Hello all!!!
I need to generate a detached signature for my application. As the only basis about this kind of signatures is the "CreateSiganture" example and no other example has been found, I decided to implement my own code (very similar to what you can find in the examples) to obtain a detached signature. Among other things, my code contain the following extract:
[...]
Element node1 = doc.createElementNS("http://www.apache.org/ns/#app1","node1";);
String nodeId = "d1";
node1.setAttribute("Id",nodeId);
IdResolver.registerElementById(node1,nodeId);
node1.appendChild(doc.createTextNode("I am the signed information"));
root.appendChild(node1);
XMLSignature sig = new XMLSignature(doc, BaseURI,
XMLSignature.ALGO_ID_SIGNATURE_DSA);
root.appendChild(sig.getElement());
sig.getSignedInfo().addResourceResolver(new org.apache.xml.security.samples.utils.resolver
.OfflineResolver());
Transforms transforms = new Transforms(doc);
transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
sig.addDocument("#"+nodeId, transforms, Constants.ALGO_ID_DIGEST_SHA1);
[...]
I run it and everything is ok (apparently, It seems to sign successfully). But, when I try to verify the signature (using "VerifySignature" example), I get a warning message, although the verification is OK:
ADVERTENCIA: Found an Element using an insecure Id/ID/id search method: node1
21-dic-2004 14:48:44 org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#d1"
Does anybody know what the problem is??? Have I to specify some kind of IDResolver in the verification code???? Can someone send me a detached signature example which works ok???
I hope you are so kind as to help me. Thank you very much in advance. Marina.
_________________________________________________________________
Móviles, DVD, cámaras digitales, coleccionismo... Con unas ofertas que ni te imaginas. http://www.msn.es/Subastas/
