Hi security-dev'rs,
I am having a problem with using canonicalizeSubtree within a JAXM handler.
It seems that the signedInfo element returned via:
Node signedInfo =
signature.getElementsByTagNameNS(NS_URI_XML_DSIG, "SignedInfo").item(0);
is not returning a namespace-aware ElementNSImpl but a plain old ElementImpl
instead - therefore the signature verification fails since on the client
side xerces returns the appropriate ElementNSImpl and the signed xml
includes a namespace uri.
Has anyone seen this issue in using SAAJ or JAXM and if so what is your
remedy?
I am currently replacing the namespace url in the parent element (signature)
with a ElementNSImpl so that c14n will bring it down into the xml text
representation. At least this way I am not directly changing the element
that needs to be verified but it still feels like a hack.
Thanks in advance,
--larry
Lawrence J. McCay III
Probaris Technologies, Inc.
718 Arch Street, Suite 300 South
Philadelphia, PA 19106
phone 215-238-0510
cell 856-296-8391
fax 215-238-0577
[EMAIL PROTECTED]
www.probaris.com
--
This message has been scanned for viruses and
dangerous content, and is believed to be clean.
