Skip to Content
0
Dec 13, 2010 at 03:16 PM

Digital xml-signature (SsfDataXML) error

33 Views

Hi,

I'm developing av java mapping for PI, which should digitally sign an XML-document. I am able to fetch the certificate from keystore and also sign the xml, but now I want the signature to be placed in a specific location in the xml, not as the last child of the document. Whenever I try to name the headerSegment which should contain the signature no signature is created in the resulting file.

Can anyone see what's wrong?

I'm using the SsfDataXML's sign method, and the xml I'm reading in is valid XML.

Here's my code:

SsfDataXML soapHeader = null;
			try {
				//InputStream is = new ByteArrayInputStream(in.getInputPayload().getInputStream());
				soapHeader = new SsfDataXML(new ByteArrayInputStream(mailContent.getBytes()));
			} catch (Exception e) {
				System.out.println("Error while reading input file " + e);
				System.exit(1);
			}

// SsfRefXMLList 
			try {
				DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
				DocumentBuilder builder = factory.newDocumentBuilder();
				InputStream is = new ByteArrayInputStream(mailContent.getBytes());
				Document doc = builder.parse(is);
				doc.getDocumentElement().normalize();
				NodeList nodelist = doc.getElementsByTagName("SOAP:Envelope").item(0).getChildNodes();
				Node headerNode = nodelist.item(0);
				if(headerNode.getNodeType() == Node.ELEMENT_NODE) {
					Element headerElement = (Element) headerNode;
					SsfRefXMLList refXML = new SsfRefXMLList();
					SsfRefXMLInfo refInfo = new SsfRefXMLInfo();
					refInfo.digest = refInfo.DIGEST_SHA1;
					String trans[] = new String[1];
					trans[0] = refInfo.TRANS_C14N_WITH_COMMENTS;
					refInfo.trans = trans;
					if(refInfo.status == refInfo.STATUS_OK){
						System.err.println("refInfo OK");
					} else {
						System.err.println("refInfo feilet");
					}
					refXML.add(refInfo);
					
					try {
					res =
						soapHeader.sign(
								headerElement,
								refXML,
								profile,
								soapHeader.INC_CERT_NONE,
								false,
								false);
// the following actually works, but signature is added as last child in document. 					
/*res =
						soapHeader.sign(
								profile,
								ISsfData.ALG_SHA,
								ISsfData.INC_CERT_NONE,
								false);*/
					} catch (SsfInvalidKeyException e1) {
						System.out.println("Error while signing data (Invalid key) " + e1);
					} catch (SsfInvalidAlgException e2) {
						System.out.println("Error while signing data (Invalid Alg) " + e2);
					}
					System.out.println("Signing OK");
				}

			} catch (Exception e) {
				System.err.println("Creation of signature input failed " + e);
				System.exit(12345);
			}

			if (!res) {
				System.err.println("Creation of signature failed");
				System.exit(54321);
			}

Current setup is NWDS 7.1 SP11, JRE 1.5.0_22.

Thanks for all input!

Br,

Kenneth