DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=35960>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=35960 Summary: Enveloped Signature Transform failed after a transform producing an octet stream output Product: Security Version: Java 1.2.1 Platform: Other OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Signature AssignedTo: security-dev@xml.apache.org ReportedBy: [EMAIL PROTECTED] To perform an enveloped signature, we need to add a Transforms.TRANSFORM_ENVELOPED_SIGNATURE to the Transforms list for the refernce pointing to the element enveloping the signature. If a transform producing an octet stream output is listed BEFORE the TRANSFORM_ENVELOPED_SIGNATURE, the transforms execution will not remove the signature element. The signature is performed including all SignatureELement and works fine. But the verification fails because the digest and signature value has been added to the signed element. This error is due to the use of a DocumentBuilder in the getNodeSet(boolean circunvent) method of the XMLSignatureInput class. In this method a new Document is built from the octet stream. When the EnvelopedSignature is perform, the SignatureElement is found in the base document and is looked in the rebuilt document in order to be removed with the method : XMLUtils.excludeNodeFromSet(signatureElement, inputSet) which uses the method XMLUtils.isDescendantOrSelf(signatureElement, inputNode) this method compares the node with the equals() method of the Objet class. The nodes are not extracted from the same document so they are never equals and never removed. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
