Re: question

Tue, 27 May 2008 10:36:55 -0700 



Jean-Charles Laurent wrote:


Thanks Brent,


I agree, the removel of line break is not the perfect solution. My 
guest would be be some kind of serialization or deserialization problem.



That's probably the most common problem with signatures that fail to 
validate after being sent to a remote peer.




The xml is signed on a AS400 (using java), then validated on a windows 
PC with BizTalk and dot-net. We dot not have control on the PC side so 
we must do with what we have.




Well it sounds like the problem is on their side, not yours, unless you 
are corrupting when you serialize.  Have you tried signing, writing it 
out to a file etc, then rereading and parsing and validating on your 
side?  If that works, then it's almost certainly a problem on their side 
(unless there's a bug in Apache XML Security or something).




Other cies have managed to sign in Java (using Bouncy Castle) it seems.



Well, BC just provides the crypto (JCA/JCE support), not XML Signature 
support AFAIK, so I doubt that's relevant.  You can also configure the 
BC JCE and use that with Apache XML Security if you like.  I doubt that 
is the problem, however.




To set the system property we need to do something like this?


   System.setProperty("org.apache.xml.security.ignoreLineBreaks", 
"true");



Yes, or you can specify as an arg to the JVM with a -D parameter, e.g.  
-Dorg.apache.xml.security.ignoreLineBreaks=true






If so when should do this. I'am doing it like this:

public String signIt(String keyStorePath, String keystorePass,

       String privateKeyAlias, String privateKeyPass, String strXML) 
throws Exception {


   //

   System.setProperty("org.apache.xml.security.ignoreLineBreaks", 
"true");      
   org.apache.xml.security.Init.init();




This gets set as a static member variable, so it's only going to get 
evaluated once, when the class loads.  If you do with 
System.setProperty, you'd have to make sure to do very early on in your 
code, before the XMLUtils class gets loaded by the classloader.  The 
safest/surest way is probably just to use a -D arg to your JVM.


org.apache.xml.security.utils.XMLUtils:

 private static boolean ignoreLineBreaks = false;
  static {
     try {
        ignoreLineBreaks = Boolean.getBoolean
       ("org.apache.xml.security.ignoreLineBreaks");
     } catch (Exception e) {
        // ignore exceptions
     }
  }


--Brent



























					Reply via email to