Could somebody please help me on my last request to make the legacy signature
validation work for the (see below)
Thanks!
--- On Thu, 1/29/09, Harakiri <harakiri...@yahoo.com> wrote:
> From: Harakiri <harakiri...@yahoo.com>
> Subject: Re: Invalid Signature problem through Empty elements are converted
> to start-end tag pairs
> To: security-dev@xml.apache.org
> Date: Thursday, January 29, 2009, 12:08 PM
> > From what I can tell, I think you are trying to
> generate an
> > enveloped signature that signs the entire contents of
> the
> > document (excluding the signature). In that case, you
> should
> > replace your code and use the example above as a
> guideline.
>
> This is what i want to do, but i need to find a way to
> verify the signatures correctly of the xml sigs that were
> created with the legacy system. Currently i can only verify
> that the signature itself is valid, not the refs - maybe
> there is something to make the ref validiation also valid?
>
>
> > These appear to be really old from a Sun product
> (JWSDP)
> > that is no longer supported. If possible, I would
> encourage
> > you to move to something more recent, either use the
> > xmlsec.jar from a recent Apache XML Security release
> (which
> > will work on JDK 1.4.2 and up) or the XML Security/JSR
> 105
> > implementation built into JDK 6.
>
>
> Yes i want to move to the xml security of apache, hence why
> i am having trouble verifiying my old signatures. I cant
> move to the new one, if my old signatures are shown as
> invalid (only the reference validiation tho)
