Hi, Just testing the RC jarfile recently posted with OpenSAML. Something I just noted because of how my test was written is that it appears to be harder (impossible?) to verify a signature if the XML being signed isn't read in from a DOM.
I used to be able to create a signature over a DOM and fill it in, and then immediately verify the signature in the normal manner without an intervening step to dump the XML out and reparse it back in. I always found that certain objects (KeyInfo in particular) weren't set up when I did this, but at least the core signature stuff seemed to be in place. Now I get a crash in the SignedInfo object while verifying because the reference array is null. Is this just a completely unsupported idea? I admit it's not perhaps common, but it's kind of useful for testing. -- Scott
