there are quite a few oddities with the xml you
posted.
1. security element does not belong to the wsse
namespace
2. username token appears in the body
But, anyway, that does not cause a problem with your
signature verification.
Looking at the keyinfo, it looks like the code will
take a path where there are no success statements to
sysout. I mean, your code will not go through
if (cert != null) {
System.out.println("Signed
info verify:
"+signature.getSignedInfo().verify());//false));
isValid =
signature.checkSignatureValue(cert);
System.out.println("Made it
here, sig is valid: "+isValid);
}
but will go through
else {
PublicKey pubKey =
signature.getKeyInfo().getPublicKey();
if (pubKey != null) {
isValid =
signature.checkSignatureValue(pubKey);
}
--rams
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
