Re: Problems writing signed document to disk

Fri, 04 Apr 2008 07:00:09 -0700

That might be, however the Transformer code to write the DOM to disk is right out of the xml signature tutorial, so I hope that is not the case...
I read through the list and saw some brief comments that suggest maybe one can add attributes (via setAttribute) which do not get added into a namespace until the document is written to disk (thus breaking the signature)?? 

Has anyone seen this before?  Any tips to debug?

http://mail-archives.apache.org/mod_mbox/xml-security-dev/200602.mbox/[EMAIL 
PROTECTED]


On Apr 4, 2008, at 2:44 AM, [EMAIL PROTECTED] wrote:


Ian,


I did not try it, but maybe your output to file adds "pretty  
printing"? This means adding white spaces which breaks a signature.


Cheers,
Jörg Bartholdt





Hi everyone,



Something weird is going on when I try to write my signed Document  
to disk...



//doc is a Document which has gone through the signing process...


Transformer xformer =  
TransformerFactory.newInstance().newTransformer();

DOMSource source = new DOMSource(doc);
StreamResult result = new StreamResult(new File("output.xml"));
xformer.transform(source, result);





DocumentBuilderFactory dbf2 = DocumentBuilderFactory.newInstance();
dbf2.setNamespaceAware(true);
DocumentBuilder db2 = dbf2.newDocumentBuilder();
Document doc2 = db2.parse(new File("output.xml"));
boolean res1 = CryptoUtils.verifyXmlSignature(doc);
boolean res2 = CryptoUtils.verifyXmlSignature(doc2);
System.out.println("RES 1 (raw) was " + res1);
System.out.println("RES 2 (read) was " + res2);




This code prints out:



INFO  org.apache.xml.security.signature.Reference - Verification  
successful for URI "#IC01"
WARN  org.apache.xml.security.signature.Reference - Verification  
failed for URI "#IC01"

WARN  CryptoUtils - Signature was invalid
RES 1 (raw) was true
RES 2 (read) was false







any idea why writing the DOM to disk would make subsequent reads to  
validate it fail?




The only things I can think of are a) the Transformer is altering  
the document before writing it to disk or b) there are a lot of  
elements whose content is base64 encoded and making somehow they are  
getting mangled when written to disk?



Any help is appreciated!


- ian.
























					Reply via email to