Raul, What I do is: I've signed a message on three elements: firstName, lastName and age. After signing I manually remove the lastName element. I then verify the message by selecting the ds:Signature with XPath and call check.. on the signature. The PKCS12 key is resolved with the StorageResolver from a keystore generated with the Sun keytool.
Here is the message I verify: <SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/";> <SOAP-ENV:Header> <RouteInformatie> <Bron> <ApplicatieNaam>tdc</ApplicatieNaam> </Bron> <Bestemming> <ApplicatieNaam>adwork</ApplicatieNaam> </Bestemming> </RouteInformatie> <uwvhh:UwvMLHandtekeningHeader xmlns:uwvhh="http://schemas.uwv.nl/UwvML/HandtekeningHeader-v0100";> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></ds:Canonicaliz ationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod> <ds:Reference URI="#firstName"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Trans form> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> <ds:DigestValue>W9rRuLBWFnib45Uam9i55MPkGIE=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> MfEO3uUWSuOLms69pIbucwFMl0jJqvGjlWK6f8IOcQI0KLDRrqyjMXuaAq8L2dbnn0uacBBCEZWf Def0sBOe1v939aoeKMU7TUq6y1DGozIMGk2S6x0kpXIUrfspGUzvTsv74YqGz77qM2iUq+iFVfix acNkVWtoL/jiu7WBiEc= </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509IssuerSerial> <ds:X509IssuerName>C=NL,ST=Amsterdam,L=Noord-Holland,O=UWV,OU=E-SMF,CN=biv</ ds:X509IssuerName> <ds:X509SerialNumber>1099053317</ds:X509SerialNumber> </ds:X509IssuerSerial> </ds:X509Data> </ds:KeyInfo></ds:Signature><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></ds:Canonicaliz ationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod> <ds:Reference URI="#lastName"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Trans form> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> <ds:DigestValue>YUXE2DIAGF3cv+TocVcHRR0Ioq0=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> NjqRWsqpNViJFomZ3bQTCm6TXqrVaUQkRa7XOaqlWVSGuG04mH3ZoAIHIMx2Bg73f+o4/pKHiPoZ Rroih9ZWlChQuSOY7CZfLR8FxGPMYZPpSFnpBmVDm+bkz1cMuZL3ylSE5hCbuKc7eM5ofFLTd4oQ eE+oLCYKWLMW/0hIrak= </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509IssuerSerial> <ds:X509IssuerName>C=NL,ST=Amsterdam,L=Noord-Holland,O=UWV,OU=E-SMF,CN=biv</ ds:X509IssuerName> <ds:X509SerialNumber>1099053317</ds:X509SerialNumber> </ds:X509IssuerSerial> </ds:X509Data> </ds:KeyInfo></ds:Signature><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></ds:Canonicaliz ationMethod> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod> <ds:Reference URI="#age"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";></ds:Trans form> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> <ds:DigestValue>5/8H0/+VWeGreoV16OxlUkJcZtA=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> LdCoQMfiRjfFK3PrJWxNJqhcynpSK2Dl51zLYx+aoAHvuwn0PXkrHcgmI2fiUoJwc/PPA4vBeoRN H7aHnSpMKC3iLqacf1LS8pL8toEtOzaZ+TNXd5Xs6I7UQGSM7SObs1XWvtS+RRV9PCBlXQxtLE1q Qyg0Gl9SShapspzTZh4= </ds:SignatureValue> <ds:KeyInfo> <ds:X509Data> <ds:X509IssuerSerial> <ds:X509IssuerName>C=NL,ST=Amsterdam,L=Noord-Holland,O=UWV,OU=E-SMF,CN=biv</ ds:X509IssuerName> <ds:X509SerialNumber>1099053317</ds:X509SerialNumber> </ds:X509IssuerSerial> </ds:X509Data> </ds:KeyInfo></ds:Signature></uwvhh:UwvMLHandtekeningHeader> </SOAP-ENV:Header> <SOAP-ENV:Body> <person id="person"> <firstName id="firstName">Joris</firstName> <age id="age"></age> </person> </SOAP-ENV:Body> </SOAP-ENV:Envelope> -----Oorspronkelijk bericht----- Van: Raul Benito [mailto:[EMAIL PROTECTED] Verzonden: dinsdag 2 november 2004 20:35 Aan: [EMAIL PROTECTED] Onderwerp: Re: RuntimeException > >-----Oorspronkelijk bericht----- >Van: Raul Benito [mailto:[EMAIL PROTECTED] >Verzonden: dinsdag 2 november 2004 10:09 >Aan: [EMAIL PROTECTED] >Onderwerp: Re: RuntimeException > > > >>Hi, >> >> >> >>I' m testing with 1.2RC1 release. I have this test that removes a signed >>element and then tries to verify the signature over the removed. In >>release >>1.1 this resulted in a XMLSignatureException and now it results in a >>RuntimeException. When the signed element is missing I'd like my software >>component to return that the verification failed. What is the rational >>behind the XMLSignatureInput throwing a RuntimeException? And if I'm not >>happy with that RuntimeException how can I prevent it from being thrown? >> >> >> >> >> Hi, After looking the code, I don't see how you can hit the throw RuntimeException instruction. Can you post your test case? Regards, Raul http://r-bg.com
