> Hi, > > Just testing the RC jarfile recently posted with OpenSAML. Something I > just > noted because of how my test was written is that it appears to be harder > (impossible?) to verify a signature if the XML being signed isn't read in > from a DOM. > > I used to be able to create a signature over a DOM and fill it in, and > then > immediately verify the signature in the normal manner without an > intervening > step to dump the XML out and reparse it back in. > > I always found that certain objects (KeyInfo in particular) weren't set up > when I did this, but at least the core signature stuff seemed to be in > place. Now I get a crash in the SignedInfo object while verifying because > the reference array is null. > > Is this just a completely unsupported idea? I admit it's not perhaps > common, > but it's kind of useful for testing. > > -- Scott
It's little strange but it's also true that it is good for testing. Can you post the stacktrace so i can take a look and see if there is something we can do about it? Regards, p.s-I'm going to be off-net for 10 days so don't expect a lot of answers from me, but feel free to post issues for 1.2RC. Raul http://r-bg.com
