Re: Resolver Issues with Enveloped Signature?

Fri, 11 Mar 2011 19:37:39 -0800 

>
> An enveloped signature is over the data that contains the Signature
> element.
>

Can you elaborate on this?  Here's an example.

<root>
    <content/>
    <ds:Signature/>
</root>

What is signed here?  <root>?  Or both <root> and <content>?

<root>
    <content>
        <ds:Signature/>
    </content>
</root>

I would assume that in this case, only <content> is signed.

I understand that typically, an enveloped signature signs the content
represented by its parent.  But does it sign the parent AND all the parent's
children?

<root>
    <content/>
        <subContent/>
    </content>
    <moreContent>
        <subContent/>
    </moreContent>
    <ds:Signature/>
</root>

I would assume this signature signs the entire document.  If not, how would
I do that?

Thanks,

Michael

On Wed, Mar 9, 2011 at 10:00 AM, Michael Bishop <[email protected]> wrote:

> OK, this is now issue 265 in the Santuario project.  I attached a test case
> and the certificate I'm using for the test.  Thanks for checking into it.
>
> Michael
>
>
> On Wed, Mar 9, 2011 at 4:47 AM, Colm O hEigeartaigh 
> <[email protected]>wrote:
>
>> Can you create a test-case and attach it to JIRA and I'll take a look?
>>
>> Thanks,
>>
>> Colm.
>>
>> On Tue, Mar 8, 2011 at 8:57 PM, Michael Bishop <[email protected]>
>> wrote:
>> > Hello,
>> >
>> > I'm having a problem with created an enveloped signature.  I was able to
>> > create an enveloping signature just fine, but the enveloped signature
>> hangs
>> > on the XMLSignature.sign(privateKey) method for a long time, before
>> throwing
>> > an error.
>> >
>> > I was able to figure out what the error was; by default, the
>> > XMLSignature.sign(privateKey) method was trying to access
>> > http://www.w3.org/2000/09/xmldsig#rsa-sha1 and failing.  I can pull
>> that up
>> > in my browser, so I don't know why it's hanging there.  I didn't have
>> this
>> > issue with an enveloping signature.
>> >
>> > I wrote an extension of ResourceResolverSpi and mapped
>> > http://www.w3.org/2000/09/xmldsig#rsa-sha1 to point to the schema
>> included
>> > in the XML Security JAR file.  That works fine, but I'm wondering what
>> the
>> > best solution is, and why enveloped signatures need to access this URL
>> at
>> > all?
>> >
>> > I can provide code as needed if it's necessary.
>> >
>> > Thanks,
>> >
>> > Michael Bishop
>> >
>>
>
>

Reply via email to