So... I am able to make this work be creating a new XMLSignature, setting the data of the SignatureValue node of the new XMLSignature to that of the original XMLSignature and then verifying the new XMLSignature. This seems to work. I'm just curious if anybody thinks that this is bad practice for some reason.
Also, if anybody has any sort of insight as to why it is so challenging to validate an enveloped signature after the document it is in has been serialized to text and parsed back to a DOM object I would greatly appreciate it. It kind of seems like text serialization was really an afterthought. -Garett -----Original Message----- From: Garett Shulman [mailto:[EMAIL PROTECTED] Sent: Thursday, September 07, 2006 2:57 PM To: security-dev@xml.apache.org Subject: cant verify after serialize/parse Hello, I am working on code which serializes an org.w3c.dom.Document to a string of xml, parses this string back to an org.w3c.dom.Document and then verifies against an enveloped XMLSignature. However, after serialization/parsing I cannot seem to verify the XMLSignature. This seems to be related to the ds:SignedInfo node. If I replace the ds:SignedInfo Node of the ds:Signature Element after serialization/parsing with the ds:SignedInfo Node of the ds:Signature Element from before serialization/parsing then I can successfully verify the signature. I figured I would try to similarly replace the 3 child elements of ds:SignedInfo (ds:SignatureMethod, ds:CanonicalizationMethod, & ds:Reference) one at a time to try to narrow down the problem, but even when I replace all three at the same time the verification still fails. I can step through the XMLSignature checkSignatureValue() code but eventually get to java.security.Signature.verify(byte[] signature) wherein the verification seems to fail. I'm not sure how to debug this past that point. I have attached a copy of the code I am working with (sorry, it's grown rather hideous), as well as the cert/keystore & log4j debug.log. Also, I'm currently restricted to jvm 1.4.3.04 . Any suggestions as to how I might try to debug this are greatly appreciated. Thanks for any suggestions you might have! -Garett
