Discussion:
XML Security with JDOM
JC Tchitchiama
2002-10-22 14:21:02 UTC
Permalink
All,

I am starting using the Apache XML security tool to sign an XML file.
I am have sucessfully run the signature example. That example
uses DOM technology and that's fine.
My requirement is to sign a JDOM document using xml apache.
My first thought was change the src_example and output a JDOM document into a
DOM
code snippet
...
DOMOutputter out = new DOMOutputter()
w3c.dom.Document doc = out.output(jdom.Document)
...

document and proceed with the signature. I keep getting the NPE below.
A collegue told me that they might be some issue in the JDOM serialization.
When I output the DOM document into a file using XMLSerializer
it works fine XMLSignature cannot handle that same document

Any ideas


Best Regards.

JC.



==================[CreateSignature] Root jett
Start signing
java.lang.NullPointerException
at org.apache.xml.security.c14n.helper.NonNSAttrCompare.compare(Unknown
Source)
at java.util.Arrays.mergeSort(Arrays.java:1181)
at java.util.Arrays.sort(Arrays.java:1128)
at java.util.Collections.sort(Collections.java:121)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.getAttrs(Unknown
Source) at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.canonicalizeXPathNodeSet(Unknown
Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.canonicalizeXPathNodeSet(Unknown
Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.engineCanonicalizeXPathNodeSet(Unknown
Source)at
org.apache.xml.security.transforms.implementations.TransformC14NWithComments.enginePerformTransform(Unknown
Source)at
org.apache.xml.security.transforms.Transform.performTransform(Unknown
Source)at
org.apache.xml.security.transforms.Transforms.performTransforms(Unknown
Source)at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
Source) at
org.apache.xml.security.signature.Reference.getReferencedBytes(Unknown
Source)at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
Source)at
org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
Source) at
org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
Source) at org.apache.xml.security.signature.XMLSignature.sign(Unknown
Source)
================================================
***@panonet.net
=================================================================
Tom Oehser
2002-10-22 14:44:58 UTC
Permalink
This is a known problem when dom-1 methods are used, I think a workaround has
been implemented, so you might want to just get the newest CVS pull and see if
that fixes your issue. -Tom
Date: Tue, 22 Oct 2002 15:21:02 +0100
Subject: XML Security with JDOM
All,
I am starting using the Apache XML security tool to sign an XML file.
I am have sucessfully run the signature example. That example
uses DOM technology and that's fine.
My requirement is to sign a JDOM document using xml apache.
My first thought was change the src_example and output a JDOM document into a
DOM
code snippet
...
DOMOutputter out = new DOMOutputter()
w3c.dom.Document doc = out.output(jdom.Document)
...
document and proceed with the signature. I keep getting the NPE below.
A collegue told me that they might be some issue in the JDOM serialization.
When I output the DOM document into a file using XMLSerializer
it works fine XMLSignature cannot handle that same document
Any ideas
Best Regards.
JC.
==================[CreateSignature] Root jett
Start signing
java.lang.NullPointerException
at org.apache.xml.security.c14n.helper.NonNSAttrCompare.compare(Unknown
Source)
at java.util.Arrays.mergeSort(Arrays.java:1181)
at java.util.Arrays.sort(Arrays.java:1128)
at java.util.Collections.sort(Collections.java:121)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.getAttrs(Unknown
Source) at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.canonicalizeXPathNodeSet(Unknown
Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.canonicalizeXPathNodeSet(Unknown
Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.engineCanonicalizeXPathNodeSet(Unknown
Source)at
org.apache.xml.security.transforms.implementations.TransformC14NWithComments.enginePerformTransform(Unknown
Source)at
org.apache.xml.security.transforms.Transform.performTransform(Unknown
Source)at
org.apache.xml.security.transforms.Transforms.performTransforms(Unknown
Source)at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
Source) at
org.apache.xml.security.signature.Reference.getReferencedBytes(Unknown
Source)at org.apache.xml.security.signature.Reference.calculateDigest(Unknown
Source)at
org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
Source) at
org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
Source) at org.apache.xml.security.signature.XMLSignature.sign(Unknown
Source)
================================================
=================================================================
JC Tchitchiama
2002-10-23 10:18:28 UTC
Permalink
All,
I downloaded the new CVS and I am getting this exception on a file that was
succesfully signed !!!!

Any ideas

JC

[VerifySignature]
org.apache.xml.security.exceptions.XMLSecurityException:Cannot create an
ElementProxy from a null argument
[VerifySignature] at
org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.algorithms.Algorithm.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.samples.signature.VerifySignature.main(Unknown
Source)
Post by Tom Oehser
This is a known problem when dom-1 methods are used, I think a workaround
has been implemented, so you might want to just get the newest CVS pull and
see if that fixes your issue. -Tom
Date: Tue, 22 Oct 2002 15:21:02 +0100
Subject: XML Security with JDOM
All,
I am starting using the Apache XML security tool to sign an XML file.
I am have sucessfully run the signature example. That example
uses DOM technology and that's fine.
My requirement is to sign a JDOM document using xml apache.
My first thought was change the src_example and output a JDOM document
into a DOM
code snippet
...
DOMOutputter out = new DOMOutputter()
w3c.dom.Document doc = out.output(jdom.Document)
...
document and proceed with the signature. I keep getting the NPE below.
A collegue told me that they might be some issue in the JDOM
serialization. When I output the DOM document into a file using
XMLSerializer
it works fine XMLSignature cannot handle that same document
Any ideas
Best Regards.
JC.
==================[CreateSignature] Root jett
Start signing
java.lang.NullPointerException
at
org.apache.xml.security.c14n.helper.NonNSAttrCompare.compare(Unknown
Source)
at java.util.Arrays.mergeSort(Arrays.java:1181)
at java.util.Arrays.sort(Arrays.java:1128)
at java.util.Collections.sort(Collections.java:121)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.getAtt
rs(Unknown Source) at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.canoni
calizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.canoni
calizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.engine
CanonicalizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.transforms.implementations.TransformC14NWithComme
nts.enginePerformTransform(Unknown Source)at
org.apache.xml.security.transforms.Transform.performTransform(Unknown
Source)at
org.apache.xml.security.transforms.Transforms.performTransforms(Unknown
Source)at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTrans
forms(Unknown Source) at
org.apache.xml.security.signature.Reference.getReferencedBytes(Unknown
Source)at
org.apache.xml.security.signature.Reference.calculateDigest(Unknown
Source)at
org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
Source) at
org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
Source) at org.apache.xml.security.signature.XMLSignature.sign(Unknown
Source)
================================================
=================================================================
--
Best Regards.

JC.
==================================================================
***@panonet.net
=================================================================
Christian Geuer-Pollmann
2002-10-23 10:36:41 UTC
Permalink
org.apache.xml.security.exceptions.XMLSecurityException:

"Cannot create an ElementProxy from
a null argument"

You must supply an org.w3c.dom.Element from the Signature recs namespace
and local name "Signature" to the

new XMLSignature(Element el, ...)

but in your code, el==null

Christian




--On Mittwoch, 23. Oktober 2002 11:18 +0100 JC Tchitchiama
Post by JC Tchitchiama
All,
I downloaded the new CVS and I am getting this exception on a file that
was succesfully signed !!!!
Any ideas
JC
[VerifySignature]
[VerifySignature] at
org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.algorithms.Algorithm.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown
Source) [VerifySignature] at
org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.samples.signature.VerifySignature.main(Unknown
Source)
Post by Tom Oehser
This is a known problem when dom-1 methods are used, I think a workaround
has been implemented, so you might want to just get the newest CVS pull
and see if that fixes your issue. -Tom
Date: Tue, 22 Oct 2002 15:21:02 +0100
Subject: XML Security with JDOM
All,
I am starting using the Apache XML security tool to sign an XML file.
I am have sucessfully run the signature example. That example
uses DOM technology and that's fine.
My requirement is to sign a JDOM document using xml apache.
My first thought was change the src_example and output a JDOM document
into a DOM
code snippet
...
DOMOutputter out = new DOMOutputter()
w3c.dom.Document doc = out.output(jdom.Document)
...
document and proceed with the signature. I keep getting the NPE below.
A collegue told me that they might be some issue in the JDOM
serialization. When I output the DOM document into a file using
XMLSerializer
it works fine XMLSignature cannot handle that same document
Any ideas
Best Regards.
JC.
==================[CreateSignature] Root jett
Start signing
java.lang.NullPointerException
at
org.apache.xml.security.c14n.helper.NonNSAttrCompare.compare(Unknown
Source)
at java.util.Arrays.mergeSort(Arrays.java:1181)
at java.util.Arrays.sort(Arrays.java:1128)
at java.util.Collections.sort(Collections.java:121)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.get
Att rs(Unknown Source) at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.can
oni calizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.can
oni calizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.eng
ine CanonicalizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.transforms.implementations.TransformC14NWithCo
mme nts.enginePerformTransform(Unknown Source)at
org.apache.xml.security.transforms.Transform.performTransform(Unknown
Source)at
org.apache.xml.security.transforms.Transforms.performTransforms(Unknown
Source)at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTr
ans forms(Unknown Source) at
org.apache.xml.security.signature.Reference.getReferencedBytes(Unknown
Source)at
org.apache.xml.security.signature.Reference.calculateDigest(Unknown
Source)at
org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
Source) at
org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
Source) at org.apache.xml.security.signature.XMLSignature.sign(Unknown
Source)
================================================
=================================================================
--
Best Regards.
JC.
==================================================================
=================================================================
JC Tchitchiama
2002-10-23 14:40:32 UTC
Permalink
Christian,


I looked at what you are saying but don't quiet get it.

Below is what I have got in the VerifySignature.java
...
SAXBuilder builder = new SAXBuilder();

org.jdom.Document jdomDoc = builder.build(signatureFile);

DOMOutputter outputter = new DOMOutputter();
org.w3c.dom.Document doc = outputter.output(jdomDoc);

org.w3c.dom.Element nscontext = XMLUtils.createDSctx(doc, "ds",
Constants.SignatureSpecNS);
org.w3c.dom.Element sigElement = (org.w3c.dom.Element) =
XPathAPI.selectSingleNode(doc,
"//ds:Signature[1]", nscontext);
...
Note that this example works well when JDOM is not involved at all

Thx

JC
Post by Christian Geuer-Pollmann
"Cannot create an ElementProxy from
a null argument"
You must supply an org.w3c.dom.Element from the Signature recs namespace
and local name "Signature" to the
new XMLSignature(Element el, ...)
but in your code, el==null
Christian
--On Mittwoch, 23. Oktober 2002 11:18 +0100 JC Tchitchiama
Post by JC Tchitchiama
All,
I downloaded the new CVS and I am getting this exception on a file that
was succesfully signed !!!!
Any ideas
JC
[VerifySignature]
[VerifySignature] at
org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.algorithms.Algorithm.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown
Source) [VerifySignature] at
org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.samples.signature.VerifySignature.main(Unknown
Source)
Post by Tom Oehser
This is a known problem when dom-1 methods are used, I think a
workaround has been implemented, so you might want to just get the
newest CVS pull and see if that fixes your issue. -Tom
Date: Tue, 22 Oct 2002 15:21:02 +0100
Subject: XML Security with JDOM
All,
I am starting using the Apache XML security tool to sign an XML file.
I am have sucessfully run the signature example. That example
uses DOM technology and that's fine.
My requirement is to sign a JDOM document using xml apache.
My first thought was change the src_example and output a JDOM document
into a DOM
code snippet
...
DOMOutputter out = new DOMOutputter()
w3c.dom.Document doc = out.output(jdom.Document)
...
document and proceed with the signature. I keep getting the NPE below.
A collegue told me that they might be some issue in the JDOM
serialization. When I output the DOM document into a file using
XMLSerializer
it works fine XMLSignature cannot handle that same document
Any ideas
Best Regards.
JC.
==================[CreateSignature] Root jett
Start signing
java.lang.NullPointerException
at
org.apache.xml.security.c14n.helper.NonNSAttrCompare.compare(Unknown
Source)
at java.util.Arrays.mergeSort(Arrays.java:1181)
at java.util.Arrays.sort(Arrays.java:1128)
at java.util.Collections.sort(Collections.java:121)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.get
Att rs(Unknown Source) at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.can
oni calizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.can
oni calizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.eng
ine CanonicalizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.transforms.implementations.TransformC14NWithCo
mme nts.enginePerformTransform(Unknown Source)at
org.apache.xml.security.transforms.Transform.performTransform(Unknown
Source)at
org.apache.xml.security.transforms.Transforms.performTransforms(Unknow
n Source)at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTr
ans forms(Unknown Source) at
org.apache.xml.security.signature.Reference.getReferencedBytes(Unknown
Source)at
org.apache.xml.security.signature.Reference.calculateDigest(Unknown
Source)at
org.apache.xml.security.signature.Reference.generateDigestValue(Unknow
n Source) at
org.apache.xml.security.signature.Manifest.generateDigestValues(Unknow
n Source) at
org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
================================================
=================================================================
--
Best Regards.
JC.
==================================================================
=================================================================
--
Best Regards.

JC.
==================================================================
***@panonet.net
=================================================================
Christian Geuer-Pollmann
2002-10-23 14:57:14 UTC
Permalink
Element sigElement = (Element)
XPathAPI.selectSingleNode(doc,
"//ds:Signature[1]", nscontext);

The question is: "Is sigElement != null ?"

You select the first Signature element in xmldsig namespace. But did you
really find one in your input document?


--On Mittwoch, 23. Oktober 2002 15:40 +0100 JC Tchitchiama
Post by JC Tchitchiama
Christian,
I looked at what you are saying but don't quiet get it.
Below is what I have got in the VerifySignature.java
...
SAXBuilder builder = new SAXBuilder();
org.jdom.Document jdomDoc = builder.build(signatureFile);
DOMOutputter outputter = new DOMOutputter();
org.w3c.dom.Document doc = outputter.output(jdomDoc);
org.w3c.dom.Element nscontext = XMLUtils.createDSctx(doc, "ds",
Constants.SignatureSpecNS); org.w3c.dom.Element sigElement =
(org.w3c.dom.Element) = XPathAPI.selectSingleNode(doc,
"//ds:Signature[1]", nscontext);
...
Note that this example works well when JDOM is not involved at all
Thx
JC
Post by Christian Geuer-Pollmann
"Cannot create an ElementProxy from
a null argument"
You must supply an org.w3c.dom.Element from the Signature recs namespace
and local name "Signature" to the
new XMLSignature(Element el, ...)
but in your code, el==null
Christian
--On Mittwoch, 23. Oktober 2002 11:18 +0100 JC Tchitchiama
Post by JC Tchitchiama
All,
I downloaded the new CVS and I am getting this exception on a file that
was succesfully signed !!!!
Any ideas
JC
[VerifySignature]
[VerifySignature] at
org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.algorithms.Algorithm.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown
Source) [VerifySignature] at
org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.samples.signature.VerifySignature.main(Unknown
Source)
Post by Tom Oehser
This is a known problem when dom-1 methods are used, I think a
workaround has been implemented, so you might want to just get the
newest CVS pull and see if that fixes your issue. -Tom
Date: Tue, 22 Oct 2002 15:21:02 +0100
Subject: XML Security with JDOM
All,
I am starting using the Apache XML security tool to sign an XML
file. I am have sucessfully run the signature example. That example
uses DOM technology and that's fine.
My requirement is to sign a JDOM document using xml apache.
My first thought was change the src_example and output a JDOM
document into a DOM
code snippet
...
DOMOutputter out = new DOMOutputter()
w3c.dom.Document doc = out.output(jdom.Document)
...
document and proceed with the signature. I keep getting the NPE
below. A collegue told me that they might be some issue in the JDOM
serialization. When I output the DOM document into a file using
XMLSerializer
it works fine XMLSignature cannot handle that same document
Any ideas
Best Regards.
JC.
==================[CreateSignature] Root jett
Start signing
java.lang.NullPointerException
at
org.apache.xml.security.c14n.helper.NonNSAttrCompare.compare(Unknown
Source)
at java.util.Arrays.mergeSort(Arrays.java:1181)
at java.util.Arrays.sort(Arrays.java:1128)
at java.util.Collections.sort(Collections.java:121)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.
get Att rs(Unknown Source) at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.
can oni calizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.
can oni calizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.
eng ine CanonicalizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.transforms.implementations.TransformC14NWit
hCo mme nts.enginePerformTransform(Unknown Source)at
org.apache.xml.security.transforms.Transform.performTransform(Unkno
wn Source)at
org.apache.xml.security.transforms.Transforms.performTransforms(Unk
now n Source)at
org.apache.xml.security.signature.Reference.dereferenceURIandPerfor
mTr ans forms(Unknown Source) at
org.apache.xml.security.signature.Reference.getReferencedBytes(Unkn
own Source)at
org.apache.xml.security.signature.Reference.calculateDigest(Unknown
Source)at
org.apache.xml.security.signature.Reference.generateDigestValue(Unk
now n Source) at
org.apache.xml.security.signature.Manifest.generateDigestValues(Unk
now n Source) at
org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
================================================
=================================================================
--
Best Regards.
JC.
==================================================================
=================================================================
--
Best Regards.
JC.
==================================================================
=================================================================
JC Tchitchiama
2002-10-23 14:59:50 UTC
Permalink
Christian,

No sigElement is not null I can print out the name Tag etc... That's why I'm
confused here !!!

Cheers
JC
Post by Christian Geuer-Pollmann
Element sigElement = (Element)
XPathAPI.selectSingleNode(doc,
"//ds:Signature[1]", nscontext);
The question is: "Is sigElement != null ?"
You select the first Signature element in xmldsig namespace. But did you
really find one in your input document?
--On Mittwoch, 23. Oktober 2002 15:40 +0100 JC Tchitchiama
Post by JC Tchitchiama
Christian,
I looked at what you are saying but don't quiet get it.
Below is what I have got in the VerifySignature.java
...
SAXBuilder builder = new SAXBuilder();
org.jdom.Document jdomDoc = builder.build(signatureFile);
DOMOutputter outputter = new DOMOutputter();
org.w3c.dom.Document doc = outputter.output(jdomDoc);
org.w3c.dom.Element nscontext = XMLUtils.createDSctx(doc, "ds",
Constants.SignatureSpecNS); org.w3c.dom.Element sigElement =
(org.w3c.dom.Element) = XPathAPI.selectSingleNode(doc,
"//ds:Signature[1]", nscontext);
...
Note that this example works well when JDOM is not involved at all
Thx
JC
Post by Christian Geuer-Pollmann
"Cannot create an ElementProxy from
a null argument"
You must supply an org.w3c.dom.Element from the Signature recs namespace
and local name "Signature" to the
new XMLSignature(Element el, ...)
but in your code, el==null
Christian
--On Mittwoch, 23. Oktober 2002 11:18 +0100 JC Tchitchiama
Post by JC Tchitchiama
All,
I downloaded the new CVS and I am getting this exception on a file
that was succesfully signed !!!!
Any ideas
JC
[VerifySignature]
[VerifySignature] at
org.apache.xml.security.utils.ElementProxy.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.algorithms.Algorithm.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown
Source) [VerifySignature] at
org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source)
[VerifySignature] at
org.apache.xml.security.samples.signature.VerifySignature.main(Unknown
Source)
Post by Tom Oehser
This is a known problem when dom-1 methods are used, I think a
workaround has been implemented, so you might want to just get the
newest CVS pull and see if that fixes your issue. -Tom
Date: Tue, 22 Oct 2002 15:21:02 +0100
Subject: XML Security with JDOM
All,
I am starting using the Apache XML security tool to sign an XML
file. I am have sucessfully run the signature example. That example
uses DOM technology and that's fine.
My requirement is to sign a JDOM document using xml apache.
My first thought was change the src_example and output a JDOM
document into a DOM
code snippet
...
DOMOutputter out = new DOMOutputter()
w3c.dom.Document doc = out.output(jdom.Document)
...
document and proceed with the signature. I keep getting the NPE
below. A collegue told me that they might be some issue in the JDOM
serialization. When I output the DOM document into a file using
XMLSerializer
it works fine XMLSignature cannot handle that same document
Any ideas
Best Regards.
JC.
==================[CreateSignature] Root jett
Start signing
java.lang.NullPointerException
at
org.apache.xml.security.c14n.helper.NonNSAttrCompare.compare(Unknow
n Source)
at java.util.Arrays.mergeSort(Arrays.java:1181)
at java.util.Arrays.sort(Arrays.java:1128)
at java.util.Collections.sort(Collections.java:121)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.
get Att rs(Unknown Source) at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.
can oni calizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.
can oni calizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.
eng ine CanonicalizeXPathNodeSet(Unknown Source)at
org.apache.xml.security.transforms.implementations.TransformC14NWit
hCo mme nts.enginePerformTransform(Unknown Source)at
org.apache.xml.security.transforms.Transform.performTransform(Unkno
wn Source)at
org.apache.xml.security.transforms.Transforms.performTransforms(Unk
now n Source)at
org.apache.xml.security.signature.Reference.dereferenceURIandPerfor
mTr ans forms(Unknown Source) at
org.apache.xml.security.signature.Reference.getReferencedBytes(Unkn
own Source)at
org.apache.xml.security.signature.Reference.calculateDigest(Unknown
Source)at
org.apache.xml.security.signature.Reference.generateDigestValue(Unk
now n Source) at
org.apache.xml.security.signature.Manifest.generateDigestValues(Unk
now n Source) at
org.apache.xml.security.signature.XMLSignature.sign(Unknown Source)
================================================
=================================================================
--
Best Regards.
JC.
==================================================================
=================================================================
--
Best Regards.
JC.
==================================================================
=================================================================
--
Best Regards.

JC.
==================================================================
***@panonet.net
=================================================================
Christian Geuer-Pollmann
2002-10-23 15:29:13 UTC
Permalink
--On Mittwoch, 23. Oktober 2002 15:59 +0100 JC Tchitchiama
Post by JC Tchitchiama
No sigElement is not null I can print out the name Tag etc... That's why
I'm confused here !!!
Is the

local name == "Signature"

*and* the

namespace == "http://www.w3.org/2000/09/xmldsig#" ?


Christian
JC Tchitchiama
2002-10-23 18:27:30 UTC
Permalink
Christian,

The namespace id as you said but what do you mean by local name
if you mean Element name yes it's Signature.

<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>

Cheers
JC
Post by Christian Geuer-Pollmann
--On Mittwoch, 23. Oktober 2002 15:59 +0100 JC Tchitchiama
Post by JC Tchitchiama
No sigElement is not null I can print out the name Tag etc... That's why
I'm confused here !!!
Is the
local name == "Signature"
*and* the
namespace == "http://www.w3.org/2000/09/xmldsig#" ?
Christian
--
Best Regards.

JC.
==================================================================
***@panonet.net
=================================================================
JC Tchitchiama
2002-10-22 17:47:38 UTC
Permalink
Tom,

I downloaded a CVS and tried it again ant all work wonderfully.

Thanks for your help

JC
Post by Tom Oehser
This is a known problem when dom-1 methods are used, I think a workaround
has
been implemented, so you might want to just get the newest CVS pull and see
if
that fixes your issue. -Tom
Date: Tue, 22 Oct 2002 15:21:02 +0100
Subject: XML Security with JDOM
All,
I am starting using the Apache XML security tool to sign an XML file.
I am have sucessfully run the signature example. That example
uses DOM technology and that's fine.
My requirement is to sign a JDOM document using xml apache.
My first thought was change the src_example and output a JDOM document into
a
Post by Tom Oehser
DOM
code snippet
...
DOMOutputter out = new DOMOutputter()
w3c.dom.Document doc = out.output(jdom.Document)
...
document and proceed with the signature. I keep getting the NPE below.
A collegue told me that they might be some issue in the JDOM serialization.
When I output the DOM document into a file using XMLSerializer
it works fine XMLSignature cannot handle that same document
Any ideas
Best Regards.
JC.
==================[CreateSignature] Root jett
Start signing
java.lang.NullPointerException
at org.apache.xml.security.c14n.helper.NonNSAttrCompare.compare(Unknown
Source)
at java.util.Arrays.mergeSort(Arrays.java:1181)
at java.util.Arrays.sort(Arrays.java:1128)
at java.util.Collections.sort(Collections.java:121)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.getAttrs(Unknown
Post by Tom Oehser
Source) at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.canonicalizeXPathNodeSet(Unknown
Post by Tom Oehser
Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.canonicalizeXPathNodeSet(Unknown
Post by Tom Oehser
Source)at
org.apache.xml.security.c14n.implementations.Canonicalizer20010315.engineCanonicalizeXPathNodeSet(Unknown
Post by Tom Oehser
Source)at
org.apache.xml.security.transforms.implementations.TransformC14NWithComments.enginePerformTransform(Unknown
Post by Tom Oehser
Source)at
org.apache.xml.security.transforms.Transform.performTransform(Unknown
Source)at
org.apache.xml.security.transforms.Transforms.performTransforms(Unknown
Source)at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Unknown
Post by Tom Oehser
Source) at
org.apache.xml.security.signature.Reference.getReferencedBytes(Unknown
Source)at
org.apache.xml.security.signature.Reference.calculateDigest(Unknown
Post by Tom Oehser
Source)at
org.apache.xml.security.signature.Reference.generateDigestValue(Unknown
Source) at
org.apache.xml.security.signature.Manifest.generateDigestValues(Unknown
Source) at org.apache.xml.security.signature.XMLSignature.sign(Unknown
Source)
================================================
=================================================================
Continue reading on narkive:
Loading...