Now could successfully verify signed files which had "cascaded namespace attributes". The reason for the earlier failure seems to be when verifying larger (>40kB) signed files.
There are known problems with large files, but that are only really memory issues because at present we need to have the entire DOM tree in memory.
These files are usually many MB large (depending on memory).
I got another (also Apache-XMLSignature-1.0.4) based tool from a colleague which gives some more detailed error messages. When verifying larger files I get:
java.io.UTFDataFormatException: invalid byte 1 -f 1-byteUTF-8 sequence (0xbf) at org.apache.xerces.impl.io.UTF8Reader.read(UTF8Reader.java:678).
Is this a known issue ?
It's not a known XML-Security bug, but it does look more like a Xerces bug than a XML-Security bug. Have you checked the Xerces bug reports?
Any idea what is wrong ?
It seems like Xerces doesn't like a particular character in the XML.
When I decrease the file size by deleting elements, resign, and then validate again, everything goes fine. The critical file size seems to be around 40kB.
My guess would be that you deleted the particular character in the last delete.
Right now it's a little up in the air what's happening, but that would be my gut feeling with the information available at this time :)
Erwin
