« Return to Thread: Problems writing signed document to disk
Re: Problems writing signed document to disk
by Ian Hummel-2
::
Rate this Message:
That might be, however the Transformer code to write the DOM to disk
is right out of the xml signature tutorial, so I hope that is not the
case...
I read through the list and saw some brief comments that suggest maybe
one can add attributes (via setAttribute) which do not get added into
a namespace until the document is written to disk (thus breaking the
signature)??
Has anyone seen this before? Any tips to debug?
http://mail-archives.apache.org/mod_mbox/xml-security-dev/200602.mbox/%3c43E3AFE8.9090300@...%3e
On Apr 4, 2008, at 2:44 AM, panther@... wrote:
> Ian,
>
> I did not try it, but maybe your output to file adds "pretty
> printing"? This means adding white spaces which breaks a signature.
>
> Cheers,
> Jörg Bartholdt
>
>
>
>
>
> Hi everyone,
>
>
> Something weird is going on when I try to write my signed Document
> to disk...
>
>
> //doc is a Document which has gone through the signing process...
>
> Transformer xformer =
> TransformerFactory.newInstance().newTransformer();
> DOMSource source = new DOMSource(doc);
> StreamResult result = new StreamResult(new File("output.xml"));
> xformer.transform(source, result);
>
>
>
>
>
> DocumentBuilderFactory dbf2 = DocumentBuilderFactory.newInstance();
> dbf2.setNamespaceAware(true);
> DocumentBuilder db2 = dbf2.newDocumentBuilder();
> Document doc2 = db2.parse(new File("output.xml"));
> boolean res1 = CryptoUtils.verifyXmlSignature(doc);
> boolean res2 = CryptoUtils.verifyXmlSignature(doc2);
> System.out.println("RES 1 (raw) was " + res1);
> System.out.println("RES 2 (read) was " + res2);
>
>
>
>
> This code prints out:
>
>
> INFO org.apache.xml.security.signature.Reference - Verification
> successful for URI "#IC01"
> WARN org.apache.xml.security.signature.Reference - Verification
> failed for URI "#IC01"
> WARN CryptoUtils - Signature was invalid
> RES 1 (raw) was true
> RES 2 (read) was false
>
>
>
>
>
>
> any idea why writing the DOM to disk would make subsequent reads to
> validate it fail?
>
>
> The only things I can think of are a) the Transformer is altering
> the document before writing it to disk or b) there are a lot of
> elements whose content is base64 encoded and making somehow they are
> getting mangled when written to disk?
>
>
> Any help is appreciated!
>
>
> - ian.
is right out of the xml signature tutorial, so I hope that is not the
case...
I read through the list and saw some brief comments that suggest maybe
one can add attributes (via setAttribute) which do not get added into
a namespace until the document is written to disk (thus breaking the
signature)??
Has anyone seen this before? Any tips to debug?
http://mail-archives.apache.org/mod_mbox/xml-security-dev/200602.mbox/%3c43E3AFE8.9090300@...%3e
On Apr 4, 2008, at 2:44 AM, panther@... wrote:
> Ian,
>
> I did not try it, but maybe your output to file adds "pretty
> printing"? This means adding white spaces which breaks a signature.
>
> Cheers,
> Jörg Bartholdt
>
>
>
>
>
> Hi everyone,
>
>
> Something weird is going on when I try to write my signed Document
> to disk...
>
>
> //doc is a Document which has gone through the signing process...
>
> Transformer xformer =
> TransformerFactory.newInstance().newTransformer();
> DOMSource source = new DOMSource(doc);
> StreamResult result = new StreamResult(new File("output.xml"));
> xformer.transform(source, result);
>
>
>
>
>
> DocumentBuilderFactory dbf2 = DocumentBuilderFactory.newInstance();
> dbf2.setNamespaceAware(true);
> DocumentBuilder db2 = dbf2.newDocumentBuilder();
> Document doc2 = db2.parse(new File("output.xml"));
> boolean res1 = CryptoUtils.verifyXmlSignature(doc);
> boolean res2 = CryptoUtils.verifyXmlSignature(doc2);
> System.out.println("RES 1 (raw) was " + res1);
> System.out.println("RES 2 (read) was " + res2);
>
>
>
>
> This code prints out:
>
>
> INFO org.apache.xml.security.signature.Reference - Verification
> successful for URI "#IC01"
> WARN org.apache.xml.security.signature.Reference - Verification
> failed for URI "#IC01"
> WARN CryptoUtils - Signature was invalid
> RES 1 (raw) was true
> RES 2 (read) was false
>
>
>
>
>
>
> any idea why writing the DOM to disk would make subsequent reads to
> validate it fail?
>
>
> The only things I can think of are a) the Transformer is altering
> the document before writing it to disk or b) there are a lot of
> elements whose content is base64 encoded and making somehow they are
> getting mangled when written to disk?
>
>
> Any help is appreciated!
>
>
> - ian.
« Return to Thread: Problems writing signed document to disk
| Free Forum Powered by Nabble | Forum Help |
