Jean-Luc Cooke wrote:
Woh. You're right, I missed it! 1.3.0 gave the results I mentioned:
Try to verify
file:/home/jlcooke/crypt_map/sc_data/sc/xmlsec_j/xml-security-1_3_0/src_samples/../../../xmlsec/2007-02-21/Word-plugin-signature.xml
Could find a X509Data element in the KeyInfo
Feb 28, 2007 10:17:19 AM org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#idPackageObject"
Feb 28, 2007 10:17:19 AM org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#idOfficeObject"
Feb 28, 2007 10:17:19 AM org.apache.xml.security.signature.Reference verify
WARNING: Verification failed for URI "#idsigInvalidImage"
Feb 28, 2007 10:17:19 AM org.apache.xml.security.signature.Reference verify
WARNING: Verification failed for URI "#idsigValidImage"
The XML signature in file
file:/home/jlcooke/crypt_map/sc_data/sc/xmlsec_j/xml-security-1_3_0/src_samples/../../../xmlsec/2007-02-21/Word-plugin-signature.xml
is invalid !!!!! (bad)
Object=
HOWEVER! Is there any way to know *why* the signature failed? Is there
something I can query
in the API to find out?
I'd encourage you to take a look at JSR 105 which is the Java standard
XML Digital Signature API and is now included in Apache XMLSec as of
version 1.4. The implementation of JSR 105 uses the Apache XMLSec APIs
underneath. JSR 105 API has methods to determine whether a reference or
signature (or both) caused the validation failure. See
http://weblogs.java.net/blog/mullan/archive/2006/01/my_xml_signatur_1.html
for how you would do this.
--Sean
