santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sean Mullan <Sean.Mul...@Sun.COM>
Subject Re: Invalid Signature problem through Empty elements are converted to start-end tag pairs
Date Thu, 29 Jan 2009 16:08:04 GMT
Harakiri wrote:
>>>> This is a very strange signature. If you just want
>> to sign
>>>> the contents of the document (the tbone element)
>> without the
>>>> signature, you should just use the enveloped
>> transform: 
>> http://www.w3.org/TR/xmldsig-core/#sec-EnvelopedSignature
>>> I think the code was based on this example:
>>> 
>>> 
>> http://svn.apache.org/repos/asf/xml/security/trunk/src_samples/javax/xml/crypto/dsig/samples/GenEnveloped.java
>> 
>> 
>> But that example uses the Enveloped Signature Transform.
> 
> So the sample code i submitted earlier is correct ? 

No, I don't think so.

 From what I can tell, I think you are trying to generate an enveloped 
signature that signs the entire contents of the document (excluding the 
signature). In that case, you should replace your code and use the 
example above as a guideline.

> Since we use
> enveloped signature transform? Because you said we should better use
> enveloped signature transform. Im sorry im just getting the basics of
> xml signature.
> 
> 
>> When you say SUN xmldsig jars, I'm still not sure what version of
>> the software you are using. Can you give me more details as to what
>> you are using?
> 
> Im really sorry, im trying to maintain a legacy application and do
> not have specific information. I decompiled the jars to figure out
> exactly what version it is - but i havent. I will attach the used
> jars to this message.

These appear to be really old from a Sun product (JWSDP) that is no 
longer supported. If possible, I would encourage you to move to 
something more recent, either use the xmlsec.jar from a recent Apache 
XML Security release (which will work on JDK 1.4.2 and up) or the XML 
Security/JSR 105 implementation built into JDK 6.

--Sean




Mime
View raw message