You are viewing a plain text version of this content. The canonical link for it is here.

Posted to fx-dev@ws.apache.org by Elias Neri <el...@custodix.be> on 2006/03/13 14:38:15 UTC

Verifying a signed document after serialisation fails

Hello,

When i serialise a signed soap document, the verification of the 
signature fails. Doesn't the xml canonization when signing the soap 
envelope take care of movements of namespace declarations? Or am i 
overlooking something?

I.e when i modify the verification function in the junit test 
wssec.TestWSSecurityNewST2 by serialising the document before verifying it:

 private void verify(Document doc) throws Exception {
        ByteArrayOutputStream outStream = new ByteArrayOutputStream();
        ByteArrayInputStream inStream;
       
        //serialise       
      Transformer transformer = 
TransformerFactory.newInstance().newTransformer();
      DOMSource source1 = new DOMSource(doc);
      StreamResult result1 = new StreamResult(outStream);
      transformer.transform(source1, result1);
     
      inStream = new ByteArrayInputStream(outStream.toByteArray());
     
      //deserialise
      transformer = TransformerFactory.newInstance().newTransformer();
        StreamSource source2 = new StreamSource(inStream);
        DOMResult result2 = new DOMResult();
        transformer.transform(source2, result2);     
        doc = (Document)result2.getNode();
     
      //the original verification code
      secEngine.processSecurityHeader(doc, null, this, crypto);
      SOAPUtil.updateSOAPMessage(doc, message);
      String decryptedString = message.getSOAPPartAsString();
      assertTrue(decryptedString.indexOf("LogTestService2") > 0 ? true : 
false);
    }

the test fails.

Best regards,

Elias