You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2015/02/13 14:40:59 UTC
Re: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Ok the issue here is that you are signing the root Element of the document,
and then appending the Signature to the first child of the Document. So the
Signature is included in the signature verification and hence the failure.
XML Signature has a special transform for this use-case to tell it to
ignore the Signature. So in your "TSLXmlSigner" the transforms should be:
transforms = new Transforms(document);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
Colm.
On Fri, Feb 13, 2015 at 7:44 AM, tobias <to...@t-systems.com> wrote:
> I`m sending it again, don`t know what problem it is.
>
>
>
> I'm getting a file not found error with this link:
> http://apache-xml-project.6118.n7.nabble.com/attachment/41697/1/TestTSLAPI.zip
>
> Colm.
>
>
>
>
>
> *TestTSLAPI.zip* (7M) Download Attachment
> <http://apache-xml-project.6118.n7.nabble.com/attachment/41705/0/TestTSLAPI.zip>
>
> ------------------------------
> View this message in context: [WARNING : A/V UNSCANNABLE]AW: [WARNING :
> A/V UNSCANNABLE]AW: [VOTE] - Release Apache Santuario - XML Security for
> Java 2.0.3
> <http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41705.html>
> Sent from the Apache XML - Security - Dev mailing list archive
> <http://apache-xml-project.6118.n7.nabble.com/Apache-XML-Security-Dev-f33675.html>
> at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by Colm O hEigeartaigh <co...@apache.org>.
I've fixed that, thanks.
Colm.
On Mon, Feb 16, 2015 at 10:56 AM, tobias <to...@t-systems.com> wrote:
> Yes will do. Another thing I found is your are defining algorithm in your
> signature, but your`re not using it. Maybe you want to verify that.
>
>
>
> public static ByteArrayOutputStream signUsingStAX(
>
> InputStream inputStream,
>
> List<QName> namesToSign,
>
> String algorithm,
>
> Key signingKey,
>
> X509Certificate signingCert
>
> ) throws Exception {
>
>
>
> --
> View this message in context:
> http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41716.html
> Sent from the Apache XML - Security - Dev mailing list archive at
> Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by tobias <to...@t-systems.com>.
Yes will do. Another thing I found is your are defining algorithm in your
signature, but your`re not using it. Maybe you want to verify that.
public static ByteArrayOutputStream signUsingStAX(
InputStream inputStream,
List<QName> namesToSign,
String algorithm,
Key signingKey,
X509Certificate signingCert
) throws Exception {
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41716.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by Colm O hEigeartaigh <co...@apache.org>.
You can add transforms when defining the "SecurePart" to be signed, e.g.:
String[] transforms = new String[2];
transforms[0] = "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
transforms[1] = "http://www.w3.org/2001/10/xml-exc-c14n#";
securePart.setTransforms(transforms);
Colm.
On Mon, Feb 16, 2015 at 10:54 AM, tobias <to...@t-systems.com> wrote:
> How can I do the transforms.addTransform(TRANSFORM_ENVELOPED_SIGNATURE); in
> StAX mode?
>
>
>
> --
> View this message in context:
> http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41715.html
> Sent from the Apache XML - Security - Dev mailing list archive at
> Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by tobias <to...@t-systems.com>.
How can I do the transforms.addTransform(TRANSFORM_ENVELOPED_SIGNATURE); in
StAX mode?
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41715.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by Colm O hEigeartaigh <co...@apache.org>.
I checked with my testcase using "PurchaseOrder" as the node to sign +
adding the enveloped transform first, and the interop test works fine.
Maybe start from there and try to figure out why your testcase isn't
working?
https://github.com/coheigea/testcases/tree/master/apache/santuario/santuario-xml-signature
Colm.
On Fri, Feb 13, 2015 at 4:46 PM, tobias <to...@t-systems.com> wrote:
> That works! Thank you!
>
>
>
> Another question is when I sign using Stax and verify using Dom I`m
> getting the following exception:
>
>
>
> *org.w3c.dom.DOMException*: NOT_FOUND_ERR: Es wurde versucht, einen
> Knoten in einem Kontext zu referenzieren, in dem er nicht vorhanden ist.
>
>
>
> ------------------------------
> View this message in context: AW: [WARNING : A/V UNSCANNABLE]AW: [WARNING
> : A/V UNSCANNABLE]AW: [VOTE] - Release Apache Santuario - XML Security for
> Java 2.0.3
> <http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41708.html>
> Sent from the Apache XML - Security - Dev mailing list archive
> <http://apache-xml-project.6118.n7.nabble.com/Apache-XML-Security-Dev-f33675.html>
> at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
AW: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by tobias <to...@t-systems.com>.
That works! Thank you!
Another question is when I sign using Stax and verify using Dom I`m getting the following exception:
org.w3c.dom.DOMException: NOT_FOUND_ERR: Es wurde versucht, einen Knoten in einem Kontext zu referenzieren, in dem er nicht vorhanden ist.
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41708.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.