Hi, Those examples are from my personal github repo and have nothing to do really with the Apache Santuario project.
I'm not sure what you mean by "seem to produce invalid XML signatures by default"? The examples produce valid (detached) XML Signatures and verify just fine. For example, this test uses both those methods in SignatureUtils: https://github.com/coheigea/testcases/blob/master/apache/santuario/santuario-xml-signature/src/test/java/org/apache/coheigea/santuario/xmlsignature/SignatureStAXTest.java > Used as is you will get XML Signatures that do not include the EnvelopedSignature Transform This is not a requirement for XML Signatures - the test code in SignatureUtils does not use it. Colm. On Fri, Jul 27, 2018 at 2:53 AM, buko <[email protected]> wrote: > > > Not sure if others have encountered this but I thought I’d report this > since I ran into this issue and spent quite a while trying to figure out > what’s going on. The issue: > > > > The signUsingStax and verifyUsingStax methods from the Example Code (see > https://github.com/coheigea/testcases/blob/master/apache/ > santuario/santuario-xml-signature/src/test/java/org/ > apache/coheigea/santuario/xmlsignature/SignatureUtils.java#L162 and > https://github.com/coheigea/testcases/blob/master/apache/ > santuario/santuario-xml-signature/src/test/java/org/ > apache/coheigea/santuario/xmlsignature/SignatureUtils.java#L203) seem to > produce invalid XML signatures by default. Used as is you will get XML > Signatures that do not include the EnvelopedSignature Transform ( > http://www.w3.org/2000/09/xmldsig#enveloped-signature). > > > > The code will sign documents but when you verify the signed documents > you’ll get invalid digest errors like: > > > > org.apache.xml.security.exceptions.XMLSecurityException: Invalid digest > of reference #Ge7a73177-7aad-4fe8-bed8-d26ef9cfaeed > > > > To make the code work you’ll need to add the EnvelopedSignature Transform > like: > > private static final String[] ENVELOPED_SIGNATURE_TRANSFORMS = > > { "http://www.w3.org/2000/09/ > xmldsig#enveloped-signature", "http://www.w3.org/2001/10/xml-exc-c14n#"}; > > signatureSpec.getElementsToSign().forEach( > > qname -> { > > final SecurePart > securePart = new SecurePart(qname, SecurePart.Modifier.Content); > > > securePart.setTransforms(ENVELOPED_SIGNATURE_TRANSFORMS); > > > securityProperties.addSignaturePart(securePart); > }); > > > > > > Perhaps it would be helpful to include two separate examples, one using > stax signature verification with an enveloped signature and another one > with an enveloping signature? > -- Colm O hEigeartaigh Talend Community Coder http://coders.talend.com
