Hi all,
Possible bug?
I have produced a document that includes an enveloped signature and I am trying to reformat it so I can include it in an RFC (69 characters per line and all). That means tinkering with the whitespace. So far I've been able to change all the parts of the document that are excluded by transforms without signature validation failing, except for the ds:SignedInfo element.
I'm using the following to check that the signature was correctly applied:
XMLSignature sig = new XMLSignature((Element)nl.item(i), "");
X509Certificate cert = sig.getKeyInfo().getX509Certificate();
if (! sig.checkSignatureValue(cert))
For some reason, if I modify the whitespace within the SignedInfo, signature validation fails. I can't explain this, since I'm using the enveloped signature transform, which should rule out any changes to the signature that don't actually change parameter values.
I can change a few things in the SignedInfo element: the whitespace within the actual tags (< ds:Reference URI="" > is as good as <ds:Reference URI="">), and I can use '/>' for empty elements in place of a closing tag. Interestingly, the whitespace in the ds:DigestValue element is the only whitespace that can be changed without effect.
I've expressly printed the output of my custom transform and there is no difference between a successful validation and a failed one.
Martin
