The JSR 105 API which will be added to the next (1.4) release of Apache
XMLSec allows you to determine whether an invalid signature was caused
by a signature value that failed to verify and/or if one or more of the
reference digests failed to match.
--Sean
David Garcia wrote:
Hi,
My name is David Garcia and I’m developing an XmlSignature Validation
engine. In the first step it uses apache security framework to check
signature’s correctness and when the signature is valid there’s no
problem but when there’s a problem with something (like a bad hash,
invalid SignatureValue or something) I can’t get the cause of what
happened because only a false return value is returned. In my
application I return a more concise data of what happened including a
Major and Minor code like the following:
public enum Major {
VALID,
INVALID,
UNDEFINED,
}
public enum Minor {
CORRECT,
INCORRECT,
SEMANTIC_ERROR,
SYNTACTIC_ERROR,
MISSING_SIGNED_ATTRIBUTES,
INVALID_SIGNED_ATTRIBUTES,
INVALID_UNSIGNED_ATTRIBUTES,
INVALID_CONTENT_INFO,
INVALID_ENCAPSULATED_CONTENT,
INVALID_KEY,
INVALID_SIGNATURE,
MISSING_CERTIFICATES,
MISSING_SIGNER_INFO,
KEY_NOT_RECOVERABLE,
INVALID_DIGEST_VALUE,
REFERENCE_NOT_INITIALIZED,
MISSING_RESOURCE,
UNKNOWN_ALGORITHM;
}
I found that there are several exceptions like
InvalidDigestValueException or InvalidSignatureValueException but nobody
throws them L
Is there any way of finding what happened on the validation process
when the signature is not valid?
Regards
Dave Garcia
