("//mainNode", Filter.INTERSECT);
       3. ArrayList<XPathType> lista = new ArrayList<XPathType>();
       4. lista.add(tipoFiltro);
       5. XPathFilter2ParameterSpec listaXPath = new XPathFilter2ParameterSpec(lista);
       6. Transform filtro = fac.newTransform(Transform.XPATH2, listaXPath);
       7. Transform enveloped = fac.newTransform(Transform.ENVELOPED,(TransformParameterSpec) null);
       8. ArrayList<Transform> listaTransformadas = new ArrayList<Transform>();
       9. listaTransformadas.add(filtro); //If comented, no problem
       10. listaTransformadas.add(enveloped);
       11. ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), listaTransformadas,null,null);     
       12. SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
       ... more code (KeyInfo,...)
       13. DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
       14. XMLSignature signature = fac.newXMLSignature(si, ki);
       15. signature.sign(dsc);
       If I do the same without XPATH2 filter (Line 9 commented), it doesn't insert the namespaces in any node (they're only in the main node). The objetive of applying this xpath2 filter is to exclude XSLT reference (<?xml-stylesheet type="text/xsl" href=".\xsl\myTemplate.xsl"?>) from the signature.
       How can I avoid this situation? Is there another method for signing XML documents that allows this? Is there another way to exclude XLST reference that doesn't insert namespaces in all nodes?

  I have a problem when applying XPATH2 filter to a XML Signature, because it inserts the namespaces from the main XML node to all descendants. I'm doing this:
  1. XMLSignatureFactory fac = XMLSignatureFactory.getInstance(AppConstants.DOM);
  2. XPathType tipoFiltro = new XPathType("//mainNode", Filter.INTERSECT);
       3. ArrayList<XPathType> lista = new ArrayList<XPathType>();
       4. lista.add(tipoFiltro);
       5. XPathFilter2ParameterSpec listaXPath = new XPathFilter2ParameterSpec(lista);
       6. Transform filtro = fac.newTransform(Transform.XPATH2, listaXPath);
       7. Transform enveloped = fac.newTransform(Transform.ENVELOPED,(TransformParameterSpec) null);
       8. ArrayList<Transform> listaTransformadas = new ArrayList<Transform>();
       9. listaTransformadas.add(filtro); //If comented, no problem
       10. listaTransformadas.add(enveloped);
       11. ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), listaTransformadas,null,null);     
       12. SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
       ... more code (KeyInfo,...)
       13. DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
       14. XMLSignature signature = fac.newXMLSignature(si, ki);
       15. signature.sign(dsc);
       If I do the same without XPATH2 filter (Line 9 commented), it doesn't insert the namespaces in any node (they're only in the main node). The objetive of applying this xpath2 filter is to exclude XSLT reference (<?xml-stylesheet type="text/xsl" href=".\xsl\myTemplate.xsl"?>) from the signature.
       How can I avoid this situation? Is there another method for signing XML documents that allows this? Is there another way to exclude XLST reference that doesn't insert namespaces in all nodes?

• Generating XML signature with prefix dsig ?

  Hi everyone,
  I'm facing a problem generating a signature of XML document. I'm using Jwsdp and the apache toolkit. So far, I can generate the signature of this form :
  <Signature>
  <SignedInfo> .....
  I would like to generate the signature like this :
  <dsig:Signature>
  <dsig:SignedInfo> ....
  The API doesn't specify how to add the prefix dsig befor tags element ...
  It's very important for me to solve the problem, so any help would be really really appreciated :-)
  Thanks a lot.

  There is a method in DOMSignContext to do that:
  // org.w3c.dom.Document doc;
  DOMSignContext dsc = new DOMSignContext(privateKey, doc.getDocumentElement());
  dsc.putNamespacePrefix(XMLSignature.XMLNS, "dsig");  // or "ds" which is my case

• MTOM combined with WS-Security (XML signature)

  I'm testing the support of MTOM together with WS-Security (XML-DSIG) on OEG. When verifying the XML signature I noticed I had to add the "Insert MTOM attachments"-filter first. Is this the right way? Shouldn't the signature verification do this transparently?
  My other question is how OEG handles the attachments? Does it page them to disk? What happens if my attachments are very large? With the default setup of OEG I encountered out-of-memory issues with attachments above 200MB
  Edited by: wsalembi on Sep 22, 2011 12:45 AM

  If you just sign the <xop:Include> element, you are effectively only signing the reference to the attachment, i.e. the value of the href attribute. This will only prevent someone changing the href to point to a different attachment.
  If you in-line the base64 encoded contents of the attachment into the XML message and only sign the base64 encoded string, you are only preventing anyone from changing the contents of the attachment.
  You are not stopping somebody from changing what the <xop:Include> href attribute points to.
  So I think there is value in signing BOTH the contents AND the <xop:Include> element so that:
  - The integrity of the contents of the attachment is ensured, and
  - The integrity of the reference to the attachment in the <xop:Include> element is ensured.
  Interestingly, the XOP spec acknowledges this issue in Section 6.1:
  http://www.w3.org/TR/xop10/#package_integrity
  6.1 XOP Package Integrity
  The integrity of Infosets optimized using XOP may need to be ensured. As XOP packages can be transformed to recover such Infosets (see 3.2 Interpreting XOP Packages), existing XML Digital Signature techniques can be used to protect them. Note, however, that a signature over the Infoset does not necessarily protect against modifications of other aspects of the XOP packaging; for example, an Infoset signature check might not protect against re-ordering of non-root parts.
  In the future a transform algorithm for use with XML Signature could provide a more efficient processing model where the raw octets are digested directly.
  In OEG, it would be possible to use 2 XML Signature Validation filters with an Insert MTOM Attachment filter to validate both signatures.
  The flow in the policy would be as follows:
  1. 1st XML Signature Filter :- Validate the Signature over the <xop:Include> element
  2. Insert MTOM Attachment Filter :- Inline the base64 encoded contents of the attachment
  3. 2nd XML Signature Filter :- Validate the Signature over the element now containing the in-lined base64 encoded data.
  This policy would ensure the integrity of the attachment contents AND the reference to this attachment in the <xop:Include> element.

• Problem with XML on Linux

  hi everybody,
  I've a big problem with XML on Linux, in details I see my program stopping on Linux at the instruction
  XMLReader xr = XMLReaderFactory.createXMLReader("org.apache.crimson.parser.XMLReaderImpl");
  and it's strange because on Windows it runs and there aren't problems about permissions on files, does anyone knows what to do?
  thanks in advance!
  Stefano

  What happens on that line? I'm assuming you get some kind of error or exception.
  Make sure the JAR file for Crimson is in your classpath.

• Problem with XML in APEX ORA-06502

  i, I have a problem with XML generation, I developed an application in APEX, and in a html page I have this process:
  declare
  l_XML varchar2(32767);
  begin
  select xmlElement
  "iva",
  xmlElement("numeroRuc",J.RUC),
  xmlElement("razonSocial", J.RAZON_SOCIAL),
  xmlElement("idRepre", J.ID_REPRE),
  xmlElement("rucContador", J.RUC_CONTADOR),
  xmlElement("anio", J.ANIO),
  xmlElement("mes", J.MES),
  xmlElement
  "compras",
  select xmlAgg
  xmlElement
  "detalleCompra",
  --xmlAttributes(K.ID_COMPRA as "COMPRA"),
  xmlForest
  K.COD_SUSTENTO as "codSustento",
  K.TPLD_PROV as "tpldProv",
  K.ID_PROV as "idProv",
  K.TIPO_COMPROBANTE as "tipoComprobante",
  to_char(K.FECHA_REGISTRO, 'DD/MM/YYYY') as "fechaRegistro",
  K.ESTABLECIMIENTO as "establecimiento",
  K.PUNTO_EMISION as "puntoEmision",
  K.SECUENCIAL as "secuencial",
  to_char(K.FECHA_EMISION, 'DD/MM/YYYY') as "fechaEmision",
  K.AUTORIZACION as "autorizacion",
  to_char(K.BASE_NO_GRA_IVA, 9999999999.99) as "baseNoGraIva",
  to_char(K.BASE_IMPONIBLE, 9999999999.99) as "baseImponible",
  to_char(K.BASE_IMP_GRAV, 9999999999.99) as "baseImpGrav",
  to_char(K.MONTO_ICE, 9999999999.99) as "montoIce",
  to_char(K.MONTO_IVA, 9999999999.99) as "montoIva",
  to_char(K.VALOR_RET_BIENES, 9999999999.99) as "valorRetBienes",
  to_char(K.VALOR_RET_SERVICIOS, 9999999999.99) as "valorRetServicios",
  to_char(K.VALOR_RET_SERV_100, 9999999999.99) as "valorRetServ100"
  xmlElement
  "air",
  select xmlAgg
  xmlElement
  "detalleAir",
  xmlForest
  P.COD_RET_AIR as "codRetAir",
  to_char(P.BASE_IMP_AIR, 9999999999.99) as "baseImpAir",
  to_char(P.PORCENTAJE_AIR, 999.99) as "porcentajeAir",
  to_char(P.VAL_RET_AIR, 9999999999.99) as "valRetAir"
  from ANEXO_COMPRAS P
  where P.ID_COMPRA = K.ID_COMPRA
  AND P.ID_INFORMANTE_XML = K.ID_INFORMANTE_XML
  xmlElement("estabRetencion1", K.ESTAB_RETENCION_1),
  xmlElement("ptoEmiRetencion1", K.PTO_EMI_RETENCION_1),
  xmlElement("secRetencion1", K.SEC_RETENCION_1),
  xmlElement("autRetencion1", K.AUT_RETENCION_1),
  xmlElement("fechaEmiRet1", to_char(K.FECHA_EMI_RET_1,'DD/MM/YYYY')),
  xmlElement("docModificado", K.DOC_MODIFICADO),
  xmlElement("estabModificado", K.ESTAB_MODIFICADO),
  xmlElement("ptoEmiModificado", K.PTO_EMI_MODIFICADO),
  xmlElement("secModificado", K.SEC_MODIFICADO),
  xmlElement("autModificado", K.AUT_MODIFICADO)
  from SRI_COMPRAS K
  WHERE K.ID IS NOT NULL
  AND K.ID_INFORMANTE_XML = J.ID_INFORMANTE
  AND K.ID BETWEEN 1 AND 25
  ).getClobVal()
  into l_XML
  from ANEXO_INFORMANTE J
  where J.ID_INFORMANTE =:P3_MES
  and J.RUC =:P3_ID_RUC
  and J.ANIO =:P3_ANIO
  and J.MES =:P3_MES;
  --HTML
  sys.owa_util.mime_header('text/xml',FALSE);
  sys.htp.p('Content-Length: ' || length(l_XML));
  sys.owa_util.http_header_close;
  sys.htp.print(l_XML);
  end;
  Now my table has more than 900 rows and only when I specifically selected 25 rows of the table "ANEXO_COMPRAS" in the where ( AND K.ID BETWEEN 1 AND 25) the XML is generated.+
  I think that the problem may be the data type declared "varchar2", but I was trying with the data type "CLOB" and the error is the same.+
  declare
  l_XML CLOB;
  begin
  --Oculta XML
  sys.htp.init;
  wwv_flow.g_page_text_generated := true;
  wwv_flow.g_unrecoverable_error := true;
  --select XML
  select xmlElement
  from SRI_COMPRAS K
  WHERE K.ID IS NOT NULL
  AND K.ID_INFORMANTE_XML = J.ID_INFORMANTE
  ).getClobVal()
  into l_XML
  from ANEXO_INFORMANTE J
  where J.ID_INFORMANTE =:P3_MES
  and J.RUC =:P3_ID_RUC
  and J.ANIO =:P3_ANIO
  and J.MES =:P3_MES;
  --HTML
  sys.owa_util.mime_header('text/xml',FALSE);
  sys.htp.p('Content-Length: ' || length(l_XML));
  sys.owa_util.http_header_close;
  sys.htp.print(l_XML);
  end;
  The error generated is ORA-06502: PL/SQL: numeric or value error+_
  Please I need your help. I don`t know how to resolve this problem, how to use the data type "CLOB" for the XML can be generate+

  JohannaCevallos07 wrote:
  Now my table has more than 900 rows and only when I specifically selected 25 rows of the table "ANEXO_COMPRAS" in the where ( AND K.ID BETWEEN 1 AND 25) the XML is generated.+
  I think that the problem may be the data type declared "varchar2", but I was trying with the data type "CLOB" and the error is the same.+
  The error generated is ORA-06502: PL/SQL: numeric or value error+_
  Please I need your help. I don`t know how to resolve this problem, how to use the data type "CLOB" for the XML can be generate+The likeliest explanation for this is that length of the XML exceeds 32K, which is the maximum size that <tt>htp.p</tt> can output. A CLOB can store much more than this, so it's necessary to buffer the output as shown in +{message:id=4497571}+
  Help us to help you. When you have a problem include as much relevant information as possible upfront. This should include:
  <li>Full APEX version
  <li>Full DB/version/edition/host OS
  <li>Web server architecture (EPG, OHS or APEX listener/host OS)
  <li>Browser(s) and version(s) used
  <li>Theme
  <li>Template(s)
  <li>Region/item type(s) (making particular distinction as to whether a "report" is a standard report, an interactive report, or in fact an "updateable report" (i.e. a tabular form)
  And always post code wrapped in <tt>\...\</tt> tags, as described in the FAQ.
  Thanks