Hi,
i have tried to sign a SOAPMessage with the code provided by wss4j examples.
I have a signature verification fail error when i try to verify the
signature.
here the code i used
WSSignEnvelope builder = new WSSignEnvelope();
builder.setUserInfo("client", "security");
builder.setKeyIdentifierType(WSConstants.ISSUER_SERIAL);
Document doc = unsignedEnvelope.getAsDocument(); /////// IS A SOAPMessage
Document signedDoc = builder.build(doc, crypto);
Message signedMsg = (Message) toSOAPMessage(signedDoc);
signedDoc = signedMsg.getSOAPEnvelope().getAsDocument();
verify(signedDoc);
It seems that the "Message signedMsg = (Message)
SOAPUtil.toSOAPMessage(signedDoc); " change the body of the message
(insert some new line) so the message differs from the one used to sign,
and it' s natural that the signature verification must fail.
if i comment out the two lines:
Message signedMsg = (Message) toSOAPMessage(signedDoc);
signedDoc = signedMsg.getSOAPEnvelope().getAsDocument();
and i verify the signed message after have signed it, the signature
verification it's ok.
Alessandro Gilardoni
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
