> > On the server side, it looks like SignedInfo.verify call is always
> > assuming SOAP-ENV and not soapenv.
No, this code assumes nothing. What you give it is what it signs, and what
you verify can't be changed in between.
> > But if the digest of the SOAP body calculated on the the client sid
Scott Cantor wrote:
>
>> 1. Does it make difference to SignedInfo's verify API:
>>
> (http://santuario.apache.org/Java/api/org/apache/xml/security/signature/Sign
>
>
> That's not how all the standard c14n algorithms work, prefixes are part of
> the signed material and you can't change them in
> 1. Does it make difference to SignedInfo's verify API:
>
(http://santuario.apache.org/Java/api/org/apache/xml/security/signature/Sign
> edInfo.html#verify())
> that the xml contains soapenv or SOAP-ENV. I think that this method
figures
> out the namespace and uncanonicalize the stuff by appending
