santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mustvicky <mustvi...@gmail.com>
Subject RE: SignedInfo's verify method
Date Tue, 15 Dec 2009 04:39:03 GMT


Scott Cantor wrote:
> 
>> 1. Does it make difference to SignedInfo's verify API:
>>
> (http://santuario.apache.org/Java/api/org/apache/xml/security/signature/Sign
> 
> 
> That's not how all the standard c14n algorithms work, prefixes are part of
> the signed material and you can't change them in between. Any tool that
> rewrites them while purporting to support signing is essentially broken.
> 
> 

mustvicky wrote:
> 
> Thanks for looking into this Scott. 
> I will try and explain my whole problem here. 
> 
> I use this method to calcualte the digest at the client side: 
> 
> org.apache.xml.security.c14n.Canonicalizer canon = Canonicalizer
>                    
> .getInstance(Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
> bodyDigest = Base64.encode(MessageDigest.getInstance("SHA-1")
>                     .digest(canon.canonicalizeSubtree(body)));
> 
> 
> On the server side, it looks like SignedInfo.verify call is always
> assuming SOAP-ENV and not soapenv. 
> This is because, if the digest of the SOAP body calculated on the client
> side is Axis1's body (SOAP-ENV namespace), the digest matches on the
> server side. 
> 
> But if the digest of the SOAP body calculated on the the client side using
> Axis2's body (soapenv namespace), the digest does not match on the server
> side. 
> 
> 
-- 
View this message in context: http://old.nabble.com/SignedInfo%27s-verify-method-tp26779945p26789397.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.


Mime
View raw message