Yes, tools like XML Spy often modify XML file, like pretty printing or replacing every new line character (ASCII 10) with a pair of new line and carriage return characters (ASCII 10 and 13). Such files are still valid XML files (well formed and conformed to its schema), but signature is not valid any more. I recommend using Notepad.exe for manipulating signed XML files, instead.
However, tool that you are using doesn't have to be source of your problems. Signature will allways be invalid if you put signed document into some other document which have namespaces (on the root element, for example) and you don't use exclusive canonicalization for both <ds:SignedInfo> and references you are signing (see <ds:Reference> and <ds:Transformations> documentation). Sometimes you have to take your signed XML out of the SOAP message to be able to successfully validate its signature. Btw, if you have any chance to modify WSDL file of your web service, you should change it to accept Base64 encoded signed XML file, instead of XML Document (in the soap header). You will save yourself a lot of pain and interoperability troubles. Hope it helps, Milan --- akkachotu <[EMAIL PROTECTED]> wrote: > I have generated a WS Security 2004 X509 Token Profile Signature using > AXIS and it gets successfully verified by the provider. This I have > tested using a standalone java program that uses AXIS 1.2.1 Final and > uses XSS4J API for signing the soap message. > > However if I take the request soap message (which has signature in > header and <Security> element in header) and paste in XML SPY 2006 and > fire a request to the server then the signature verification on the > provider is failing and I see in the server logs that <SignedInfo> > element validity is failed and further <SignatureValue> element value > is mismatched and digest values are mismatched in the process of > validating the <SingedInfo> element. > > Does somebody have any thoughts like XML SPY may be somehow changes > the soap message(may be adds some text formatting or something like > the sort which I am unable to imagine) before it sends it to provider? > > Are there any free tools out there in which I can just page the soap > message with WS Security 2005 X509 Signature and fire the request to > the provider and get the response without any hassles as I am having > hard time with XML SPLY. > > Thank you for your reply and time. > __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
