Click here to Skip to main content
15,886,699 members
Search within:


SOAP/XML signautre verification failed for strtransform - javax.xml.crypto.marshalexception
Please Sign up or sign in to vote.
0.00/5 (No votes)
Friends, I am able to unmarshall signature block for most of the cases with below code. However its failing to unmarshall for STRTransform case. Can someone guide me?


Exception:
Exception in thread "main" javax.xml.crypto.MarshalException: java.security.NoSuchAlgorithmException: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform algorithm and DOM mechanism not available
    at org.jcp.xml.dsig.internal.dom.DOMTransform.<init>(DOMTransform.java:90)
    at org.jcp.xml.dsig.internal.dom.DOMReference.<init>(DOMReference.java:203)
    at org.jcp.xml.dsig.internal.dom.DOMSignedInfo.<init>(DOMSignedInfo.java:171)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.<init>(DOMXMLSignature.java:146)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshal(DOMXMLSignatureFactory.java:193)
    at org.jcp.xml.dsig.internal.dom.DOMXMLSignatureFactory.unmarshalXMLSignature(DOMXMLSignatureFactory.java:150)
    at com.aexp.apigee.soap.wssecdsig.ValidateMain.validate_RSA(ValidateMain.java:604)
    at com.aexp.apigee.soap.wssecdsig.ValidateMain.main(ValidateMain.java:663)
Caused by: java.security.NoSuchAlgorithmException: http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform algorithm and DOM mechanism not available
    at javax.xml.crypto.dsig.TransformService.getInstance(TransformService.java:174)
    at org.jcp.xml.dsig.internal.dom.DOMTransform.<init>(DOMTransform.java:88)
    ... 7 more


Sample Payload:
soap
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
    <SOAP-ENV:Header>
        <wsse:Security xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" SOAP-ENV:mustUnderstand="1">
            <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" wsu:Id="X509-433FDACD36B2FADDEF1604604489297307">MIIH...</wsse:BinarySecurityToken>
            <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="SIG-206">
                <ds:SignedInfo>
                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                        <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="SOAP-ENV"/>
                    </ds:CanonicalizationMethod>
                    <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
                    <ds:Reference URI="#id-205">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
                                <ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList=""/>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>jUW/sgyGfW1BXfxYaZorUFoqeyM=</ds:DigestValue>
                    </ds:Reference>
                    <ds:Reference URI="#STR-433FDACD36B2FADDEF1604604489297309">
                        <ds:Transforms>
                            <ds:Transform Algorithm="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#STR-Transform">
                                <wsse:TransformationParameters>
                                    <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                                </wsse:TransformationParameters>
                            </ds:Transform>
                        </ds:Transforms>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                        <ds:DigestValue>5AZ0DXXMo/b6ad/b3xsnstVXSZo=</ds:DigestValue>
                    </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>nP2f1GQh4..</ds:SignatureValue>
                <ds:KeyInfo Id="KI-433FDACD36B2FADDEF1604604489297308">
                    <wsse:SecurityTokenReference wsu:Id="STR-433FDACD36B2FADDEF1604604489297309">
                        <wsse:Reference URI="#X509-433FDACD36B2FADDEF1604604489297307" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
                    </wsse:SecurityTokenReference>
                </ds:KeyInfo>
            </ds:Signature>
        </wsse:Security>
    </SOAP-ENV:Header>
    <SOAP-ENV:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-205">..</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


What I have tried:

Java
XMLSignatureFactory signatureFactory = XMLSignatureFactory.getInstance("DOM");
KeySelector ks = KeySelector.singletonKeySelector(pubcert.getPublicKey());
DOMValidateContext context = new DOMValidateContext(ks, signatureElement);
XMLSignature signature = signatureFactory.unmarshalXMLSignature(context);
Posted
Updated 3-Jan-24 13:16pm
v3
Add a Solution
Comments
Sandeep Mewara 11-Nov-20 23:47pm    
See if this helps:
https://stackoverflow.com/questions/11716579/bouncycastle-xmlsignaturefactory-nosuchalgorithmexception
Member 16175719 4-Jan-24 11:29am    
were you able to find a solution for this issue ?

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise
Privacy
Cookies
Terms of Use
Last Updated 3 Jan 2024
Layout: fixed | fluid
Copyright © CodeProject, 1999-2024
All Rights Reserved.

Web03 2.8:2024-04-02:1

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900