I have been looking at the memory consumption using some
profiling tools, to see if there are any obvious things
we can fix in the short-term. I don't have any patches
yet (other than the one I sent in a few weeks ago), but
I will keep you informed as I find stuff.
Thanks,
Sean
Dittmann Werner wrot
Berin Lautenbach wrote:
Milan,
Anything can be an Id, but it needs to be defined as such within the
DTD/Schema (type=ID). In the XML DSIG spec, anything that has an
type="ID" attribute is called "Id", so references, objects, manifests
etc should all have attributes called Id.
But if the file
Anderson Jonathan wrote:
Hi everyone,
Apologies in advance for what is probably a rather naive question. Current
distributions of Apache XML-Security contain no third party JCE, but all of
the documentation points to using the latest versions of the Bouncy Castle
JCE as the provider for XM
e up to you, just as you choose
to use different JCA/JCE providers.
I am sorry I can't give you much more details about the RI at this time.
I hope to have more information about the 105 RI that I can share with you
soon.
Thanks,
Sean
Thanks again,
-Jon
-Original Message-
Neither is correct, unless you use a schema/DTD that
identifies the attribute as an ID. Ex: you could just
as easily define an attribute named "target" which is
an ID.
So the application may end up signing something that it didn't
really intend to.
My advice would be to remove the code that searche
I'm not sure I understand why it is tied to the parser.
You can implement a solution for registering/retrieving
IDs that is not dependent on DOM L3/Xerces, which is what
we did for JSR 105. It is just a simple Map containing
Elements and using the ID attribute value as a key...
--Sean
Scott Cantor
Hmm, why a WeakHashMap? That seems kind of dangerous if the programmer
is not aware you are using a WeakHashMap because entries could be removed if you
don't maintain a reference to the key. Or maybe I am missing something.
Davanum Srinivas wrote:
Updated bugzilla with a patch that does the followi
/onjava/2001/07/09/optimization.html?page=2
Basically then the document is gc'ed, i want to get rid of the weakhashmap of the
element/id
pair's in that document.
thanks,
dims
--- Sean Mullan <[EMAIL PROTECTED]> wrote:
Hmm, why a WeakHashMap? That seems kind of dangerous if the p
For Java developers, you may also want to use the J2SE 1.4 CertStore class,
which allows you to retrieve certificates and CRLs from repositories,
such as LDAP: http://java.sun.com/j2se/1.4.2/docs/api/java/security/cert/CertStore.html
For example, in your KeyInfoResolver implementation, you could re
Are you building Apache XML-Security from source or using one of the binary
releases? I pushed a fix back which has a huge performance gain a while back but
unfortunately there is no binary yet - you'll have to build the source yourself
to pick up the fix. See:
http://nagoya.apache.org/eyebrowse/[E
Berin Lautenbach wrote:
Dims,
Actually, because of all the problems with Gump (which is/was ignoring
bouncy castle) I've been doing exactly that.
The problem I'm running into is that the Sun JCE does not support the
relaxed version of PKCS5 padding that the Baltimore encryption interop
examples us
Can you tell me which test vectors are failing?
--Sean
Berin Lautenbach wrote:
Peoples,
I have just checked in a new version of config.xml that works for most
encryption algorithms under SunJCE (have not yet checked sig).
One question - I am having issues with symmetric key wraps. The
Baltim
AES Key Unwrap or 3DES based CMS Unwrap
respectively.
Anyway - still researching, but all ideas welcome :>.
Cheers,
Berin
Sean Mullan wrote:
Can you tell me which test vectors are failing?
--Sean
Berin Lautenbach wrote:
Peoples,
I have just checked in a new version of config.
Vishal Mahajan wrote:
Axl Mattheus wrote:
Vishal,
There are different mechanisms used to encrypt/decrypt clear
text/cipher text to wrap/unwrap a key. If one wants to encrypt
something, one initializes the XMLCipher (javax.crypto.Cipher) to be
in ENCRYPT_MODE in order for it to perform the appr
S
or DESEDE, so I *think* what is happening is the JCE is doing a straight
encrypt/decrypt rather than an AES Key Unwrap or 3DES based CMS Unwrap
respectively.
Anyway - still researching, but all ideas welcome :>.
Cheers,
Berin
Sean Mullan wrote:
Can you tell me which test vectors a
Erwin van der Koogh wrote:
Exactly which method call in which class/interface are you suggesting I
use?
LOL.. I shouldn't be answering these kinds of questions this late at
night.. too easy to make a mistake. I thought you were straight DOM to
manipulate the API. It never even dawned on my you
Martin Labarthe Dubois wrote:
I had memory problems signing big XMLs, so I decided to make my own specific
XML signature algorithm that works with an specific "home made JAXB", i
finished it today and i discoverd two things,
one is that it signs faster than 1.04, but identical to 1.1, but of course
Berin Lautenbach wrote:
Yup.
I've also worked out the problem, but I need some advice from everyone
as to the "right" fix.
The samples create a manifest object that refers to a URI in the rest of
the signature. At the time the manifest is created, the element that
will hold the relevant Id ha
Yes, you can use PKCS#11 with XML Signatures and JCE.
See http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
for more info on the PKCS#11 provider in J2SE 1.5.
--Sean
Berin Lautenbach wrote:
Peter,
I don't *think* so. But my expertise in this space is not as high as
others on the
steel scorpion wrote:
From: Erwin van der Koogh <[EMAIL PROTECTED]>
Somewhere in your code you have a reference to a particular ID, but
it's not always possible to see what attributes are of type ID. To
Not sure I understand this completely. Does this mean that, from a
parser/resolver point of
Sun's JCE provider does support that padding scheme in J2SE 1.5 (currently at beta 2):
http://java.sun.com/j2se/1.5/
--Sean
Axl Mattheus wrote:
Which cryptographic provider are you using? I do not think that the SunJCE
provides this padding scheme. Use Bouncy Castle instead.
Ax/
-Original Messa
Sun's JCE provider that is bundled with J2SE 1.5 Beta 2
(http://java.sun.com/j2se/1.5.0/download.jsp) now passes
all of the Apache XML Security tests. With beta 1, there were still
some outstanding failures with key wrapping tests but they have all
been fixed now. Can one of the committers please a
Davanum Srinivas wrote:
Sean,
including "ant mega-sample"??? Anyways checked in the updates to config.xml.
Yes, I just ran mega-sample target and AFAICT it works fine (there were no
failure messages or exceptions).
--Sean
I'd say it wouldn't be too hard to remove the dependency on the DerValue
class completely. Basically, you want to extract the KeyIdentifier Octet
String from the DER-encoded extension value and then strip off the octet tag.
If I have some time later, I'll send a snippet of code.
--Sean
Davanum Srin
Just back today after JavaOne and vacation but swamped in email, etc... I
should be able to look at this later in the week.
--Sean
Davanum Srinivas wrote:
Sean,
Are u guys back from vacation yet? :)
-- dims
On Fri, 25 Jun 2004 09:35:57 -0400, Sean Mullan <[EMAIL PROTECTED]> wrote:
I&#x
Hi Dims,
I could not reproduce this. Are you sure you downloaded and installed
the unlimited strength policy files: http://java.sun.com/j2se/1.4.2/download.html
(scroll to bottom of page).
--Sean
Davanum Srinivas wrote:
FYI, if i drop bc-jce-jdk13-124.jar into jre\lib\endorsed it works
fineSo i
, Sean Mullan <[EMAIL PROTECTED]> wrote:
Hi Dims,
I could not reproduce this. Are you sure you downloaded and installed
the unlimited strength policy files: http://java.sun.com/j2se/1.4.2/download.html
(scroll to bottom of page).
--Sean
Davanum Srinivas wrote:
FYI, if i drop bc-jce-jdk13-124.ja
.
* where each parameter is the name of a file containing the encoded
* cert in DER or Base64 format or a PKCS7/base64 encoded cert chain.
* PKCS7 files must end in "pkcs7" and base64 encoded DER chains in "cer".
*
* @author Sean Mullan
*/
import java.io.*
Which tests fail? I get 3 failures in Canonicalizer20010315Test but not
sure what is causing it.
--Sean
Davanum Srinivas wrote:
Vishal,
I was able to get "ant test" work in JDK1.5 w/o xercesImpl in libs
directory (remove the xercesImpl from ant/lib as well before you run
it). Could you please help
:30 EDT 2003 META-INF/
192 Mon Jun 16 15:36:28 EDT 2003 default_local.policy
On Tue, 13 Jul 2004 15:04:35 -0400, Sean Mullan <[EMAIL PROTECTED]> wrote:
Do the contents look like?:
$ jar tf $JAVA_HOME/jre/lib/security/local_policy.jar
META-INF/MANIFEST.MF
META-INF/JCE_DSA.SF
META-INF/JCE_DSA
Milan Tomic wrote:
ean,
Thank you for examples. I've been testing ValidateCertPath.java
and got
strange results:
1. On standard output, all certificates are printed, except root
certificate (trusted anchor). When using BuildCertPath.java, all
certificates are printed to the std output, incl
Milan Tomic wrote:
Sean,
Thank you very much. It works fine now. :)
However, I'm attaching two certificates. ValidateCertPath.java
prints trusted anchor in this case. I don't know why.
I've tried to use Cert Path API for downloading CRLs and it seems it
only supports LDAP, but not HTTP
Vishal Mahajan wrote:
Dominik Schadow wrote:
Yes, I tried the following code:
SecretKeySpec keySpec = new
SecretKeySpec(JavaUtils.getBytesFromFile(keyFile), algorithm);
SecretKey key = skf.generateSecret(keySpec);
The exception I receive is
java.security.NoSuchAlgorithmException: AES not foun
Milan Tomic wrote:
Hello Sean,
Thank you very much for your help. I've read RFC 3280 and I
understand PKIX little better now. :)
Please, could you give me some small example of CertStore (PKIX)
usage? Retriving CRLs using HTTP and LDAP protocols and validating that
cert is not revok
Vishal Mahajan wrote:
Sean Mullan wrote:
Vishal Mahajan wrote:
Dominik Schadow wrote:
Yes, I tried the following code:
SecretKeySpec keySpec = new
SecretKeySpec(JavaUtils.getBytesFromFile(keyFile), algorithm);
SecretKey key = skf.generateSecret(keySpec);
The exception I receive is
Davanum Srinivas wrote:
Heiner,
I've added a temporary fix to using BouncyCastle's classes if
sun.security.util.DerValue. Am adding the "temporary" qualifier
because Sean has promised a better fix :)
Here's my belated fix. This method simply strips off the first 4 bytes of
the extension value: 2
Hi,
There's a new bug (well somewhat recent - it is a regression from the
1.1 release) in Canonicalizer.canonicalizeSubtree(Node) where it leaves
a superfluous default empty namespace definition in the subtree root
node instead of omitting it.
I'm attaching a test program and test xml signature
There is a bug in XMLSignatureInput.getNodeSet() - it will throw a
NullPointerException if the nodeset is empty. This is a regression from the 1_1
release and causes one of the xpath filter 2 interop test vectors to fail:
merlin-xpath-filter2-three/sign-spec.xml
Here is a simple patch/code diffs
You probably are not using the unlimited strength JCE. See
http://java.sun.com/products/jce/index-14.html#UnlimitedDownload for further
downloading instructions.
--Sean
Ruchith Fernando wrote:
Hi All,
I'm trying to simply encrypt a simple XML file with the encryption
sample available.
org.apache
Hi,
Recently, we have run into a serious issue with the Apache XML Security
Java implementation due to the way it uses its own mechanism
(config.xml) to find JCA/JCE providers for different XML DSig or Enc
algorithm URIs instead of using the standard J2SE mechanism [1].
The issue involves findi
e)" and rely on the standard
J2SE configuration to find a provider instead.
--Sean
-- dims
PS: we are still supporting 1.3/1.4 right?
On Fri, 20 Aug 2004 08:44:33 -0400, Sean Mullan <[EMAIL PROTECTED]> wrote:
Hi,
Recently, we have run into a serious issue with the Apache XML Security
Also, Sun's JCE provider supports the Triple DES Key Wrap algorithm as
of 5.0 (aka 1.5) , available now in beta 2:
http://java.sun.com/j2se/1.5.0/download.jsp
--Sean
Earnie Dyke wrote:
That was it. I installed Bouncy Castle and it works now. Thanks for the
help!!!
Earnie!
-Original M
Have you included a decryption Transform?: http://www.w3.org/TR/xmlenc-decrypt
--Sean
Andrej Konkow wrote:
Hi there,
I'm new to this kind of discussion but would like to respond to a
message and point out another problem.
the solution you have described is not practicable from my point of view
Close, but you are still creating a detached signature since the file:
URI is over content that is external to the document containing the
signature element. Change your Reference URI to "".
--Sean
def abc wrote:
--- Jesse Pelton <[EMAIL PROTECTED]> a écrit :
You need to include the enveloped
+1
The bug I submitted is fixed:
http://issues.apache.org/bugzilla/show_bug.cgi?id=33393
Thanks,
Sean
Raul Benito wrote:
I have more or less complete my list of things for 1.2.1 release. So
please: can people that has report bugs test if there are corrected in
CVS version?
I want to call for vote
The Apache XMLSec library may maintain the order if you only use it to
sign & verify signatures, but it is a bad assumption to make if you are
concerned about interoperability. No order is implied by the
certificates stored in an X509Data element. Furthermore, the order could
be changed or cert
Can you please resend your message to [EMAIL PROTECTED] ?
Although the JSR 105 XMLDSig implementation delivered with JWSDP is
based on Apache XMLSec, this alias is not the correct place to ask
questions about JWSDP.
Also, please upgrade to JWSDP 1.4 and let me know if you still see the
problem
I doubt it is a digesting problem, since that just uses the underlying
JCA SHA1 MessageDigest provider code. It is more likely to be that for
whatever reason the pre-digested content is different for some reason.
Perhaps the XML is being modified by the server and that breaks the
signature. You
, 16 Mar 2005 13:24:24 +0100 (CET), Erwin van der Koogh
<[EMAIL PROTECTED]> wrote:
Look who's back :D
+1 for me too, although it can hardly count after all this time.
I really hope this will change with JSR-105 support :)
Erwin
+1
Raul Benito wrote:
I want to proposse Sean Mullan as co
Paolo wrote:
Hi gurus,
I developing a Servlet on SAP Web AS 6.40 SP 11, but when I try to sign my XML
message I get this error:
org.apache.xml.security.signature.XMLSignatureException: The requested
algorithm http://www.w3.org/2000/09/xmldsig\#rsa-sha1 does not exist.
I'm happy to announce that we're (IBM & Sun) finally ready to contribute
the JSR 105 [1] (Java XML DSig) implementation back to Apache. As you
might know the JSR 105 reference implementation is largely based on the
Apache Java XMLSec implementation, and we'll be contributing the API and
additio
dims
On 7/21/05, Sean Mullan <[EMAIL PROTECTED]> wrote:
I'm happy to announce that we're (IBM & Sun) finally ready to contribute
the JSR 105 [1] (Java XML DSig) implementation back to Apache. As you
might know the JSR 105 reference implementation is largely based on the
Ap
Raul Benito wrote:
I have something implemented for SAX as you can see bugzilla entry
http://issues.eu.apache.org/bugzilla/show_bug.cgi?id=32657 .
And I have take a look for JSR105, but i think the tree API is not
100% applicable to
for example one pass implementations.
In this cases, there shou
PKCS7 is based on a different format (ASN.1)/structure and isn't
compatible with XML Signatures. You should use a PKCS7 validation
tool/library.
--Sean
Frankinet Philippe wrote:
Dear,
How to do if the signature already exists (e.g stored as PKCS7 format on
a backup system) ?? How to give the
Fixed in latest sources.
Samuel Misecka wrote:
In class org.apache.xml.security.utils.Base64 throws new
Base64DecodingException with parameter "It should be dived by four"
(decodeInternal and decode methods), I think that it is wrong. The parameter
should be msgID not a message text.
Sam.
Make sure you set your factory to be namespace aware, i.e.
DocumentBuilderFactory fac =
DocumentBuilderFactory.newInstance();
fac.setNamespaceAware(true);
--Sean
Stefan Schulz wrote:
Hello all
I am sorry to bother the developers, but i am at the end of my (limited)
knowledge here. Attache
Paul Buhler wrote:
I have what I hope is a simple question. I am trying to sign the
EncryptedData element in an XML document. This element has an id attribute
of "ed1".
If I use a same-document reference URI of "#ed1" I get the desired result;
i.e., the digest is only calculated for the Encrypte
This seems like a good change, so I have made your suggested change and
it will appear in the 1.3 RC jar.
Thanks,
Sean
Clive Brettingham-Moore wrote:
Um, not wanting to sound like a broken record, since I have mentioned
this before, but is there even a remote chance that
XMLCipher.encryptData
The only other modification of the library I am using at the moment is
to parse reference lists correctly (at all?) during decryption.
For my application (OASIS WS-Security implementation), what ends up
happening with encryption is that you have an encrypted key in the SOAP
header using a refere
[EMAIL PROTECTED] wrote:
In the element ElementProxy class, the
guaranteeThatElementInCorrectSpace method doesn't to
have the expected behavior :
String localnameSHOULDBE = this.getBaseLocalName();
String namespaceSHOULDBE = this.getBaseNamespace();
String localnameIS =
this._constructionElemen
There is no class named CryptoManager in the Apache XMLSec Java sources.
It sounds like you are using some other XML Security implementation.
--Sean
Miha Vidmar wrote:
Hi,
i am wondering about something. I have a test case where I verify a
simple signature that keeps failing on me. All the
The JSR 105 API which will be added to the next (1.4) release of Apache
XMLSec allows you to determine whether an invalid signature was caused
by a signature value that failed to verify and/or if one or more of the
reference digests failed to match.
--Sean
David Garcia wrote:
Hi,
My name
I am not familiar with the RetrievalMethodResolver class - however if
you wait until the next release of XMLSec (1.4), the JSR 105 API will be
included and it allows you to create your own URIDereferencer
implementation for resolving RetrievalMethod URIs (of any type).
--Sean
Julien TAUPIN wr
[EMAIL PROTECTED] wrote:
I did.
It is number 6.
From the stack trace, it seems like you are picking up Sun's JCE
implementation, and not BouncyCastles. Are you using JDK 1.4? Sun's JCE
implementation in 1.4 does not support the ISO10126Padding scheme. You
need to upgrade to at least JDK 1.5
Try using the 1.3 RC jar. Should be fixed.
Hess Yvan wrote:
Hi,
I sign a XML document having an external content using java version
1.2.1. I pass the external content as a FileInputStream into the
XMLSignatureInput constructor and I got on the error console the
following message "Mark Supor
[EMAIL PROTECTED] wrote:
Last question...
I fixed the problem. The last issue was also my fault. I had changed the
algorithm to DES when I was troubleshooting and for some reason it doesn't
like algorithms under 128 bit. But I don't know why it didn't work
previously.
Why couldn't it find the p
Julien TAUPIN wrote:
Hi all,
I try to perform an XML encryption of data by a secret key. In the w3c
recommendations it is precised that the initialisation vector IV must be
transmit but does not specified where : "the IV, if any, could be specified
as being with the cipher data, as an algorithm
+1
Raul Benito wrote:
Sorry for the delay calling a vote but I've been really busy with my
day job(deadline approaching) and I wanted to close all bugs before
doing the release (thing that I manage to do tonight).
But after a waiting time, and with all the bugs closed, I'll think is
time to gr
Although I have reviewed these fixes and they look fine and fairly
low-risk, I think it probably makes sense to allow a few days (a week?)
to let others test and make sure there are no regressions. Comments? I'm
fairly new to the process, but I just think it makes sense to test the
final bits a
little more time before for the final release. Thanks for
bringing this up and hopefully we can incorporate this going forward.
Regards,
Vishal
Sean Mullan wrote:
Although I have reviewed these fixes and they look fine and fairly
low-risk, I think it probably makes sense to allow a few days (
Julien TAUPIN wrote:
Hi all,
Is it possible to use the XML Security API with a JCA / JCE provider which
is not the default provider.
Yes.
The problem is that I need to use a specific provider but when I define this
one as the default provider the jar verifier causes a stack overflow
exceptio
What version of XMLSec are you using?
Also, don't return an XPath node-set of all the nodes of the element's
subtree. By doing this, you will not take advantage of the optimizations
in the XMLSec library when canonicalizing subtrees and it could also be
the reason you need to invoke circumvent
it is a bug in the Sun
JarVerifier. This one use the default provider to verify the signature
of the archive but if the default provider is not the SUN one, it
causes the stack overflow exception.
-Message d'origine-
De : Sean Mullan [mailto:[EMAIL PROTECTED] Envoyé : mardi 20
sept
+1
Raul Benito wrote:
Well, lets check the items for doing a release
-RC done a announced ... Done
-Not new Bugs in Bugzilla for about a week...Done.
-People not sending death threats because of the RC...Done
-More than week without traffic in security list...Done
-Vote called and agree
Hi Milan,
Milan Tomic wrote:
I'm using XMLSignature ctor like this:
XMLSignature sig = new XMLSignature(doc, BaseURI, docSig, docCan);
and got the following error:
org.apache.xml.security.exceptions.XMLSecurityException: Cannot create a
http://www.w3.org/2000/09/xmldsig#:Signat
I don't know for sure, but you should be able to figure out the problem
by inserting some print statements or running your test case thru a
debugger such as jdb or JSwat (you will have to recompile the Apache
XMLSec source with the -g flag though). Also, make sure when you parse
your Document w
What is GW9?
--Sean
Cullum, Steve wrote:
I used GW9 That one works
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: 14 October 2005 18:45
To: security-dev@xml.apache.org
Subject: DO NOT REPLY [Bug 36921] - (Websphere/Solaris) referecing
org.apache.xpath
n see that namespaceURI have a value of
"http://www.w3.org/2000/09/xmldsig#"; (and it should be null)
Because of this, the code failes to find attribute. I have never seen such a
case... :(
Best regards,
Milan
-Original Message-----
From: Sean Mullan [mailto:[EMAIL PROTECTED]
Sent: Friday
Raul Benito wrote:
Hello Everybody,
After the painful release of the xmlsec(mainly because of the
updating of the web page, and deadlines in my "day" job), I begin to
wonder where the java xml sec should lead.
From my area of expertise, performance:
The fast path (URI selection, only envelop
Hi,
Are we supposed to officially now use svn instead of cvs for
xml-security? I ask because I am going to be doing some commits soon and
I want to make sure they are not lost. The xml-security cvs repository
is still there. If we have officially switched to use svn should we shut
down the cv
I don't know but I use the settings below and it works for me. In my
build.xml I set the system property log4j.properties to a file
containing these properties, ex:
log4j.rootLogger=DEBUG, console
log4j.appender.console=org.apache.log4j.ConsoleAppender
log4j.appender.console.layout=or
/12/05, Sean Mullan <[EMAIL PROTECTED]> wrote:
Hi,
Are we supposed to officially now use svn instead of cvs for
xml-security? I ask because I am going to be doing some commits soon and
I want to make sure they are not lost. The xml-security cvs repository
is still there. If we have offi
Try to put "attributes = compatibility" into the SunPKCS11 config file.
This will often avoid such problems but it may not work with all PKCS#11
tokens.
Failing that, can you send me a full stack trace of the exception?
--Sean
Barbara Schachner wrote:
Hello!
Could anybode please help me wit
Does the card support PKCS#11? If so, have you tried using it with a
PKCS#11 JCE provider, such as the one in Sun's JDK 5.0? :
http://java.sun.com/j2se/1.5.0/docs/guide/security/p11guide.html
--Sean
Ulrich Ackermann wrote:
Hi,
I've been looking quit a while without any luck for any advice or
Ulrich Ackermann wrote:
Hi Sean,
Thank you for your response. It seems that my question wasn't as
clear as I thought it would be. I Haven't got any problems in using a
Smartcard. I DO have got problems in getting the right hash, that has
to be encrypted with the private key on the Smartcard (or
Some of the binary files appear to have been corrupted in the transition
from cvs to svn, such as the DER-encoded X.509 certificates in the test
data directory (they are all off by a single byte). Has anyone else seen
this and/or is this a known issue when converting cvs repositories to
svn? I'
Correction: it appears these files were corrupted in cvs too (they also
were not tagged as binary which may be the underlying problem). I guess
I am the first to notice this as some new tests that I am including with
JSR 105 try to parse these files.
--Sean
Sean Mullan wrote:
Some of the
Do you have a test case?
--Sean
Larchier Christophe wrote:
Hi all,
I use xml-security-1_3_0.
I execute the following code :
logger.info("arg2=" + NAMESPACE_URI_DS);
logger.info("arg3=" + NAMESPACE_URI_DS + algo);
signature = new XMLSignature(envelope, NAMESPA
Frank Cornelis wrote:
Hi,
My XML signature breaks when I convert the signed DOM to String and back again
to DOM. I'm using jdk1.5.0_06 with
-Xbootclasspath/p:xalan-2.7.0.jar:xercesImpl-2.7.1.jar:xml-apis-2.0.2.jar:serializer-2.7.0.jar
The following JUnit test demonstrates the issue. Anyone any
Hi all,
I have finished the integration of JSR 105 (Java XML Digital Signature)
API & Implementation and merged my personal branch to the main/trunk.
There is a new ant target named "test_jsr105" which will run the new
unit tests. Eventually I will merge this target with the existing "test"
t
I have fixed this on the main trunk. Thanks for the patch.
--Sean
Hermann, Eckehard wrote:
Hi,
I probably found some problems (XMLUtils.selectDsNodes(element
instead of XMLUtils.selectDsNodes(element.getFirstChild(),) in some
of the key resolvers, which I fixed (with the fixes our test
Does anyone know how to do this, who to contact?
Thanks,
Sean
Murugan Selvaraj wrote:
Hi
I am trying to do the enveloped XML digital signature for following
requirements.
1)Parse the given XML and get the requested node from the XML File
2)Then do the digital signature only for the element and get the XML
signature structure
3)Put the XML si
Hi,
Thanks for trying out JSR 105.
gain knowledge wrote:
I tried the XML signature with JSR10.5 (JWSDP).It doesn't use any
keystore.I don't undestand how it generates a private to sign the
document..
Can you be more specific? It does not generate the signing key. It is up
to the application
gain knowledge wrote:
Here is the sample code.Does any one have any thoughts on this
Yes, you haven't signed the document yet. After creating the KeyInfo,
add the following lines:
XMLSignature sig = fac.newXMLSignature(si, ki,
Collections.singletonList(obj), null, null);
sig.sign(new D
Hess Yvan wrote:
I loaded an EncryptedKey element using the method: EncryptedKey
encryptedKey = XMLCipher.getInstance().loadEncryptedKey(encryptedKeyElt)
When I ask for the CarriedKeyName using encryptedKey.getCarriedName()
method, I got a null value that is wrong because my
element contai
I have seen this problem before in another context, but I cannot
remember if/how I resolved it. It has something to do with the
serialization to DOM in that it removes the xmlns:ds namespace
attributes which breaks the signature. You might try to invoke
org.apache.xml.security.utils.XMLUtils.ci
Sanctuary is a cool name. However there is a product named Sanctuary by
SecureWave: http://www.securewave.com/endpoint_security_solutions.jsp
--Sean
Berin Lautenbach wrote:
All,
So we have two names that people seem to like
Raksha
Santuary
Any other takers?
We also have a scope of
"...ope
Hi Raul,
Raul Benito wrote:
Hi,
I'm planning to do a minor release of java xmlsec 1.3.1. The main
reason, is the bug
http://issues.apache.org/bugzilla/show_bug.cgi?id=38605 , that hits
when the library is used in multithreads and use X509 resolvers,
resolving this has change slightly the API o
Pantvaidya, Vishwajit wrote:
I am using an open source kit that embeds xml sec java 1.2.1 with xml
beans version 1.0.x. The kit uses a different version of xml beans than
we do – but the 2 versions do not seem to be too different. When we try
to use it the kit with our xml beans version I get t
1 - 100 of 301 matches
Mail list logo
