Xml signature is invalidated on adding a c14n exclusive transform

Question

This is my code to generate xml signature :

DOMSignContext dsc = new DOMSignContext
  (prk, xmldoc.getDocumentElement());

XMLSignatureFactory fac = 
  XMLSignatureFactory.getInstance("DOM");   

  DigestMethod digestMethod = 
      fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null);
  C14NMethodParameterSpec spec = null;
  CanonicalizationMethod cm = fac.newCanonicalizationMethod(
      "http://www.w3.org/2001/10/xml-exc-c14n#",spec);
  SignatureMethod sm = fac.newSignatureMethod( 
      "http://www.w3.org/2000/09/xmldsig#rsa-sha1",null);
  ArrayList transformList = new ArrayList();
  TransformParameterSpec transformSpec = null;
  Transform envTransform =   fac.newTransform("http://www.w3.org/2000/09/xmldsig#enveloped-signature",transformSpec);
  Transform exc14nTransform = fac.newTransform(
      "http://www.w3.org/2001/10/xml-exc-c14n#",transformSpec);
transformList.add(exc14nTransform); 
transformList.add(envTransform);

 Reference ref = fac.newReference("",digestMethod,transformList,null,null);
 ArrayList refList = new ArrayList();
 refList.add(ref);
 SignedInfo si =fac.newSignedInfo(cm,sm,refList);

This gives a reference validation as false and also core validity as false. But when I remove envTrasnform variable i.e fac.new Transform("http://www.w3.org/2001/10/xml-exc-c14n#",transformSpec) and execute with the following code :

DOMSignContext dsc = new DOMSignContext
  (prk, xmldoc.getDocumentElement());

XMLSignatureFactory fac = 
  XMLSignatureFactory.getInstance("DOM");   

  DigestMethod digestMethod = 
      fac.newDigestMethod("http://www.w3.org/2000/09/xmldsig#sha1", null);
  C14NMethodParameterSpec spec = null;
  CanonicalizationMethod cm = fac.newCanonicalizationMethod(
      "http://www.w3.org/2001/10/xml-exc-c14n#",spec);
  SignatureMethod sm = fac.newSignatureMethod( 
      "http://www.w3.org/2000/09/xmldsig#rsa-sha1",null);
  ArrayList transformList = new ArrayList();
  TransformParameterSpec transformSpec = null;
  Transform envTransform = fac.newTransform(
      "http://www.w3.org/2000/09/xmldsig#enveloped-signature",transformSpec);
 transformList.add(envTransform);
 Reference ref = fac.newReference("",digestMethod,transformList,null,null);
 ArrayList refList = new ArrayList();
 refList.add(ref);
 SignedInfo si =fac.newSignedInfo(cm,sm,refList);

This gives the core validity and the reference validity as true. Why is this happening. I got this code form this link(code fragment 2 in creating enveloped signature section).

score 7 · Accepted Answer · answered May 22 '12 at 10:18

Actually the c14n transformation should be performed after the enveloped signature transform. It should be canonicalized after the extracting the document to be signed(the document currently contains the signature element as well. So it has to be separated before canonicalizing the actual part to be signed). The order should be this way :

transformList.add(envTransform);
 transformList.add(exc14nTransform);

Xml signature is invalidated on adding a c14n exclusive transform

1 Answers1