Click here to Skip to main content
15,877,051 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
Friends, I am able to unmarshall signature block for most of the cases with below code. However its failing to unmarshall for STRTransform case. Can someone guide me?


Exception:
Exception in thread "main" javax.xml.crypto.MarshalException: java.security.NoSuchAlgorithmException: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform algorithm and DOM mechanism not available
    at org.jcp.xml.dsig.internal.dom.DOMTransform.<init>(DOMTransform.java:90)
    at org.jcp.xml.dsig.internal.dom.DOMReference.<init>(DOMReference.java:203)
    at org.jcp.xml.dsig.internal.dom.DOMSignedInfo.<init>(DOMSignedInfo.java:171)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(DOMXMLSignature.java:146)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(DOMXMLSignatureFactory.java:193)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(DOMXMLSignatureFactory.java:150)
    at com.aexp.apigee.soap.wssecdsig.ValidateMain.validate_RSA(ValidateMain.java:604)
    at com.aexp.apigee.soap.wssecdsig.ValidateMain.main(ValidateMain.java:663)
Caused by: java.security.NoSuchAlgorithmException: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform algorithm and DOM mechanism not available
    at javax.xml.crypto.dsig.TransformService.getInstance(TransformService.java:174)
    at org.jcp.xml.dsig.internal.dom.DOMTransform.<init>(DOMTransform.java:88)
    ... 7 more


Sample Payload:
soap
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header>
        <wsse:Security xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">
            <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-433FDACD36B2FADDEF1604604489297307">MIIH...</wsse:BinarySecurityToken>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-206">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="SOAP-ENV"/>
                    </ds:CanonicalizationMethod>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#id-205">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>jUW/sgyGfW1BXfxYaZorUFoqeyM=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#STR-433FDACD36B2FADDEF1604604489297309">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
                                <wsse:TransformationParameters>
                                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                                </wsse:TransformationParameters>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>5AZ0DXXMo/b6ad/b3xsnstVXSZo=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>nP2f1GQh4..</ds:SignatureValue>
                <ds:KeyInfo Id="KI-433FDACD36B2FADDEF1604604489297308">
                    <wsse:SecurityTokenReference wsu:Id="STR-433FDACD36B2FADDEF1604604489297309">
                        <wsse:Reference URI="#X509-433FDACD36B2FADDEF1604604489297307" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
            </ds:Signature>
        </wsse:Security>
    </SOAP-ENV:Header>
    <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-205">..</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


What I have tried:

Java
XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");
KeySelector ks = KeySelector.singletonKeySelector(pubcert.getPublicKey());
DOMValidateContext context = new DOMValidateContext(ks, signatureElement);
XMLSignature signature = signatureFactory.unmarshalXMLSignature(context);
Posted
Updated 3-Jan-24 13:16pm
v3
Comments
Sandeep Mewara 11-Nov-20 23:47pm    
See if this helps:
https://stackoverflow.com/questions/11716579/bouncycastle-xmlsignaturefactory-nosuchalgorithmexception
Member 16175719 4-Jan-24 11:29am    
were you able to find a solution for this issue ?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900