santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Cantor" <canto...@osu.edu>
Subject RE: Reusing XMLSignature for signing and verifying
Date Wed, 25 Mar 2009 15:37:14 GMT
Sean Mullan wrote on 2009-03-25:
> JSR 105 is consistent with your view and documents the behavior. If the
> contents of the document are subsequently modified, then you need to
> instantiate a new XMLSignature object.

Well, in this case, nothing's being modified. What happens is you sign the
DOM, and then (via the APIs OpenSAML provides in this case), an attempt is
made to verify the signature that was just created. That won't work in
general if methods like getKeyInfo() don't return what they should, since
even if mechanically the signature might verify internally, the surrounding
code that eventually gets written needs access to the details for trust
verification.

-- Scott



Mime
View raw message