I am trying to apply an XML Signature to an XML document but i am having problem with the message digest value.
Here is the relevant code:

Code:
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.transforms.*;

DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
DocumentBuilder db = dbf.newDocumentBuilder();
Document grant = db.parse(new InputSource(new StringReader(templateText)));
xmlSig = new XMLSignature(grant,"", XMLSignature.ALGO_ID_SIGNATURE_RSA);
privKey = (RSAPrivateKey)issuer.getPrivateKey();
pubKey = (RSAPublicKey)issuer.getPublicKey();
Transforms transforms = new Transforms(grant);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_OMIT_COMMENTS);
xmlSig.addDocument("", transforms);
xmlSig.addKeyInfo(pubKey);
grant.getDocumentElement().getElementsByTagName("r:issuer").item(0).appendChild(xmlSig.getElement());
xmlSig.sign(privKey);
What i try to do is create an enveloped signature using sha as the digest algorithm and sign using the RSA algorithm. The String used to create the Document ogject is well formed XML but not schema valid.
When the program is run i get these two warnings in stderr
Code:
Sep 8, 2008 2:37:56 AM org.apache.xml.security.signature.Reference verify
WARNING: Expected Digest: nyS8EhoOTA/7l91Q2fif0SzTfq8=
Sep 8, 2008 2:37:56 AM org.apache.xml.security.signature.Reference verify
WARNING: Actual Digest: FQsfvznrZstCT3/mLzmpfuasQdc=
As a result i do not have a valid signature value. I have verified the invalidity in several ways. I even used an online service for that.
The resulting xml signature is this. I have omitted the rest of the XML document for brevity's sake. Note that the digest value is the one Expected according to the warning message.
Code:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>nyS8EhoOTA/7l91Q2fif0SzTfq8=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
K1p598oGGgrMSXEnzTeEb9Lqlpbt9mc/lpa9HQNrObQXjkHmYilpHbM/yw4I0mtYKfm08gxxgTCd
atco1DEEFA==
</ds:SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<ds:Modulus>
h3Ggm76ZnCHaL508yP4FfguGC//K+A24/7HcaJ85fv3S5ydM+dlDLDgpdWkEIH4KTqQvnelrLzoH
5ADOzbVKJw==
</ds:Modulus>
<ds:Exponent>AQAB</ds:Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
Does anyone have any idea as to what might be wrong?
All suggestions are welcome and appreciated. Thanks.