santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: Microsoft Office12 Postmark will not verify
Date Wed, 28 Feb 2007 18:25:35 GMT
Scott Cantor wrote:
>>>> You can also do this with JSR 105 - you can optionally specify whether
>>>> you want to be able to get the referenced data before it is transformed
>>>> and digested. I believe there is also a way to do that in the Apache
>>>> XMLSec APIs (don't have time to check right now).
>>> It has to be *after* the transforms, or you still don't know what's been
>>> signed.
>> Right, that's what I meant, was a typo on my part.
> 
> Ok, that's probably a starting point then. I don't believe xmlsec has any
> way to do this with its own APIs other than running the processes twice,
> which isn't really ideal.

I believe you are right.

Here's how it works in JSR 105, It is off by default so you need to 
enable it first before you validate:

valContext.setProperty("javax.xml.crypto.dsig.cacheReference", 
Boolean.TRUE);
boolean isValid = signature.validate(valContext);
Iterator i = signature.getSignedInfo().getReferences().iterator();
for (int j=0; i.hasNext(); j++) {
     InputStream is = ((Reference) i.next()).getDigestInputStream();
     // Display the data.
}

You can also get the dereferenced data (before it is transformed) by 
calling reference.getDereferencedData().

--Sean






Mime
View raw message