[CAP] OK, so let's just try dive in

Thu Mar 12 17:37:32 PDT 2009

So... playing with the Apache XML Security API for Java, version 1.4.2  
in Eclipse.  Here's a public key:

Sun DSA Public Key
     Parameters:
     p:
     fca682ce 8e12caba 26efccf7 110e526d b078b05e decbcd1e b4a208f3  
ae1617ae
     01f35b91 a47e6df6 3413c5e1 2ed0899b cd132acd 50d99151 bdc43ee7  
37592e17
     q:
     962eddcc 369cba8e bb260ee6 b6a126d9 346e38c5
     g:
     678471b2 7a9cf44e e91a49c5 147db1a9 aaf244f0 5a434d64 86931d2d  
14271b9e
     35030b71 fd73da17 9069b32e 2935630e 1c206235 4d0da20a 6c416e50  
be794ca4

   y:
     073e9026 471560e1 f34a4527 5b27d8e5 48f5e3f8 a852f61a 3c7274a1  
9d1a218c
     02329e43 01e1a15d 23be11d2 ae54f7d1 62bc8176 80668112 8f1cd71d  
09396483

And here's a CAP message signed using one of the sample classes:

<?xml version="1.0" encoding="UTF-8"?><alert xmlns="urn:oasis:names:tc:emergency:cap:1.1 
">
   <identifier>1236815505687</identifier>
   <sender>Unknown</sender>
   <sent>2009-03-11T16:51:45-07:00</sent>
   <status>Test</status>
   <msgType>Alert</msgType>
   <scope>Public</scope>
   <info>
     <event>Undefined event</event>
     <urgency>Unknown</urgency>
     <severity>Unknown</severity>
     <certainty>Unknown</certainty>
     <resource>
       <resourceDesc>Undefined resource</resourceDesc>
     </resource>
     <area>
       <areaDesc>Undefined area</areaDesc>
       <polygon>42,-124.2102 42,-120 39,-120 35.0,-114.6328  
34.35,-114.1 33.108,-114.6259 33.0,-114.4 32.71,-114.4  
32.7151,-114.7197 32.5338,-117.1247 34.28,-120.4418 38.9383,-123.817  
40.4533,-124.4522 42,-124.2102</polygon>
       <geocode>
         <valueName>foo</valueName>
         <value>bar</value>
       </geocode>
       <geocode>
         <valueName>bas</valueName>
         <value>bah</value>
       </geocode>
     </area>
   </info>
<Signature xmlns="http://www.w3.org/2000/09/ 
xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments 
"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1 
"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature 
"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1 
"/><DigestValue>jwJbxDfLh5+qPxH6LlrUgQkH56g=</DigestValue></ 
Reference></ 
SignedInfo><SignatureValue>GGqZbJ9BLUpEGNgtKujcQmtrPENqwmZP/ 
JStWuCfyRhgnCvJAfySIA==</ 
SignatureValue><KeyInfo><KeyValue><DSAKeyValue><P>/ 
KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0ImbzRMqzVDZkVG9
xD7nN1kuFw==</P><Q>li7dzDacuo67Jg7mtqEm2TRuOMU=</ 
Q><G>Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/ 
XPaF5Bpsy4pNWMOHCBiNU0Nogps
QW5QvnlMpA==</G><Y>Bz6QJkcVYOHzSkUnWyfY5Uj14/ 
ioUvYaPHJ0oZ0aIYwCMp5DAeGhXSO+EdKuVPfRYryBdoBmgRKP
HNcdCTlkgw==</Y></DSAKeyValue></KeyValue></KeyInfo></Signature></alert>

Can anyone make that verify?  Or if that's a really dumb first try,  
what would make a good simple demonstration?

- Art