javax.xml.crypto custom CanonicalizationMethod for old specefications

Question

I'm trying to validate xml signed with

<CanonicalizationMethod Algorithm="http://www.w3.org/TR/1999/WD-xml-c14n-19991115"/>

But I get an exception:

javax.xml.crypto.MarshalException: java.security.NoSuchAlgorithmException: no such algorithm: http://www.w3.org/TR/1999/WD-xml-c14n-19991115 for provider XMLDSig

I don't like option to change xml input. Looks like implementing of some custom canonicalization method or force java to use other is much better, but I can't figure out how to do this.

final NodeList signatureNodeList = document.getElementsByTagName(SIGNATURE_TAG_NAME);
  if (signatureNodeList.getLength() == 0)
    return false;
  for(int i = 0; i < signatureNodeList.getLength(); i++){
    final DOMValidateContext validateContext = new DOMValidateContext(
      new KeyValueKeySelector(), signatureNodeList.item(i));
    final XMLSignature signature = xmlSignatureFactory.unmarshalXMLSignature(
      validateContext);
    if(!signature.validate(validateContext))
      return false;
  }

Answer 1

These are the CanonicalizationMethod values defined in JDK 8:

• http://www.w3.org/2001/10/xml-exc-c14n#
• http://www.w3.org/2001/10/xml-exc-c14n#WithComments
• http://www.w3.org/TR/2001/REC-xml-c14n-20010315
• http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments

Specifically, the 1999 working draft that you're using (http://www.w3.org/TR/1999/WD-xml-c14n-19991115) isn't among them.

I don't like option to change xml input.

From the implementation of XMLDSigRI you can probably work out how to create a new provider that implements that specific version.

However, I'd seriously consider whether it's valuable to have an implementation of an obsolete draft, especially when cryptography is involved.