Raul Benito wrote:
namespace definitions has caused the failure of verification when a signed document A is embedded into another document B. After B is signed, the namespace definition in A has also changed and signature verification is failed. Is there anyway to let the signing method to not change the original DOM tree (other than adding the Signature element)?
Thanks,
Jinsong
The CVS version change less the original DOM tree(in some cases it is still needed to mess the DOM tree). Any how there has to be some problem with your signature embeding, becouse the exclusive c14n doesn't fail if it has more namespaces defined that when it was signed.
+1 to everything Raul said.
Just to add a thought as to why the signature might be failing - what document are you feeding to xml-security? If you have embedded the document you provided in another document and then try to validate the signature, the validation will fail as the reference has a URI of "", so it will try to validate the signature against the entire *new* document.
Cheers,
Berin