Raul,
Thanks for the help! Your solution is the correct one.
I moved the signature element removal and document output to the end of the routine and the verification now works properly.
-- Carolyn
At 04:07 AM 5/20/2005, Raul Benito wrote:
I think that your problem resides in modifying and removing the signature from the DOM before verifing it: in your removeXMLSignature(...) method you have: Node ParentNode = sigElement.getParentNode(); ParentNode.removeChild(sigElement); XMLUtils.outputDOM(doc, output); doc = null;
signature.addResourceResolver(resolver);
// XMLUtils.outputDOMc14nWithComments(signature.getElement(), System.out); KeyInfo ki = signature.getKeyInfo(); //Then you verify here. The problem is when signing the signedInfo it doesn't get the parente namespaces so it fails verifiying(that's why it works without xmlns in the parent). You have two possible solutions: * Remove after verifiying the signature. * Or setting to exclusive c14n method the signature.
Regards,
On 5/19/05, Carolyn Cole <[EMAIL PROTECTED]> wrote:
> Hello,
>
> My answers are incorporated bellow. Any additional insight would be
> appreciated.
>
> -- Carolyn
>
> At 05:18 AM 5/19/2005, Raul Benito wrote:
> >Excuse me,
> > I haven't time to look in too much detail to your code, so perhaps
> >some questions are stupid ones:
> > but why are you using offlineresolver without calling any register?.
>
>
> I am only using the resolver for items that are in the XML-security data
> location. I have made a slight modification to the resolver to register
> this area automatically when it initilizes.
>
>
> > What do you want: a detach signature(i.e. one that signs a
> >external document that it doesn't contain) or just an enveloping
> >signature?, and then why are you using enveloped transformations?
>
>
> I really do want an enveloped signature. The issue is not the type of
> signature, or the signature creation. It is the fact that the signature
> does not validate under XML Security 1.2.1 if there is a namespace in the
> root XML node. It does validate correctly under XML Security 1.1.1.
>
>
>
> >Regards,
> >
> >p.s.
> >just for clarity
> >enveloped signatures are: <thing to sign><signature/></thing to sign>,
> >enveloping signatures are:<signature><thing to sign/></signature>
> >
> >
> >
> >On 5/18/05, Carolyn Cole <[EMAIL PROTECTED]> wrote:
> > > Hello,
> > >
> > > I am currently trying to upgrade from XML Security 1.1.1 to XML
> > Security 1.2.1.
> > >
> > > My code that previously worked to insert and enveloped signature and verify
> > > that signature in 1.1.1 now does not work.
> > >
> > > I have attached the code, which I built from the samples:
> > UAIMSecurity.java.
> > >
> > > I have noted that the code runs under 1.2.1 if the xml does not include a
> > > name space.
> > >
> > > The other item I noted in the debug I have attached is that 1.1.1 uses my
> > > bouncy castle provider. 1.2.1 for some reason uses Sun's provider.
> > >
> > > The only difference when I run the programs is the XML security jars.
> > >
> > > I am actually using the 1.2.1 data files for the 1.1.1 run as well as the
> > > 1.2.1 run.
> > >
> > > Does anyone have any ideas on how to get 1.2.1 running?
> > >
> > > Any help would be appreciated.
> > >
> > > Thanks!
> > >
> > > -- Carolyn
> > >
> > >
> > >
> > >
> > >
> >
> >
> >--
> >http://r-bg.com
>
>
>
-- http://r-bg.com
