If you attach the signature I might be able to make a guess, but you
really need to debug it and find out what the reference's pre-digested
content is when signing and validating and then compare them to see what
is breaking the signature. Often it's a namespace issue.
--Sean
Ian Hummel wrote:
Hi everyone,
Something weird is going on when I try to write my signed Document to
disk...
//doc is a Document which has gone through the signing process...
Transformer xformer = TransformerFactory.newInstance().newTransformer();
DOMSource source = new DOMSource(doc);
StreamResult result = new StreamResult(new File("output.xml"));
xformer.transform(source, result);
DocumentBuilderFactory dbf2 = DocumentBuilderFactory.newInstance();
dbf2.setNamespaceAware(true);
DocumentBuilder db2 = dbf2.newDocumentBuilder();
Document doc2 = db2.parse(new File("output.xml"));
boolean res1 = CryptoUtils.verifyXmlSignature(doc);
boolean res2 = CryptoUtils.verifyXmlSignature(doc2);
System.out.println("RES 1 (raw) was " + res1);
System.out.println("RES 2 (read) was " + res2);
This code prints out:
INFO org.apache.xml.security.signature.Reference - Verification
successful for URI "#IC01"
WARN org.apache.xml.security.signature.Reference - Verification failed
for URI "#IC01"
WARN CryptoUtils - Signature was invalid
RES 1 (raw) was true
RES 2 (read) was false
any idea why writing the DOM to disk would make subsequent reads to
validate it fail?
The only things I can think of are a) the Transformer is altering the
document before writing it to disk or b) there are a lot of elements
whose content is base64 encoded and making somehow they are getting
mangled when written to disk?
Any help is appreciated!
- ian.
