Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 28349 invoked from network); 4 Apr 2008 14:00:10 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 4 Apr 2008 14:00:10 -0000 Received: (qmail 64226 invoked by uid 500); 4 Apr 2008 14:00:09 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 64212 invoked by uid 500); 4 Apr 2008 14:00:09 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 64201 invoked by uid 99); 4 Apr 2008 14:00:09 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Apr 2008 07:00:09 -0700 X-ASF-Spam-Status: No, hits=1.2 required=10.0 tests=SPF_NEUTRAL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: local policy) Received: from [207.5.72.93] (HELO exhub015-1.exch015.msoutlookonline.net) (207.5.72.93) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 04 Apr 2008 13:59:17 +0000 Received: from [192.168.1.100] (68.162.255.8) by smtpx15.msoutlookonline.net (207.5.72.103) with Microsoft SMTP Server (TLS) id 8.1.263.0; Fri, 4 Apr 2008 06:59:32 -0700 CC: "security-dev@xml.apache.org" Message-ID: <1D587466-7227-4478-817A-FC251319FA1A@parityinc.net> From: Ian Hummel To: panther@spreeathen.de In-Reply-To: <502784.4676221207291499789.JavaMail.servlet@kundenserver> Content-Type: text/plain; charset="ISO-8859-1"; format=flowed; delsp=yes Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 (Apple Message framework v919.2) Subject: Re: Problems writing signed document to disk Date: Fri, 4 Apr 2008 10:02:20 -0400 References: <502784.4676221207291499789.JavaMail.servlet@kundenserver> X-Mailer: Apple Mail (2.919.2) X-Virus-Checked: Checked by ClamAV on apache.org That might be, however the Transformer code to write the DOM to disk =20 is right out of the xml signature tutorial, so I hope that is not the =20= case... I read through the list and saw some brief comments that suggest maybe =20= one can add attributes (via setAttribute) which do not get added into =20= a namespace until the document is written to disk (thus breaking the =20 signature)?? Has anyone seen this before? Any tips to debug? = http://mail-archives.apache.org/mod_mbox/xml-security-dev/200602.mbox/%3c4= 3E3AFE8.9090300@sun.com%3e On Apr 4, 2008, at 2:44 AM, panther@spreeathen.de wrote: > Ian, > > I did not try it, but maybe your output to file adds "pretty =20 > printing"? This means adding white spaces which breaks a signature. > > Cheers, > J=F6rg Bartholdt > > > > > > Hi everyone, > > > Something weird is going on when I try to write my signed Document =20 > to disk... > > > //doc is a Document which has gone through the signing process... > > Transformer xformer =3D =20 > TransformerFactory.newInstance().newTransformer(); > DOMSource source =3D new DOMSource(doc); > StreamResult result =3D new StreamResult(new File("output.xml")); > xformer.transform(source, result); > > > > > > DocumentBuilderFactory dbf2 =3D DocumentBuilderFactory.newInstance(); > dbf2.setNamespaceAware(true); > DocumentBuilder db2 =3D dbf2.newDocumentBuilder(); > Document doc2 =3D db2.parse(new File("output.xml")); > boolean res1 =3D CryptoUtils.verifyXmlSignature(doc); > boolean res2 =3D CryptoUtils.verifyXmlSignature(doc2); > System.out.println("RES 1 (raw) was " + res1); > System.out.println("RES 2 (read) was " + res2); > > > > > This code prints out: > > > INFO org.apache.xml.security.signature.Reference - Verification =20 > successful for URI "#IC01" > WARN org.apache.xml.security.signature.Reference - Verification =20 > failed for URI "#IC01" > WARN CryptoUtils - Signature was invalid > RES 1 (raw) was true > RES 2 (read) was false > > > > > > > any idea why writing the DOM to disk would make subsequent reads to =20= > validate it fail? > > > The only things I can think of are a) the Transformer is altering =20 > the document before writing it to disk or b) there are a lot of =20 > elements whose content is base64 encoded and making somehow they are =20= > getting mangled when written to disk? > > > Any help is appreciated! > > > - ian.