RE: JDOM - Sign validation

Fri, 07 Apr 2006 11:57:48 -0700

So, if you serialize the original DOM (canonicalized), convert to JDOM, convert back to DOM, and serialize the resulting DOM (canonicalized), how do the two serializations differ? It sounds like the content of the document is being changed in some non-trivial way somewhere in the JDOM <-> DOM conversion. The point of canonicalization is to factor out insignificant changes (like attribute ordering), but one or both of the conversions appears to introduce something that C14N cannot accommodate. If you can attach the two serializations of a given (small) document, that might help diagnose the problem.

From: chirsmail sapl [mailto:[EMAIL PROTECTED]
Sent: Friday, April 07, 2006 2:08 PM
To: [email protected]
Subject: Re: JDOM - Sign validation

One more point to add is that singed DOM validates.But the singed DOM converted to JDOM and then DOM out of JDOM doesnt validate.

Martin Labarthe Dubois <[EMAIL PROTECTED]> wrote:
you can try saving the XML to a file, and reading from it,
when traspasing from one format to another and viceversa. JDOM <-> DOM
 
moreover, i usually use IBMXMLSecurity suite to test the file just
typing
java dsig.VerifyGUI "filename.xml"
 
 
----- Original Message -----
Sent: Friday, April 07, 2006 2:31 PM
Subject: Re: JDOM - Sign validation

thanks for the reply.When i print DOM and DOM converted from JDOM seems to be same.I see lot of difference on the object level of signed DOM and DOM converted from JDOM.Because the signing of DOM converted from JDOM work well.After updating the DOM into JDOM and then convert the JDOM back to DOM ,the vaildation fails.
 
I think if i get the exact singed DOM out of JDOM , i should be able to valid the sign.But don't know how to get the exact DOM out of JDOM for validation.


Martin Labarthe Dubois <[EMAIL PROTECTED]> wrote:
Yes. in this case i also saw both of them identical from the c14n perspective.
 
You must have some other difference.
 
----- Original Message -----
Sent: Friday, April 07, 2006 2:09 PM
Subject: Re: JDOM - Sign validation


Thanks for the reply.
1)The different is on the byte level.When we print the byte of the orignal DOM and DOM converted from JDOM , the size is different.
2)The DOM converted from JDOM has the white space if the element doesn't have the values.
For example :
Orignal XML content:
<?xml version="1.0" encoding="UTF-8"?>
<div id="main"></div>
 
DOM o/p using XMLUtils.outputDOMc14nWithComments(
<div id="main"></div>
 
JDOM O/P converted from DOM using XMLOutputter:
<?xml version="1.0" encoding="UTF-8"?>
<div id="main" />
 
I think thats why it doesn't valid the DOM converted from JDOM.
Can any expert suggest me a way to resolve the issue.
Isn't the point of canonicalization to remove such problems from syntactically equivalent XML?   It seems that the element is the same, has the same value and same attributes with the same values, so they should be treated as the same data from a digital signing perspective.

David

Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1¢/min.

Blab-away for as little as 1¢/min. Make PC-to-Phone Calls using Yahoo! Messenger with Voice.

Reply via email to