I am trying to sign an XML envelope using this guide. I did the following edits:
Changed the way the pk was loaded
KeyStore.PrivateKeyEntry keyEntry = (KeyStore.PrivateKeyEntry) ks.getEntry("1", new KeyStore.PasswordProtection("my_password".toCharArray()));
PrivateKey privateKey = keyEntry.getPrivateKey();
Removed the attachment.
//sig.addDocument("/home/asd/NetBeansProjects/Coso/resources/attachment.xml", transforms, Constants.ALGO_ID_DIGEST_SHA1);
Adjusted passwords / keystores
Set an id for the signature
sig.addDocument("#id14", transforms, Constants.ALGO_ID_DIGEST_SHA1);
The reason for the last edit was that the Signature had no reference to the content being signed and the service returned Incorrect reference digest value.
The problem is that all these edits cause an com.sun.org.apache.xml.internal.security.signature.XMLSignatureException: Cannot resolve element with ID id14 even if the XML body contains the "Id" attribute.
Upon deeper inspection it turns out that this might be related to a change in the JVM, and thus requiring to explicitly indicate that a certain attribute should be treated as ID, as mentioned on several places on the Internet.
I have tried adding these lines to my code:
element.setAttributeNS(null, "Id", "id14");
Attr idAttr = element.getAttributeNode("Id");
element.setIdAttributeNode(idAttr, true);
This causes the code to run successfully. The problem is that the SOAP service returns Incorrect reference digest value. I am guessing that this has to do with the fact that the result XML has its root node identified by "Id=id14". Manually adjusting the XML (removing the ID attribute on the soap:Envelope tag) ends up with a Hash values do not match. error.
So the question is, how can I work around the cannot resolve error while also referencing the appropriate element within the SignedInfo tag?
Thanks!
No comments:
Post a Comment