santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Hummel <hum...@parityinc.net>
Subject Re: Problems writing signed document to disk
Date Fri, 04 Apr 2008 14:02:20 GMT
That might be, however the Transformer code to write the DOM to disk  
is right out of the xml signature tutorial, so I hope that is not the  
case...

I read through the list and saw some brief comments that suggest maybe  
one can add attributes (via setAttribute) which do not get added into  
a namespace until the document is written to disk (thus breaking the  
signature)??

Has anyone seen this before?  Any tips to debug?

http://mail-archives.apache.org/mod_mbox/xml-security-dev/200602.mbox/%3c43E3AFE8.9090300@sun.com%3e


On Apr 4, 2008, at 2:44 AM, panther@spreeathen.de wrote:

> Ian,
>
> I did not try it, but maybe your output to file adds "pretty  
> printing"? This means adding white spaces which breaks a signature.
>
> Cheers,
> Jörg Bartholdt
>
>
>
>
>
> Hi everyone,
>
>
> Something weird is going on when I try to write my signed Document  
> to disk...
>
>
> //doc is a Document which has gone through the signing process...
>
> Transformer xformer =  
> TransformerFactory.newInstance().newTransformer();
> DOMSource source = new DOMSource(doc);
> StreamResult result = new StreamResult(new File("output.xml"));
> xformer.transform(source, result);
>
>
>
>
>
> DocumentBuilderFactory dbf2 = DocumentBuilderFactory.newInstance();
> dbf2.setNamespaceAware(true);
> DocumentBuilder db2 = dbf2.newDocumentBuilder();
> Document doc2 = db2.parse(new File("output.xml"));
> boolean res1 = CryptoUtils.verifyXmlSignature(doc);
> boolean res2 = CryptoUtils.verifyXmlSignature(doc2);
> System.out.println("RES 1 (raw) was " + res1);
> System.out.println("RES 2 (read) was " + res2);
>
>
>
>
> This code prints out:
>
>
> INFO  org.apache.xml.security.signature.Reference - Verification  
> successful for URI "#IC01"
> WARN  org.apache.xml.security.signature.Reference - Verification  
> failed for URI "#IC01"
> WARN  CryptoUtils - Signature was invalid
> RES 1 (raw) was true
> RES 2 (read) was false
>
>
>
>
>
>
> any idea why writing the DOM to disk would make subsequent reads to  
> validate it fail?
>
>
> The only things I can think of are a) the Transformer is altering  
> the document before writing it to disk or b) there are a lot of  
> elements whose content is base64 encoded and making somehow they are  
> getting mangled when written to disk?
>
>
> Any help is appreciated!
>
>
> - ian.


Mime
View raw message