Mathias Berg wrote:
Hi, i need some advice how i should build my xmlSignature document.
In our application we can create many orders. And each order shall be
xmlSigned.
After that, the xmlSigned orders is then added to a new XmlSigned document,
so we signed all orders in one document again.
N
We usually have 1-2 releases a year. I don't believe there is any time
table for the next release.
The fix for this is very simple and in the meantime you could create a
patch and just replace the XMLUtils.class in your xmlsec.jar:
$ svn diff -r792509 XMLUtils.java
Index: XMLUtils.java
=
Bolcina Ivan wrote:
Thanks Sean!
That was it. Great blog!
However,something strange is still happening, since app doesn't work
without xmlsec jar. I guess JSR 106 (encryption is missing), JSR 105
is defined bouth in JDK and in this jar.
Correct.
Now, if you want to use a more recent Apache X
Are you using the JSR 105 API and JDK 6? If you are, it could be using
the XML Security implementation bundled with JDK 6. This uses a
different logging mechanism (JDK logging). If so, check my blog for info
on configuring that:
http://weblogs.java.net/blog/mullan/archive/2006/02/more_xml_sign
Look at src/org/apache/xml/security/resource/log4j.properties in the
source tree. Change these lines to print debug messages on Console:
log4j.logger.org.apache.xml.security=DEBUG, Console
log4j.logger.org.apache.xml.security.test.AllTests=DEBUG, Console
Specify the following system property wh
Bolcina Ivan wrote:
Hi.
How to enable debuging messages. I looked at log4j.log and it seems
fine, but no debug messages are printed out to console?
See: http://commons.apache.org/logging/guide.html#Configuration
--Sean
Sounds good to me, nothing further to add.
--Sean
Raul Benito wrote:
Hello,
I'm going to send the report for this month, do you have anything to tell?
Regards,
Raul
--
Just normal bug fixing. Quiet quarter.
Regards,
Raul
, especially when validating large signatures. Also, the
amount of memory used should be fairly constant as the size of the data
increases.
--Sean
Sean Mullan wrote:
It seems like the last time I worked on this, I didn't check in those
new classes. Let me see if I can find an old workspace and I&#
The difference in memory usage should be noticeable in a streaming
implementation, especially when validating large signatures. Also, the
amount of memory used should be fairly constant as the size of the data
increases.
--Sean
Sean Mullan wrote:
It seems like the last time I worked on this
It seems like the last time I worked on this, I didn't check in those
new classes. Let me see if I can find an old workspace and I'll get back
to you.
--Sean
pankaj.kha...@cognizant.com wrote:
Hi all,
We are trying to use the SAX implementation of the XML Digital Signature
verification. The
Sasha wrote:
I mean if I have a program that is written against Apache XML Security v1.3 will
it continue to work if I relink it against Apache XML Security v1.4.3?
I believe it should, but I can't make any guarantees. We didn't
(intentionally) break compatibility going from 1.3 to 1.4. Let u
Sasha wrote:
Hi,
I have a quick question. Is Apache XML Security v1.4.3 compatible with 1.3?
Do you mean JDK 1.3? No.
JDK 1.4 and up.
--Sean
Thanks,
Sasha.
Sasha Matison
ca
Manager, Software Engineering
sasha.mati...@ca.com
There's an implementation available, but just be warned it is very much a work
in progress (actually nobody has worked on it for a while) and does not support
all of the XML Signature features. In particular, the following are not
supported: signature generation, inclusive c14n, enveloped signat
6 ?
Please let me know, if there is any solution in sight, or any other
workaround,
since I can´t use the endorsed mechanism due to a lot of
side-effects for others.
thanx, Torsten
*Sean Mullan *
Gesendet von: sean.mul...@sun.com
27.05.2009 20:37
her Update
of JDK6 ?
Please let me know, if there is any solution in sight, or any other
workaround,
since I can´t use the endorsed mechanism due to a lot of side-effects
for others.
thanx, Torsten
*Sean Mullan *
Gesendet von: sean.mul...@sun.com
27.05.2009 20:37
Bitte antworten an
secur
You must enable the DocumentBuilderFactory to be namespace aware before
parsing the document, add this line:
factory.setNamespaceAware(true);
--Sean
Björn-Peter Tietjens wrote:
Hi,
I am encrypting xml using the sample code.
But I have a problem decrypting it.
I have a String representation
That class is included in Xalan. Looks like you are not including xalan.jar in
your CLASSPATH.
--Sean
Björn-Peter Tietjens wrote:
Hi,
i would appriciate some help with on eof the examples:
i am trying to run the
"xml-security-1_4_3/src_samples/org/apache/xml/security/samples/encryption"
E
Scott Cantor wrote:
Inconsistent c14n has caused us to have validation failures in the past,
and
I have found no decent way to finding out what exactly the canonicalizer
output looks like. I've had to use the debugger and set the "os" stream to
a
FileOutputStream in DOMReferen
Hi,
The Java/JSR 105 API also supports this and the underlying JCE
cryptographic support for RSA-SHA256 has been in Sun's JDK since 1.4.2.
However. you must specify the URI when generating the SignatureMethod,
as there is no String constant defined for it yet. So do the following:
XMLSignat
The Apache XML Security team is pleased to announce the release of
version 1.4.3 of the Java xml-security library [1, 2]. This release
provides many bug fixes and a fix for the recently announced HMAC
vulnerability in the XML Signature specification [3]. You should upgrade
to this release as so
So far, we have four +1 (including myself) and zero -1 votes. I'll leave
the vote open until end of today, but assuming there are no negative
votes, will publish the release tomorrow.
--Sean
Colm O hEigeartaigh wrote:
+1.
Colm.
-Original Message-
From: sean.mul...@sun.com [mailto:se
The testing period for the Java XMLSec 1.4.3 release has passed without any
issues. Therefore, I would like to initiate a vote to post the final release of
1.4.3. Please cast your vote:
+1 : Yes, go ahead and post it
-1 : No (please indicate why)
Thanks,
Sean
.signature.XMLSignature class.
Regards,
Julien Pasquier
Sean Mullan wrote :
Julien PASQUIER wrote:
Hi all,
I would like to create a class which extends the XMLSignature class
but it is not possible because XMLSignature class is declared as
"final".
Is it possible te r
for
testing! If no issues are found by Friday, this will become the release
candidate for 1.4.3.
Thanks,
Sean
Sean Mullan wrote:
Hi all,
I have just putback a fix for this vulnerability to the source code
repository. This patch will be included in the (Java) version 1.4.3
release. Because
Please file a bug/rfe at https://issues.apache.org/bugzilla/enter_bug.cgi in the
Security project.
We need to add a ctor to the EncryptedKeyResolver class that takes an additional
provider parameter, and then change XMLCipher to call this new ctor and pass it
the provider it is using.
Unfort
d be wrapped in AccessController.doPrivileg
ed
Fixed bug 45634: Restore XMLUtils.createDSctx method.
Fixed bug 45095: log4j.properties in xmlsec sources and builds has side
effects in production environment. Thanks to Joachim Rousseau.
Sean Mullan wrote:
Hi all,
I have just putback a fix for this vulne
Hi all,
I have just putback a fix for this vulnerability to the source code repository.
This patch will be included in the (Java) version 1.4.3 release. Because of the
potential severity of this issue, we are planning an expedited release process
for 1.4.3. I plan to make available a jar for t
Sean Mullan wrote:
Julien PASQUIER wrote:
Hi all,
I would like to create a class which extends the XMLSignature class
but it is not possible because XMLSignature class is declared as "final".
Is it possible te remove the "final" declaration from the XMLSecurity
class in
Julien PASQUIER wrote:
Hi all,
I would like to create a class which extends the XMLSignature class but
it is not possible because XMLSignature class is declared as "final".
Is it possible te remove the "final" declaration from the XMLSecurity
class in the next release of XMLSecurity (v1.4.3)
Colm O hEigeartaigh wrote:
Here's an updated bugzilla triage for the forthcoming 1.4.3 release.
Most of the issues mentioned in my previous mail have been fixed. The
remaining issues are:
1. https://issues.apache.org/bugzilla/show_bug.cgi?id=44918
Some security concerns were raised about the su
jason marshall wrote:
I haven't tried this out yet. I did want to point out that the
instructions for doing the check are on
http://santuario.apache.org/download.html
and they point to the second location you list below.
Thanks, I fixed the link and it will be updated the next time we updat
Hi,
So far I have collected 3 positive votes and no negative votes and the vote has
been open longer than as required, so ...
Congratulations Colm!
I'll work on setting up your committer account.
Thanks,
Sean
Sean Mullan wrote:
Hi All,
I would like to nominate Colm O hEigeartaig
Hi All,
I would like to nominate Colm O hEigeartaigh for committer status on the
Santuario (XMLSec) project. Colm has been active on the list, proposed and
supplied a number of patches, and would bring valuable experience from the
Apache WSS4J project where he is also a committer.
Thanks,
Se
Sean Mullan wrote:
Which KEYS file are you using? Try: http://santuario.apache.org/dist/
I meant -
http://santuario.apache.org/dist/KEYS
I still need to update http://www.apache.org/dist/xml/security/KEYS
--Sean
jason marshall wrote:
Did the KEYS file get updated?
Thanks,
Jason
On
Which KEYS file are you using? Try: http://santuario.apache.org/dist/
I still need to update http://www.apache.org/dist/xml/security/KEYS
--Sean
jason marshall wrote:
Did the KEYS file get updated?
Thanks,
Jason
On Tue, Jun 2, 2009 at 10:59 AM, Sean Mullan <mailto:sean.mul...@sun.
I signed it for the first time with my key but I thought I had updated
the KEYS file. I'll look into this and get back to you.
--Sean
jason marshall wrote:
As a datapoint, using the same process I am able to verify the 1.4.1
signature. Did the signing key get swapped out at some point without
torsten.reinh...@gi-de.com wrote:
Hi,
I migrated my application from JDK5 (with external xmlsec-1.4.2.jar) to
JDK6 (where xmlsec is included now).
After that I got
javax.xml.crypto.MarshalException: unsupported signature algorithm:
http://www.w3.org/2001/04/xmldsig-more#rsa-sha256
Colm O hEigeartaigh wrote:
Is there any enthusiasm for putting a 1.4.3 release of the Java
library out sometime over the summer? It's been a year since the last
release now almost, and the Changelog lists 10 bugs as fixed since
then. I'm willing to help out with any other bugs that need fixing
(i
+1
Berin Lautenbach wrote:
+1 from me :)
Raul Benito wrote:
Ok,
I will regret to say that but I'm in.
What are the next steps, a vote between PMC members?
Regards,
Raul
On Tue, May 19, 2009 at 12:29 PM, Berin Lautenbach
wrote:
Have a look-see at:
http://www.apache.org/dev/pmc.html#chair
Have you asked any of the folks who worked on Xades? They should be better able
to explain the motivation behind the design.
--Sean
-Fab- wrote:
Hello,
I've tried to find the answer to my question using the search feature, but
was unsuccessful.
If it is already answered, please feel free to j
Hi Berin,
What are the benefits of being our own project? We used to be part of
xml.apache.org and I really see no difference since we became our own
project. Also, what are the implications of being archived? This is
still a very important and active project and should not be relegated to
"t
ently modified, then you need to
instantiate a new XMLSignature object.
--Sean
Scott Cantor wrote:
Sean Mullan wrote on 2009-03-25:
I don't think the behavior is intentional. Can you please file a bug at
http://issues.apache.org/bugzilla in the security category and attach
your test case?
I don't think the behavior is intentional. Can you please file a bug at
http://issues.apache.org/bugzilla in the security category and attach
your test case?
Thanks,
Sean
Bruno Harbulot wrote:
Hello,
I've been writing a test based on OpenSAML, which uses Apache XML
Security 1.4.2. In this t
The W3C XML Security Working Group has just released 7 first public working
drafts of new XML Signature and Encryption specifications. Please try to review
them and send any comments you have to the XML Security working group. These
drafts include revisions to XML Signature and Encryption to sup
Thanks, I fixed the test using your suggestion but used the File(parent, child)
ctor:
String file = new File(basedir, "build.xml").toURI().toString();
--Sean
Eric Tournier wrote:
Hi :)
I am facing an AssertionFailedError during the execution of
testLocalFileWithEmptyBaseURI() from
org.a
Looks like a bug to me. Can you please file a bug in the security
category at https://issues.apache.org/bugzilla/
Thanks,
Sean
Natallia Masel wrote:
Hi.
I use XMLCipher and i need to place some additional parameters into
EncryptionMethod element.
Here is the w3c schema definition
(http://ww
Gary Tse wrote:
Dear gurus,
I'm working with the Apache XML security 1.4.2 (Java version) and
suspect a problem in the sample.
This sample is supplied with the 1.4.2 package:
/src_samples/org/apache/xml/security/samples/encryption/Encrypter.java
The sample runs fine and produced this (and th
Harakiri wrote:
This is a very strange signature. If you just want
to sign
the contents of the document (the tbone element)
without the
signature, you should just use the enveloped
transform:
http://www.w3.org/TR/xmldsig-core/#sec-EnvelopedSignature
I think the code was based on this exampl
Harakiri wrote:
--- On Wed, 1/28/09, Sean Mullan wrote:
From: Sean Mullan
Subject: Re: Invalid Signature problem through Empty elements are converted to
start-end tag pairs
This is a very strange signature. If you just want to sign
the contents of the document (the tbone element) without
Harakiri wrote:
(this is my xml doc created by the SUN XML API)
Test
http://www.w3.org/2000/09/xmldsig#";>http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>http://www.w3.org/2002/06/xmldsig-filter2";>http://www.w3.org
Harakiri wrote:
We created signatures using the SUN XML Signature APIs in JRE 5 Versions.
Hmm, which APIs are those? What software are you using?
Have you tried JRE 6 to see if the problem still exists?
Due to a bug in SUNs API we like to use the XML Security API from Apache.
However, all ou
Should be fixed now. If not, let me know.
--Sean
Sean Mullan wrote:
Sorry, this is my fault.
Yesterday I changed the old site http://xml.apache.org/security to
redirect to the new site http://santuario.apache.org but I didn't
realize there were still download links to the old site.
Sorry, this is my fault.
Yesterday I changed the old site http://xml.apache.org/security to
redirect to the new site http://santuario.apache.org but I didn't
realize there were still download links to the old site. I'll send
another email when I have fixed this.
--Sean
Inma Marín wrote:
Ye
Version 1.2.1 is quite old. Many performance enhancements have been made
since then, especially in the transform processing. Please try the
latest (version 1.4.2) if you can.
--Sean
Inma Marín wrote:
Hello,
I have a problem when validating an XML enveloped signature. The point
is that I
Classloading issues can be tricky to debug and fix so I'm a bit hesitant to
apply your patch without a test case. It would be great if you could send us a
small test case that reproduces the problem.
Thanks,
Sean
Franco Catrin L. wrote:
Hi!
First of all, thank you for your great work in xml-
Ling Xiaohan wrote:
yes, I know URI couldn't contain space, but local path always does. The
apache
implementation could accept URI string with space, can we say apache
implementation
does not conform XML Signature specification.
Yes, I agree. It really should throw an exception if the URI is
Ling Xiaohan wrote:
factory.newReference("My%20document/test.txt", ...);
However, apache XMLDsig could set Reference's URI with space by calling
XMLSignature.addDocument, ex.,
sig.addDocument("My document/test.txt", null,
Constants.ALGO_ID_DIGEST_SHA1);
Although method newReference
At any rate, that doesn't explain not using URI in the JDK 1.6 library.
In the implementation, we do check that String URIs are valid URIs using the
java.net.URI class. That's why Ling's example causes an exception.
I'm not disagreeing that it would be better to use URIs instead of Strings.
Laugh all you want :), but an API dependency on java.net.URI would have ruled
out support for JDK 1.2/1.3, which was important at the time (but maybe not so
much anymore).
Just escape the space and it should work:
factory.newReference("My%20document/test.txt", ...);
--Sean
jason marshall wro
There are some use cases where using an unextractable private key results in
errors like this. See https://issues.apache.org/bugzilla/show_bug.cgi?id=43056
for more info.
If this is the case, you must explicitly specify the java.security.Signature
Provider that works with your Safenet HSM by s
I finally found some time to look at this and fixed your program. The problem is
that you are also trying to insert the document inside a ds:Object element,
which is for enveloping signatures, not enveloped signatures. If you remove the
following lines from your program:
XMLStructure content =
Richard Sand wrote:
Hi Sean,
I guess I'm confused. I thought the whole point of the enveloping technique
was that the signature would become part of the original document?
But when you are enveloping an existing Document into the Object element, you
get yourself into a problem in that you ar
I believe it is because of this line:
// Create a DOMSignContext, specifying the PrivateKey and the document
>// location of the XMLSignature
> DOMSignContext domSignContext = new DOMSignContext(privateKey,
doc.getDocumentElement());
I think this is because you are trying to cre
You are trying to import a Document node which is illegal according to
Document.importNode. Try changing the following line:
XMLStructure content = new DOMStructure(doc);
to:
XMLStructure content = new
DOMStructure(doc.getDocumentElement());
--Sean
Richard S
Peter B. West wrote:
That was quick. The source for org.jcp is not part of src.zip in the JDK
distribution. If I try to use the xmlsec-1.4.2.jar sources, things go wrong,
naturally. Where can I get the sources that were included in the JDK? I'm
used 1.6.0_07 and 1.6.0_10RC.
See: http://download
I don't know what the cause of this regression could be.
The best thing to do is for Arnaud or Peter to file a new bug at
http://issues.apache.org/bugzilla under the Security project and if possible,
attach a standalone (i.e. not dependent on WSS4J) test case that reproduces the
problem.
Tha
You need to set the base URI before you generate or validate the XMLSignature.
Use the DOMSignContext.setBaseURI or DOMValidateContext.setBaseURI methods.
--Sean
Ling Xiaohan wrote:
> Hi,
>
> I used XML-dsig classes in JDK6.0 for XML signature, but encountered
> an abjective
> problem. It
https://svn.apache.org/repos/asf/maven/repository-tools/trunk/src/bin/synchronize/m2-sync/sync.csv
Sean Mullan wrote:
If you tell me how to upload it, I'll look into it.
--Sean
Robert Novotny wrote:
Hello,
I notice that the last version in the Maven repository is 1.4.0? Version
1.4.1 fixes
If you tell me how to upload it, I'll look into it.
--Sean
Robert Novotny wrote:
Hello,
I notice that the last version in the Maven repository is 1.4.0? Version
1.4.1 fixes major bug with UTF-8 (which makes 1.4.0 unusable with messages
containing international characters).
XML Security is used
jason marshall wrote:
Where can I get a list of the known C14N bugs in XMLSec 1.3.0?
You can see all the bugs that were fixed in each release here:
http://santuario.apache.org/changes.html
--Sean
I strongly suggest first trying the latest apache xml security lib
(1.4.2) to see if the problem still occurs.
Thanks,
Sean
Arsenal4Life wrote:
Hi,
I am using jdk 1.4.2_09 and apache xml security lib 1.2.0.
code and enc xml attached...
http://www.nabble.com/file/p19133346/DomParserExampl
Yes, good suggestion, I'll add something.
--Sean
Raul Benito wrote:
It seems a nice question & answers for our faq...
On Tue, Aug 19, 2008 at 6:30 PM, dan costelloe <[EMAIL PROTECTED]> wrote:
Many thanks for your suggestions Sean.
I will give them a try.
Regards,
dan
dan costelloe wrote:
Thanks for that Sean. You have lead me to a followup (inline):
Sean Mullan Sun.COM> writes:
dan costelloe wrote:
[snip]
2a) Is it possible to use the xml-security-1.4.2 classes in a java
application so that the 1.4.2 classes take a higher preference than
those
dan costelloe wrote:
Greetings,
I've recently been tinkering with xml-security-1.4.2 and the experience so far
has left me with some questions. Perhaps someone on this list may be able to
shed some light:
1) (Sun) Java 1.6 seems to already contain an xml-security implementation. Which
version o
Brent Putman wrote:
The real test would be if you get different behavior from this:
Cipher xmlEncCiperAES = Cipher.getInstance("AES/CBC/ISO10126Padding", "BC");
versus this:
Cipher xmlEncCiperAES = Cipher.getInstance("AES/CBC/ISO10126Padding");
If the first works, but the latter doesn't (t
Brent Putman wrote:
The JCEID algorithm identifier gets looked up by the relevant security
provider class (e.g. Cipher), and is based on all 3 parameters: the
cipher, mode and padding.
This is highly platform vendor and version specific but as far as I
remember, support for the ISO10126 paddi
I agree. Returning null is intentional and is a performance optimization
as Raul mentions. The c14ned bytes are still being written to the output
stream.
I validated the signature with the JSR 105 API, and it is invalid. The
reference digests don't match. Here's some debugging info:
Expected
I'm not sure if it is a problem without more information and a test case.
I suggest you file a bug at https://issues.apache.org/bugzilla/enter_bug.cgi
and attach a test case.
Thanks,
Sean
Daniil Shved wrote:
I have generated a signature like this:
http://www.w3.org/2000/09/xmldsig#";>
...
...
I believe that is expected behavior with DSA signatures, i.e. there is
nothing wrong.
--Sean
Legido Martínez, Isidoro wrote:
Hi,
Probably I am doing somehing really stupid, but I don't see where I am
wrong so.. help!! :-)
I am using xml-security-bin-1_4_2 + jre1.5.0_07 (I have also tested
Daniil Shved wrote:
When I added xmlsec.jar into the lib/endorsed directory, it didn't affect the
result of the tests, I still got 3 failures and 22 errors.
I forgot to mention you may also need to add commons-logging.jar to the
endorsed directory. This may be the problem.
But, when I trie
Lopez Cantero, Sergio wrote:
Hi, I've seen that every time you create a xmlsignature, nodes get "formatted"
with a carry return at the end of the starting tag, p. ex:
Is there a way to deactivate this behavior?
Yes. If you set the system property named
"org.apache.xml.security.ignoreLine
Hi,
I think I know what the problem is. Since you are using JDK 6, you are
using the XML Signature implementation/JSR 105 that is bundled with JDK
6. Thus you are not picking up the new features and fixes in XMLSec 1.4.2.
To override the JDK 6 implementation, put xmlsec.jar into
/jre/lib/end
the NPE.
But, you should still always use the DOM namespace aware methods because
even though this worked, you will definitely get problems in more
complicated scenarios.
--Sean
Thank you Sean!
On Jun 26, 2008, at 5:49 PM, Sean Mullan wrote:
You must always use the DOM namespace aware m
You must always use the DOM namespace aware methods when creating
elements and attributes, change:
> Element assertion = doc.createElement("Assertion");
> assertion.setAttribute("id", "mynode");
to:
> Element assertion = doc.createElementNS(null, "Assertion");
> assertion.setAttributeN
ntuario.apache.org/changes.html
Thanks for reporting this.
--Sean
-A
Sean Mullan wrote:
Hi all,
I'm happy to announce that the final release of Java XMLSec 1.4.2 is
now available. See the web site http://santuario.apache.org for more
details on the release or download it from
http://
that?
--Sean
Thanks,
Ruchith
1.
http://people.apache.org/repo/m2-ibiblio-rsync-repository/org/apache/santuario/xmlsec/
On Tue, Jun 24, 2008 at 2:50 AM, Sean Mullan <[EMAIL PROTECTED]> wrote:
Hi all,
I'm happy to announce that the final release of Java XMLSec 1.4.2 is now
availab
Hi all,
I'm happy to announce that the final release of Java XMLSec 1.4.2 is now
available. See the web site http://santuario.apache.org for more details
on the release or download it from
http://xml.apache.org/security/dist/java-library/
The main highlights of this release are:
1) 22 bugs
Other than the licensing issue (which I will fix), I have received no
other negative votes, so I plan on finalizing the 1.4.2 release and I
should have it available in a day or two. Please let me know ASAP if
there are any issues with this plan.
Thanks,
Sean
Sean Mullan wrote:
Daniel Kulp
will make sure that is fixed when I publish the full release.
Thanks,
Sean
Thanks!
Dan
Sean Mullan wrote:
The two week testing period for the Java XMLSec 1.4.2 RC 1 release has
passed without any issues. Therefore, I would like to initiate a vote to
post the final release of 1.4.2. Please
The two week testing period for the Java XMLSec 1.4.2 RC 1 release has
passed without any issues. Therefore, I would like to initiate a vote to
post the final release of 1.4.2. Please cast your vote:
+1 : Yes, go ahead and post it
-1 : No (please indicate why)
Thanks,
Sean
Noreikis
Fixed bug 44991: Concurrent invocation of KeyInfo.getX509Certificate()
occasionally fails. Thanks to Giedrius Noreikis
Sean Mullan wrote:
Hi all,
I plan on posting the 1.4.2 release candidate for the Java XMLSec
project in the next couple of days. If there are any objections, please
let me
Berin Lautenbach wrote:
Hi all,
Very quickly - I just realised I need to do the update to the board.
Aything of importance from the last 3 months that I need to put in
there? We are working towards a 1.4.2 release, but anything else?
Not that I can think of. 1.4.2 will contain bug fixes and
from the build.xml (or at least
make it not the default behavior).
I'd love to have your help on improving the docs if you have the time. I
may be able to fix some things in the near future, but doubt I will have
the time to make all the improvements that are really necessary.
Thanks,
Sea
Hi all,
I have uploaded a jar file for the 1.4.2 beta2 release. Please download
it and test it and report any bugs or problems. In about 2 weeks, we
will take a vote to see if we should have another beta release or if it
is ready for a release candidate.
http://people.apache.org/~mullan/dist/xml
t, as I really don't want to
fix anything after it goes final :)
Thanks,
Sean
Sean Mullan wrote:
Hi all,
I have uploaded a jar file for the 1.4.2 beta1 release. Please download
it and test it and report any bugs or problems. In about 2 weeks, we
will take a vote to see if we should ha
Ian Hummel wrote:
This outputs:
DEBUG net.parityinc.jumpstart.sts.CryptoUtils - keyInfo is:
[EMAIL PROTECTED]
DEBUG net.parityinc.jumpstart.sts.CryptoUtils - Public key is: Sun RSA
public key, 1024 bits
modulus:
111569399812228317974104160667778574453427703386659798836457259422563834830313
heers,
Berin
Sean Mullan wrote:
Forwarding to the list ...
Berin, any plans to add support for C14N 1.1?
Subject:
DO NOT REPLY [Bug 42653] Add support for C14N 1.1 to Java implementation
From:
[EMAIL PROTECTED]
Date:
Tue, 0
If you attach the signature I might be able to make a guess, but you
really need to debug it and find out what the reference's pre-digested
content is when signing and validating and then compare them to see what
is breaking the signature. Often it's a namespace issue.
--Sean
Ian Hummel wrote
Forwarding to the list ...
Berin, any plans to add support for C14N 1.1?
--- Begin Message ---
https://issues.apache.org/bugzilla/show_bug.cgi?id=42653
Matej Spiller-Muys <[EMAIL PROTECTED]> changed:
What|Removed |Added
---
Wally Dennis wrote:
Thanks Sean - since I am a bit new to this, would I create the RFE in
bugzilla?
Yes, just goto https://issues.apache.org/bugzilla/index.cgi and select
"Enter a new bug report" and file it under the security category. You
will need to first create a bugzilla account if
1 - 100 of 301 matches
Mail list logo
