DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40921>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40921 ------- Additional Comments From [EMAIL PROTECTED] 2006-11-08 08:29 ------- (In reply to comment #5) > (In reply to comment #4) > > That code looks fine, but it is still missing something. How do you modify > > the X509Certificate? > I modify the certificate by substituting it for one from an other xml that > was > signed with different certificate. > >I would add a print statement in the KeySelector to print > > out the key that you are using to validate the signature. Is it different > after > > you modify the X509Certificate? > The key is the same. because i havent modified it. i think the key is that > one > inside the <KeyValue> tag: > > <KeyValue> > - <RSAKeyValue> > > <Modulus>unmSpz4AW43DBUeUtbGDxyEBOmKUiAM136ZrGOlJRzximnaFjABuQ7Ucix5Ru60DLlUH5Q3 > KHfDW > aimUe3ufnWUWSGkbNUGYtwdqv/54LvTvW3SMA0IuvfqUmdF+AJgHCWv0rEYizswKaeNgMak+/oWL > MBrOwE2+fhB6l87tBo8=</Modulus> > <Exponent>AQAB</Exponent> > > i could try using the key from the certificate in <x509data> tag... Yes, if you change your KeySelector to check the X509Data before the KeyValue then it will use the certificate's key and the signature validation will fail. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
