You are viewing a plain text version of this content. The canonical link for it is here.
Posted to fx-dev@ws.apache.org by Elias Neri <el...@custodix.be> on 2006/03/13 14:38:15 UTC
Verifying a signed document after serialisation fails
Hello,
When i serialise a signed soap document, the verification of the
signature fails. Doesn't the xml canonization when signing the soap
envelope take care of movements of namespace declarations? Or am i
overlooking something?
I.e when i modify the verification function in the junit test
wssec.TestWSSecurityNewST2 by serialising the document before verifying it:
private void verify(Document doc) throws Exception {
ByteArrayOutputStream outStream = new ByteArrayOutputStream();
ByteArrayInputStream inStream;
//serialise
Transformer transformer =
TransformerFactory.newInstance().newTransformer();
DOMSource source1 = new DOMSource(doc);
StreamResult result1 = new StreamResult(outStream);
transformer.transform(source1, result1);
inStream = new ByteArrayInputStream(outStream.toByteArray());
//deserialise
transformer = TransformerFactory.newInstance().newTransformer();
StreamSource source2 = new StreamSource(inStream);
DOMResult result2 = new DOMResult();
transformer.transform(source2, result2);
doc = (Document)result2.getNode();
//the original verification code
secEngine.processSecurityHeader(doc, null, this, crypto);
SOAPUtil.updateSOAPMessage(doc, message);
String decryptedString = message.getSOAPPartAsString();
assertTrue(decryptedString.indexOf("LogTestService2") > 0 ? true :
false);
}
the test fails.
Best regards,
Elias