Scott Cantor wrote:
>
>> 1. Does it make difference to SignedInfo's verify API:
>>
> (http://santuario.apache.org/Java/api/org/apache/xml/security/signature/Sign
>
>
> That's not how all the standard c14n algorithms work, prefixes are part of
> the signed material and you can't change them in between. Any tool that
> rewrites them while purporting to support signing is essentially broken.
>
>
mustvicky wrote:
>
> Thanks for looking into this Scott.
> I will try and explain my whole problem here.
>
> I use this method to calcualte the digest at the client side:
>
> org.apache.xml.security.c14n.Canonicalizer canon = Canonicalizer
>
> .getInstance(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
> bodyDigest = Base64.encode(MessageDigest.getInstance("SHA-1")
> .digest(canon.canonicalizeSubtree(body)));
>
>
> On the server side, it looks like SignedInfo.verify call is always
> assuming SOAP-ENV and not soapenv.
> This is because, if the digest of the SOAP body calculated on the client
> side is Axis1's body (SOAP-ENV namespace), the digest matches on the
> server side.
>
> But if the digest of the SOAP body calculated on the the client side using
> Axis2's body (soapenv namespace), the digest does not match on the server
> side.
>
>
--
View this message in context:
http://old.nabble.com/SignedInfo%27s-verify-method-tp26779945p26789397.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
