Feedback requested-- What do you think?
The IntelĀ® SOA Security Toolkit 1.0 Beta (for the Linux* operating system)
provides XML Digital Signature and XML Encryption following the WS-Security
standard. This high-performance software library is currently delivered as
an Axis2* interface and Apache
Hi,
I create a signature with a C14N transform applied. Signing works. The
signature is valid if I apply the checkSignatureValue() method directly on
the result Document object.
However, if I write the Document out to the file system and parse it in back
again later, the signature is invalid.
> Looking at my document with kdiff3, I can see that only one line is
> different:
And there are no whitespace differences?
> The code for write out/read in is the following, although it should not
> matter:
>
>
> File file = new File(filename);
> FileOutputStream f = new FileOutputStream(file)
Rafael wrote:
Hi,
Our software is using xmlsec-1.4.1. However, we are very interested on
reproducing that canonicalization issue that showed up in 1.4.0 by replacing
1.4.1 with 1.4.0 in our software and testing.
After a quick look into the bug description and the CanonicalizerBase.java file,
we
Hi,
> > Looking at my document with kdiff3, I can see that only one line is
> > different:
>
> And there are no whitespace differences?
The only difference that I can see are the missing namespaces.
> >
> > File file = new File(filename);
> > FileOutputStream f = new FileOutputStream(file);
> >
> The only difference that I can see are the missing namespaces.
That doesn't seem right unless our XML was already indented the same way as the
transform would.
> No, the problem also occurs if I drop that line (and every other output
> property). Or do you mean the whole transformer approach w
