Scott Cantor wrote:
So what does this mean? There are no References? That seems odd, but
i'm not sure what to do about it.
It means the corruption is inside the Signature element itself, not the
digest over the single reference that exists (ref[0]).
-- Scott
And make sure you are using the right key to validate the signature.
Also, try dumping the canonicalized bytes of the SignedInfo element
after signing and validation. You can do this by calling
signature.getSignedInfo().getCanonicalizedData(). This returns an
InputStream and you can use an InputStreamReader to read the bytes and
write them out. Look for subtle differences in the data from the signing
and the validating code. You should see something that is different and
this should hopefully give you some clue as to what is wrong.
Also, see http://weblogs.java.net/blog/mullan/archive/2007/08/index.html
--Sean
