You have to serialize the signature and deserialize it sadly the
internal structures doesn't manage signing and verifying and the same
time.
On Mon, Aug 4, 2008 at 1:42 PM, <[EMAIL PROTECTED]> wrote:
>
> I am trying to create, then verify a signature, without much success. I
> assume something I
OK, so I have tried serializing and (re)parsing the XML message first, but
still fail the verification:
Document doc = assertion.getOwnerDocument();
doc.normalize();
// somehow the ID attribute is not yet really in the doc
// so we r
Ok what are you doing is adding spaces as you are indenting the
result, as space is a relevant content you are destroying the
signature in the process. You have to output it as pure as possible,
in xml-sec there some of them but any that don't add spaces will work.
Regards,
Raul
On Tue, Aug 5, 20
> transformer.setOutputProperty(OutputKeys.INDENT, "no");
Hmmm, I had indent set to no
So I tried removing this:
>
transformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount";,
"4");
Same results.
Also, isn't the Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS supposed to
account
There are lots of known problem associated with exsiting XML
signature/encryption specs... w3c is
currently revising those specs to improve usability and performance
- Original Message -
From: [EMAIL PROTECTED]
To: security-dev@xml.apache.org
Sent: Tuesday, August 05, 2008 8:35
Please check the examples in the code, you will find some way of
outputing the DOM tree. And sadly spaces are important
is not the same 1 that 1
0
Or some more funny things that can happen in text nodes. But you get
the picture.
And al
Hi:
I'm still having problems. After building the Signature element (everything
but the SignatureValue element) I execute:
[Server side]
XMLSignature sig = -> It uses
http://www.w3.org/2000/09/xmldsig#rsa-sha1 as signature method
sig.getSignedInfo().generateDigestValues();
byte[] dat
https://issues.apache.org/bugzilla/show_bug.cgi?id=45573
Summary: ElementProxy uses == instead of .equals for namespace
comparison
Product: Security
Version: unspecified
Platform: PC
OS/Version: Windows XP
Status: N
This is because before you sign it, you have to encode in DER the digest with
something like:
(Using bouncycastle classes)
public static byte[] doDER(byte[] data) throws IOException {
//This OID is for SHA1 only
String hashOID = 1.3.14.3.2.26;
DigestInfo dInfo =
