Hi, Wouldn't this be due to the extra space that can be found around elements (space used for pretty formatting). That would account for the fact the PrettyDocumentToString method works.
Remember the way signature works: a hash of the XML document is taken then signed. Obviously, if there's additional (or fewer) whitespace, the hash changes which results in the signature being invalid... Hope this helps... David. David Brossard _______________________ Linkedin Profile: http://www.linkedin.com/in/davidbrossard _______________________ -----Original Message----- From: Alexander Willner [mailto:[EMAIL PROTECTED] Sent: 22 January 2008 15:31 To: [email protected] Subject: Problem with XmlUtils.toString and WSS4J Hello everyone, there seems to be a serious problem with XmlUtils.toString(Doc) and WSS4J. When you convert a document to its XML representation and then back to a document again, it can't be validated by WSS4J anymore. This happens e.g. when receiving a SOAP message via the MiniServlet. I've written a JUnit test to show the problem: ------------------------------------------------------------------------ ------------------- public final void testSignatureToString() throws IOException, SAXException, SignatureNotFoundException { /* Create valid signed example -------------------------------------- */ Document request = createExampleRequestWithoutSignature (this.exampleRequestWithoutSignature); Document response = this.secureHandler.addSignature(request); String responseString = XmlUtils.toString(response); /* ------------------------------------------------------------------ */ /* Check example ---------------------------------------------------- */ boolean check = this.signer.checkSignature(response); Assert.assertTrue("Signature is valid!", check); /* ------------------------------------------------------------------ */ /* Create a copy (e.g. receive example via Webservice --------------- */ Document newResponse = XmlUtils.createDocument(responseString); String newResponseString = XmlUtils.toString(newResponse); Assert.assertTrue("Strings are equal", newResponseString .equals(responseString)); /* ------------------------------------------------------------------ */ /* ------------------------------------------------------------------ */ check = this.signer.checkSignature(newResponse); Assert.assertTrue("Signature is valid", check); // this fails!!! /* ------------------------------------------------------------------ */ } ------------------------------------------------------------------------ ------------------- The solution here is to use XMLUtils.PrettyDocumentToString(Doc) [1] instead of XmlUtils.toString(Doc): ------------------------------------------------------------------------ ------------------- public final void testSignatureToString() throws IOException, SAXException, SignatureNotFoundException { /* Create valid signed example -------------------------------------- */ Document request = createNspExampleRequestWithoutSignature (this.nspExampleRequestWithoutSignature); this.secureHandler.setAddSignatureFlag(true); Document response = this.secureHandler.addSignature(request); String responseString = XMLUtils.PrettyDocumentToString(response); /* ------------------------------------------------------------------ */ /* Check example ---------------------------------------------------- */ boolean check = this.signer.checkSignature(response); Assert.assertTrue("Signature is valid!", check); /* ------------------------------------------------------------------ */ /* Create a copy (e.g. receive example via Webservice --------------- */ Document newResponse = XmlUtils.createDocument(responseString); String newResponseString = XMLUtils.PrettyDocumentToString(newResponse); String newResponseString2 = XmlUtils.toString(newResponse); System.out.println("Test1: ---------"); System.out.println(newResponseString); System.out.println("Test2: ---------"); System.out.println(newResponseString2); Assert.assertTrue("Strings are equal", newResponseString .equals(responseString)); /* ------------------------------------------------------------------ */ /* ------------------------------------------------------------------ */ check = this.signer.checkSignature(newResponse); Assert.assertTrue("Signature is valid", check); /* ------------------------------------------------------------------ */ } ------------------------------------------------------------------------ ------------------- Regards, Alex [1] http://ws.apache.org/wss4j/apidocs/org/apache/ws/security/util/XMLUtils. html#PrettyDocumentToString(org.w3c.dom.Document) --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
