Sure, it's pasted below, minus some Eclipse junk. The crash is in the
Manifest.verifyReferences method when it checks the size of the references
array. That array is null, unless you parse the SignedInfo from text into a
DOM. It doesn't get initialized when the signature objects are built during
signing. This is the general issue across the code, it doesn't maintain a
two-way sync between the state of the objects and the DOM fragments so that
you can operate in either "realm" consistently.
This little patch will help your problems, I haven't committed it because my current CVS checkout is changed with some work I'm doing with SAX signatures, but it should work for you.
Please test it and when I came back home I'll commit and test it in a clean tree.
Index: Manifest.java
===================================================================
RCS file: /home/cvs/xml-security/src/org/apache/xml/security/signature/ Manifest.java,v
retrieving revision 1.30
diff -u -r1.30 Manifest.java
--- Manifest.java 25 Sep 2004 19:42:22 -0000 1.30
+++ Manifest.java 9 Nov 2004 10:01:25 -0000
@@ -286,6 +286,10 @@
*/
public boolean verifyReferences(boolean followManifests)
throws MissingResourceFailureException, XMLSecurityException {
+ if (_referencesEl==null) {
+ this._referencesEl = XMLUtils.selectDsNodes(this._constructionElement.getFirstChild(),
+ Constants._TAG_REFERENCE);
+ }
if (log.isDebugEnabled()) {
log.debug("verify " +_referencesEl.length + " References");
log.debug("I am " + (followManifests
While I'm mentioning this, I also noticed a change in the exception
declaration of the XMLSignature element-based constructor. This required me
to make a code change, because the 1.1 library was declared as throwing an
IOException, which I had to catch, and now it complains that there is no
such exception thrown. I don't know if this is a great idea since it breaks
existing applications without a lot of reason that I can see...
-- Scott
Well, you are the second guy with the same gripe and perhaps I should reconsider it, but till now I'm still thinking it is better the way it is right now.
The xml-sec 1.2 is/will be binary compatible with 1.1 one, i.e. if you have something compiled with 1.1 you just change the 1.1 jar with 1.2 jar and everything should work fine.
But it is not near source compatibly with 1.1, this is because a lot of exceptions that are declared to be thrown in 1.1 are not needed anymore, and will never be. This is just the change between using some XPath instructions that throw some exceptions and using its DOM counterparts that don't throw any exception, or some other changes like this. I think is better to change the throw signature and tell the people that the all exceptions will never be thrown again.
Hope it convince you, anyway I'm open to be convinced to declare to throw something will never be thrown.
Regards,
Raul
http://r-bg.com
