santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From buko <>
Subject Digest Mismatch Exceptions and Enveloped Signatures
Date Fri, 27 Jul 2018 01:53:13 GMT

Not sure if others have encountered this but I thought I’d report this since I ran into
this issue and spent quite a while trying to figure out what’s going on. The issue:

The signUsingStax and verifyUsingStax methods from the Example Code (see
seem to produce invalid XML signatures by default. Used as is you will get XML Signatures
that do not include the EnvelopedSignature Transform (

The code will sign documents but when you verify the signed documents you’ll get invalid
digest errors like: Invalid digest of reference #Ge7a73177-7aad-4fe8-bed8-d26ef9cfaeed

To make the code work you’ll need to add the EnvelopedSignature Transform like:
	private static final String[] ENVELOPED_SIGNATURE_TRANSFORMS = 
		{ "",  ""};
				qname -> { 
					final SecurePart securePart = new SecurePart(qname, SecurePart.Modifier.Content);
					securityProperties.addSignaturePart(securePart); });

Perhaps it would be helpful to include two separate examples, one using stax signature verification
with an enveloped signature and another one with an enveloping signature? 

View raw message