santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dafydd Winfield <dafyw...@gmail.com>
Subject Problems with XMLDSIG on JWSDP 1.3
Date Thu, 10 Mar 2005 06:34:19 GMT
Hi,

I am currently having problems with producing a valid XMLDSIG
signature on JWSDP. First I wrote signing and verifying handlers for
Axis and had no problems. I then ported this implementation to JWSDP
1.3 - for a client. When I sign then verify the server verification
succeeds. However the XMLDSIG signature produced by the siging code is
not valid according to the web based XMLDSIG validator at:
http://www.aleksey.com/xmlsec/xmldsig-verifier.html - so it should
never verify successfully. The verification error on the website site
says that the data does not match the digest. As I said the same code
in the Axis handler produces valid XMLDSIG signatures. Signatures
produced by the Axis handlers do not verify against the Sun handlers.

Finally I wrote a JWSDP client and added the signing and verifying
handlers - both client side for testing purposes. These worked
correctly and produced correct XMLDSIG signatures according to the
external validator. The only explanation seems to be that there must
be library problem with the JWSDP 1.3 server tomcat installation
(which was newly installed for this test) but I am at a total loss as
to where it is - perhaps the digesting code has problems? N.B. I have
copied the required endorsed jars.

Has anyone else had any similar problems with JWSDP 1.3 - or know of
some code that works. I am using JDK 1.4.2_07 and axis security 1.2.1.

I can supply source if necessary.

Many thanks for you help,



Dafydd

Mime
View raw message