Sean Mullan wrote on 2009-03-25: > JSR 105 is consistent with your view and documents the behavior. If the > contents of the document are subsequently modified, then you need to > instantiate a new XMLSignature object.
Well, in this case, nothing's being modified. What happens is you sign the DOM, and then (via the APIs OpenSAML provides in this case), an attempt is made to verify the signature that was just created. That won't work in general if methods like getKeyInfo() don't return what they should, since even if mechanically the signature might verify internally, the surrounding code that eventually gets written needs access to the details for trust verification. -- Scott
