I
Ian Wilson
I'm getting an error message I don't understand.
The message is "The method newCanonicalizationMethod(String,
C14NMethodParameterSpec) is ambiguous for the type XMLSignatureFactory"
The code is "Code Fragment 2" from
http://java.sun.com/developer/technicalArticles/xml/dig_signatures/
Which I cut and pasted into a new class in Eclipse WST. I then used
Eclipse' Ctrl+O to generate the includes, where the class was available
in several packages, I picked the packages mentioned earlier in the
article (see below for full code)
My plan was use the error messages to guide me in adding suitable code
to create any undefined variables etc.
When I look at the API docs for XMLSignatureFactory I only see one
method named newCanonicalizationMethod so I can't see how it can be
ambiguous. It looks OK to me.
http://java.sun.com/webservices/docs/1.4/api/javax/xml/crypto/dsig/XMLSignatureFactory.html
Why is it ambiguous and what can I do about it?
--------------------------8<----------------------------------------
import java.util.ArrayList;
import java.util.Collections;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
public class IWSignXML {
public static void main(String[] args) {
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
DigestMethod digestMethod = fac.newDigestMethod
("http://www.w3.org/2000/09/xmldsig#sha1", null);
Reference ref = fac.newReference("#10",digestMethod);
ArrayList<Reference> refList = new ArrayList<Reference>();
refList.add(ref);
CanonicalizationMethod cm = fac.newCanonicalizationMethod(
"http://www.w3.org/2001/10/xml-exc-c14n#",null);
SignatureMethod sm = fac.newSignatureMethod(
"http://www.w3.org/2000/09/xmldsig#rsa-sha1",null);
SignedInfo signedInfo =fac.newSignedInfo(cm,sm,refList);
DOMSignContext signContext = null;
signContext = new DOMSignContext(privKey,securityHeader);
signContext.setURIDereferencer(new URIResolverImpl());
KeyInfoFactory keyFactory = KeyInfoFactory.getInstance();
DOMStructure domKeyInfo = new DOMStructure(tokenReference);
KeyInfo keyInfo =
keyFactory.newKeyInfo(Collections.singletonList(domKeyInfo));
XMLSignature signature = fac.newXMLSignature(signedInfo,keyInfo);
signature.sign(signContext);
}
}
---------------------------------------------------------------------
P.S. This is a bit of an X Y problem. The error message is Y, the X is
how to read an XML document and insert a digital signature of a part of
it (the Body element of a SOAP message).
P.P.S. Its actually X Y Z, the Z being that I want to check my Perl code
is canonicalising XML correctly by comparing its output with some SHA-1
digests produced by Java. If I could canonicalize XML and compute an
SHA-1 digest I'd be happy.
The message is "The method newCanonicalizationMethod(String,
C14NMethodParameterSpec) is ambiguous for the type XMLSignatureFactory"
The code is "Code Fragment 2" from
http://java.sun.com/developer/technicalArticles/xml/dig_signatures/
Which I cut and pasted into a new class in Eclipse WST. I then used
Eclipse' Ctrl+O to generate the includes, where the class was available
in several packages, I picked the packages mentioned earlier in the
article (see below for full code)
My plan was use the error messages to guide me in adding suitable code
to create any undefined variables etc.
When I look at the API docs for XMLSignatureFactory I only see one
method named newCanonicalizationMethod so I can't see how it can be
ambiguous. It looks OK to me.
http://java.sun.com/webservices/docs/1.4/api/javax/xml/crypto/dsig/XMLSignatureFactory.html
Why is it ambiguous and what can I do about it?
--------------------------8<----------------------------------------
import java.util.ArrayList;
import java.util.Collections;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.CanonicalizationMethod;
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMSignContext;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
public class IWSignXML {
public static void main(String[] args) {
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
DigestMethod digestMethod = fac.newDigestMethod
("http://www.w3.org/2000/09/xmldsig#sha1", null);
Reference ref = fac.newReference("#10",digestMethod);
ArrayList<Reference> refList = new ArrayList<Reference>();
refList.add(ref);
CanonicalizationMethod cm = fac.newCanonicalizationMethod(
"http://www.w3.org/2001/10/xml-exc-c14n#",null);
SignatureMethod sm = fac.newSignatureMethod(
"http://www.w3.org/2000/09/xmldsig#rsa-sha1",null);
SignedInfo signedInfo =fac.newSignedInfo(cm,sm,refList);
DOMSignContext signContext = null;
signContext = new DOMSignContext(privKey,securityHeader);
signContext.setURIDereferencer(new URIResolverImpl());
KeyInfoFactory keyFactory = KeyInfoFactory.getInstance();
DOMStructure domKeyInfo = new DOMStructure(tokenReference);
KeyInfo keyInfo =
keyFactory.newKeyInfo(Collections.singletonList(domKeyInfo));
XMLSignature signature = fac.newXMLSignature(signedInfo,keyInfo);
signature.sign(signContext);
}
}
---------------------------------------------------------------------
P.S. This is a bit of an X Y problem. The error message is Y, the X is
how to read an XML document and insert a digital signature of a part of
it (the Body element of a SOAP message).
P.P.S. Its actually X Y Z, the Z being that I want to check my Perl code
is canonicalising XML correctly by comparing its output with some SHA-1
digests produced by Java. If I could canonicalize XML and compute an
SHA-1 digest I'd be happy.