You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Dafydd Winfield <da...@gmail.com> on 2005/03/10 07:34:19 UTC

Problems with XMLDSIG on JWSDP 1.3

Hi,

I am currently having problems with producing a valid XMLDSIG
signature on JWSDP. First I wrote signing and verifying handlers for
Axis and had no problems. I then ported this implementation to JWSDP
1.3 - for a client. When I sign then verify the server verification
succeeds. However the XMLDSIG signature produced by the siging code is
not valid according to the web based XMLDSIG validator at:
http://www.aleksey.com/xmlsec/xmldsig-verifier.html - so it should
never verify successfully. The verification error on the website site
says that the data does not match the digest. As I said the same code
in the Axis handler produces valid XMLDSIG signatures. Signatures
produced by the Axis handlers do not verify against the Sun handlers.

Finally I wrote a JWSDP client and added the signing and verifying
handlers - both client side for testing purposes. These worked
correctly and produced correct XMLDSIG signatures according to the
external validator. The only explanation seems to be that there must
be library problem with the JWSDP 1.3 server tomcat installation
(which was newly installed for this test) but I am at a total loss as
to where it is - perhaps the digesting code has problems? N.B. I have
copied the required endorsed jars.

Has anyone else had any similar problems with JWSDP 1.3 - or know of
some code that works. I am using JDK 1.4.2_07 and axis security 1.2.1.

I can supply source if necessary.

Many thanks for you help,



Dafydd

Re: Problems with XMLDSIG on JWSDP 1.3

Posted by Sean Mullan <Se...@Sun.COM>.

Can you please resend your message to users@jwsdp.dev.java.net ? 
Although the JSR 105 XMLDSig implementation delivered with JWSDP is 
based on Apache XMLSec, this alias is not the correct place to ask 
questions about JWSDP.

Also, please upgrade to JWSDP 1.4 and let me know if you still see the 
problem.

Thanks,
Sean

Dafydd Winfield wrote:
> Hi,
> 
> I am currently having problems with producing a valid XMLDSIG
> signature on JWSDP. First I wrote signing and verifying handlers for
> Axis and had no problems. I then ported this implementation to JWSDP
> 1.3 - for a client. When I sign then verify the server verification
> succeeds. However the XMLDSIG signature produced by the siging code is
> not valid according to the web based XMLDSIG validator at:
> http://www.aleksey.com/xmlsec/xmldsig-verifier.html - so it should
> never verify successfully. The verification error on the website site
> says that the data does not match the digest. As I said the same code
> in the Axis handler produces valid XMLDSIG signatures. Signatures
> produced by the Axis handlers do not verify against the Sun handlers.
> 
> Finally I wrote a JWSDP client and added the signing and verifying
> handlers - both client side for testing purposes. These worked
> correctly and produced correct XMLDSIG signatures according to the
> external validator. The only explanation seems to be that there must
> be library problem with the JWSDP 1.3 server tomcat installation
> (which was newly installed for this test) but I am at a total loss as
> to where it is - perhaps the digesting code has problems? N.B. I have
> copied the required endorsed jars.
> 
> Has anyone else had any similar problems with JWSDP 1.3 - or know of
> some code that works. I am using JDK 1.4.2_07 and axis security 1.2.1.
> 
> I can supply source if necessary.
> 
> Many thanks for you help,
> 
> 
> 
> Dafydd

Re: Problems with XMLDSIG on JWSDP 1.3

Posted by Sean Mullan <Se...@Sun.COM>.

I doubt it is a digesting problem, since that just uses the underlying 
JCA SHA1 MessageDigest provider code. It is more likely to be that for 
whatever reason the pre-digested content is different for some reason. 
Perhaps the XML is being modified by the server and that breaks the 
signature. You can enable logging (debug level) in the Apache XMLSec 
implementation that should show this in more detail.

--Sean

Dafydd Winfield wrote:
> Hi,
> 
> I am currently having problems with producing a valid XMLDSIG
> signature on JWSDP. First I wrote signing and verifying handlers for
> Axis and had no problems. I then ported this implementation to JWSDP
> 1.3 - for a client. When I sign then verify the server verification
> succeeds. However the XMLDSIG signature produced by the siging code is
> not valid according to the web based XMLDSIG validator at:
> http://www.aleksey.com/xmlsec/xmldsig-verifier.html - so it should
> never verify successfully. The verification error on the website site
> says that the data does not match the digest. As I said the same code
> in the Axis handler produces valid XMLDSIG signatures. Signatures
> produced by the Axis handlers do not verify against the Sun handlers.
> 
> Finally I wrote a JWSDP client and added the signing and verifying
> handlers - both client side for testing purposes. These worked
> correctly and produced correct XMLDSIG signatures according to the
> external validator. The only explanation seems to be that there must
> be library problem with the JWSDP 1.3 server tomcat installation
> (which was newly installed for this test) but I am at a total loss as
> to where it is - perhaps the digesting code has problems? N.B. I have
> copied the required endorsed jars.
> 
> Has anyone else had any similar problems with JWSDP 1.3 - or know of
> some code that works. I am using JDK 1.4.2_07 and axis security 1.2.1.
> 
> I can supply source if necessary.
> 
> Many thanks for you help,
> 
> 
> 
> Dafydd