We created signatures using the SUN XML Signature APIs in JRE 5 Versions. Due to a bug in SUNs API we like to use the XML Security API from Apache.
However, all our signatures are invalid through possibly a bug in java. The signatures have been created with the following: http://www.w3.org/TR/2001/REC-xml-c14n-20010315 however it seems that java signed empty tags as: <param name="myparam"/> but apache security correctly validates as <param name="myparam"></param> Since i cant just change existing signatures, how can I modify the apache xmldsig validation so that it will not compute the hash over the empty tags as <param></param> but as <param/> ? Thanks!
