santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From tobias <tobias.w...@t-systems.com>
Subject Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Date Mon, 09 Feb 2015 16:28:47 GMT
With this version I`ve two issues. 

Stax signer 
- When I set XMLSecurityProperties.setSignaturePosition(1); no signature is
being written, with "0" the signature is written on the top of the file. 

Dom Verify 
- With this new version 2.0.3 I`m getting an exception, it was working with
2.0.2, but I need the RSA-PSS algorithm support, therefore I want to upgrade 
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Invalid
digest of reference #ID_097f0764-9f73-4fb2-b2e0-7de370930288

Another question is, why does that code:

				String id = "ID_" + UUID.randomUUID().toString();
				elementToSign.setAttributeNS(null, "Id", id);
				elementToSign.setIdAttributeNS(null, "Id", true);

				transforms = new Transforms(document);
				transforms
						.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
				xmlSignature.addDocument("#" + id, transforms,
						"http://www.w3.org/2000/09/xmldsig#sha1");

set the id on the top of the xml document and also to the reference field?

<TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#"
Id="ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed"
TSLTag="http://uri.etsi.org/02231/TSLTag">
<ds:Reference URI="#ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed">

Is that a correct behaviour?



--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41687.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.

Mime
View raw message