You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Christof Soehngen <Ch...@SYRACOM.DE> on 2004/04/05 15:01:55 UTC

Problem Xpath2Filter when signing whole envelope (Continued)

Hello again,
 
I do have some progress, still hoping for someone smarter than me ;-)
 
I managed to insert the missing namespace declaration in the security header when creating it BEFORE creating the signature, so I do not need to specify it in the xpath-filter element. Funny thing is, canonicalization throws it out again at the end. But it does work :)
 
Problem is now: I cant sign (incl. filter) AND encrypt. Still, the verification does not work.
I put some debug-output in the xmlsec libraries, to see, what gets filtered.
 
And I think I found the problem: The Security header has a linefeed before the closing tag in the version on the server (on both client and server, the same transformations take place), hence a different digest.
 
Can this happen because of the decryption before the check of the signature?
 
Thanks,
Christof