santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From chirsmail sapl <chrisusm...@yahoo.com>
Subject Re: JDOM - Sign validation
Date Fri, 07 Apr 2006 17:54:03 GMT
Thanks again for your comments.The app handles JDOM  across the life cycle due to which the
singed DOM should be updated into JDOM back and convert the JDOM to DOM instead of saving
the XML into a file.
   
  Has anyone did some R&D on handling JDOM for signing and validating.
  

Martin Labarthe Dubois <dubois@consist.com.ar> wrote:
      you can try saving the XML to a file, and reading from it,
  when traspasing from one format to another and viceversa. JDOM <-> DOM
   
  moreover, i usually use IBMXMLSecurity suite to test the file just 
  typing 
  java dsig.VerifyGUI "filename.xml"
   
   
    ----- Original Message ----- 
  From: chirsmail sapl 
  To: security-dev@xml.apache.org 
  Sent: Friday, April 07, 2006 2:31 PM
  Subject: Re: JDOM - Sign validation
  

  thanks for the reply.When i print DOM and DOM converted from JDOM seems to be same.I see
lot of difference on the object level of signed DOM and DOM converted from JDOM.Because the
signing of DOM converted from JDOM work well.After updating the DOM into JDOM and then convert
the JDOM back to DOM ,the vaildation fails.
   
  I think if i get the exact singed DOM out of JDOM , i should be able to valid the sign.But
don't know how to get the exact DOM out of JDOM for validation.
  

Martin Labarthe Dubois <dubois@consist.com.ar> wrote:
          Yes. in this case i also saw both of them identical from the c14n perspective.
   
  You must have some other difference.
   
    ----- Original Message ----- 
  From: David Wall - Yozons Inc. 
  To: security-dev@xml.apache.org 
  Sent: Friday, April 07, 2006 2:09 PM
  Subject: Re: JDOM - Sign validation
  


    Thanks for the reply.
  1)The different is on the byte level.When we print the byte of the orignal DOM and DOM converted
from JDOM , the size is different.
  2)The DOM converted from JDOM has the white space if the element doesn't have the values.
  For example :
  Orignal XML content:
  <?xml version="1.0" encoding="UTF-8"?>
<div id="main"></div>
   
  DOM o/p using XMLUtils.outputDOMc14nWithComments(
  <div id="main"></div>
   
  JDOM O/P converted from DOM using XMLOutputter:
  <?xml version="1.0" encoding="UTF-8"?>
  <div id="main" />
   
  I think thats why it doesn't valid the DOM converted from JDOM.
  Can any expert suggest me a way to resolve the issue.
Isn't the point of canonicalization to remove such problems from syntactically equivalent
XML?   It seems that the element is the same, has the same value and same attributes with
the same values, so they should be treated as the same data from a digital signing perspective.

David

    
---------------------------------
  Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls. Great rates starting at 1ยข/min.

		
---------------------------------
Talk is cheap. Use Yahoo! Messenger to make PC-to-Phone calls.  Great rates starting at 1&cent;/min.
Mime
View raw message