Hi there, I use xmlsecurity to verify Signatures (dsig) in xml-files. I got some _new_ files, which via xmlsecurity do not work the way I expected:
org.apache.xml.security.signature.XMLSignatureException: The requested algorithm http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1 does not exist. Original Message was: null Original Exception was java.lang.NullPointerException at org.apache.xml.security.algorithms.SignatureAlgorithm.<init>(Unknown Source) at org.apache.xml.security.signature.SignedInfo.<init>(Unknown Source) at org.apache.xml.security.signature.XMLSignature.<init>(Unknown Source) I use bouncycastle as my provider. I add the provider dynamically before verifying. When I list all the algorithms, I got: [long list left out] Signatures: [long list left out] SHA1WITHECNR OID.1.2.840.113549.1.1.5 SHA512withRSA ECDSA SHA512WITHRSAENCRYPTION [long list left out] I think that "http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha1"; should point to ECDSA. I use xmlsecurity-1.3 (just the jar from the web http://xml.apache.org/security/dist/java-library/ ) I am aware of the xalan/endorsed problem. I tested on linux java 1.4/1.5 and winxp 1.4/1.5. I am not sure if xmlsecurity can handle this anyway...just wanted to ask what is the problem here... greetings m. -- "0x07: Signature not present. Press any key."
