<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<p>Well, I have found that my verify routines are failing. I added
the following lines to the main() test method of your fixed code
after the signature is done to attempt to validate the generated
signed XML:</p>
<p><tt> try {</tt><tt><br>
</tt><tt> System.err.println("Verifying
signedXml...");</tt><tt><br>
</tt><tt> xmldsig.verify(signedXml, signatureKey);</tt><tt><br>
</tt><tt> System.err.println("Verified
signedXml...");</tt><tt><br>
</tt><tt> } catch(Exception ve) {</tt><tt><br>
</tt><tt>
System.err.println("XmlDigitalSignature.main() signature
verification exception: " + ve.getMessage());</tt><tt><br>
</tt><tt> }</tt><tt><br>
</tt></p>
<p>This basically submits the created 'signedXml' returned just
above with the same keys. I also had to update the method
"verify(String signedXml, SignatureKey signatureKey)" where it
sets the ID attribute to include the namespace added in the fixed
code:</p>
<p><tt> qualifyingPropertiesElement.setIdAttribute<b>NS(<a class="moz-txt-link-rfc2396E" href="http://uri.etsi.org/01903/v1.1.1#">"http://uri.etsi.org/01903/v1.1.1#"</a></b>,"Id",
true); // mark our id as the "Id" attribute</tt><tt><br>
</tt><br>
</p>
<p>This then fails showing 2 out of 4 references validated, the
others failing:</p>
<p>XmlDigitalSignature.verify(SignatureKey) SERIOUS-ERROR Failed
core validation; SignatureValue validated: true<br>
-> Reference[0] validated: true<br>
-> Reference[1] validated: true<br>
-> Reference[2] validated: false<br>
-> Reference[3] validated: false<br>
XmlDigitalSignature.verify(SignatureKey) SERIOUS-ERROR exception:
Invalid signature. SignatureValue validated; XML data payload
validated; OpenESignForms Seal validated; Unexpected Reference[2]
INVALID; Unexpected Reference[3] INVALID<br>
</p>
<p>In my test code I was able to show the references subscripts 0-3
being:</p>
<p> -> Reference[0] before validate(): <b>r.getId():
Payload_Reference_ID</b>; r.getURI(): <br>
-> Reference[0] validated: true</p>
<p> -> Reference[1] before validate(): r.getId(): null; <b>r.getURI():
#KeyInfo_ID</b><br>
-> Reference[1] validated: true</p>
<p> -> Reference[2] before validate(): r.getId(): null; <b>r.getURI():
#QualifyingProperties_ID</b><br>
-> Reference[2] validated: false</p>
<p> -> Reference[3] before validate(): r.getId(): null; <b>r.getURI():
#OpenESignForms_Seal_ID</b><br>
-> Reference[3] validated: false<br>
<br>
</p>
<p>So, the namespace changes made allow the digital signature to be
applied, but now I'm stuck on how to verify these last two
references. It seems that references related to
Payload_Reference_ID and #KeyInfo_ID validate, but
#QualifyingProperties_ID and #OpenESignForms_Seal_ID are failing.</p>
<p>I'm not sure how those references work with respect to the
namespace changes you suggested.</p>
<p>In fact, the fixed code no longer validates the digital signature
under Java 8 once the namespaces were added. Any ideas?</p>
<p>Thanks, David<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 2/13/19 1:23 PM, Open eSignForms
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:32d2fff5-1be5-1201-225e-15ac60982067@gmail.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<p>I checked the ETSI XAdES spec (<a class="moz-txt-link-freetext"
href="http://uri.etsi.org/01903/v1.1.1/ts_101903v010101p.pdf"
moz-do-not-send="true">http://uri.etsi.org/01903/v1.1.1/ts_101903v010101p.pdf</a>)
and it doesn't show any namespace on their entries for their
QualifyingProperties element and all sub-elements under the ETSI
example's element <ds:Object>.<br>
</p>
<p>But, their specification does show element
<QualifyingProperties> should be under the namespace <a
class="moz-txt-link-rfc2396E"
href="http://uri.etsi.org/01903/v1.1.1#"
moz-do-not-send="true">"http://uri.etsi.org/01903/v1.1.1#"</a>
as you added in your fixed code.<br>
</p>
<p>That is, when my snapshot element that's digitally signed using
the below, it fails with the NAMESPACE_ERR exception:</p>
<p><tt><snapshot <b>xmlns=<a class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a></b>
timestamp="2019-02-13T11:02:30-08:00" type="document"></tt></p>
<p>But if my snapshot is set up with the ETSI namespace URI, it
works:<br>
</p>
<p><tt><snapshot <b>xmlns="</b></tt><b><tt><a
class="moz-txt-link-freetext"
href="http://uri.etsi.org/01903/v1.1.1#"
moz-do-not-send="true">http://uri.etsi.org/01903/v1.1.1#</a></tt></b><tt><b>"
</b> timestamp="2019-02-13T11:02:30-08:00" type="document"></tt></p>
<p>So, it seems that the XMLSignature is noting that the
<QualifyingProperties> belongs to the default namespace in
both cases, but of course expects that particular element to
belong to the ETSI namespace, not ours.</p>
<p>I presume that's correct behavior; I just didn't think that the
XMLSignature.sign() knew about and was limited to that specific
namespace.</p>
<p>If you agree that this is the correct behavior, I think it's
not really a bug in Java 11, though it fails backwards
compatibility.<br>
</p>
<p>The only oddity that remains is what I mentioned below with all
the " " characters in the digests/signatures that appear
in Java 11. They sure look odd compared to simple line breaks
that presumably were emitted before.</p>
<p>David</p>
<p><br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 2/13/19 11:20 AM, Open eSignForms
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:66dd5bf7-b1b4-b3cf-b595-2c457b29a6af@gmail.com">Thanks,
Sean. I was able to find the updated test case source code. <br>
<br>
A preliminary review seems to show worthwhile changes to our
code. That is, the namespaces and such seem to make sense as
you have them. <br>
<br>
In particular, the use of: <br>
<br>
domSignContext.putNamespacePrefix(XMLSignature.XMLNS, "dsig"); <br>
<br>
and adding this namespace to additional elements we added: <br>
<br>
String xmlns = <a class="moz-txt-link-rfc2396E"
href="http://uri.etsi.org/01903/v1.1.1#"
moz-do-not-send="true">"http://uri.etsi.org/01903/v1.1.1#"</a>;
<br>
<br>
seem reasonable and an acceptable workaround for us. I'm not
sure if those were oversights from before, but likely were the
result of it being based on Oracle/Java example code from Java 6
days... <br>
<br>
We'll incorporate your namespace changes in our code and test,
but this seems like it will work as I was able to confirm that
your fixed version seems to run on Java 10 and Java 11. <br>
<br>
It is interesting that the fixed code, though, generates
different output on Java 10 and Java 11. I'm not positive, but
it seems that Java 11 adds ' ' to the end of many lines
that aren't present in Java 10's output. <br>
<br>
Under Java 10, a test run products this result: <br>
<br>
<snapshot xmlns=<a class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
timestamp="2019-02-13T11:02:30-08:00"
type="document"><![CDATA[<html
xmlns=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/1999/xhtml" moz-do-not-send="true">"http://www.w3.org/1999/xhtml"</a>><head></head><body><p>Dummy
HTML
document</p></body></html>]]><dsig:Signature
xmlns:dsig=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2000/09/xmldsig#"
moz-do-not-send="true">"http://www.w3.org/2000/09/xmldsig#"</a>
Id="OpenESignForms_Seal"><dsig:SignedInfo><dsig:CanonicalizationMethod
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2006/12/xml-c14n11#WithComments"
moz-do-not-send="true">"http://www.w3.org/2006/12/xml-c14n11#WithComments"</a>/><dsig:SignatureMethod
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
moz-do-not-send="true">"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"</a>/><dsig:Reference
Id="Payload_Reference_ID"
URI=""><dsig:Transforms><dsig:Transform
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
moz-do-not-send="true">"http://www.w3.org/2000/09/xmldsig#enveloped-signature"</a>/></dsig:Transforms><dsig:DigestMethod
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2001/04/xmlenc#sha512"
moz-do-not-send="true">"http://www.w3.org/2001/04/xmlenc#sha512"</a>/><dsig:DigestValue>Zqmii2rv6C+bFM+CSO3s8sAGOrl67HEnv4t8XUgQd5iguf9m7vcVJn3pJz5inCZfx5V9lTtDaj0u
<br>
xbZSyWE5kQ==</dsig:DigestValue></dsig:Reference><dsig:Reference
URI="#KeyInfo_ID"><dsig:DigestMethod
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2001/04/xmlenc#sha512"
moz-do-not-send="true">"http://www.w3.org/2001/04/xmlenc#sha512"</a>/><dsig:DigestValue>kZM1pJpRXoeDuolU+kyK41BotQoW7ir5lfg/nNSMoC69bUC2OHzWbQ5Kug0gtrLVIuq5HRdzk6zc<br>
2N2jA0WKMQ==</dsig:DigestValue></dsig:Reference><dsig:Reference
URI="#QualifyingProperties_ID"><dsig:DigestMethod
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2001/04/xmlenc#sha512"
moz-do-not-send="true">"http://www.w3.org/2001/04/xmlenc#sha512"</a>/><dsig:DigestValue>AFx1CJi739IWZwJL1Y5KU2B+ZioT3ONMBLwLTdT/NTysV/+KYF7lZMgEHaGtLxvc6haIKKKzZisr<br>
r2YDQVgs5w==</dsig:DigestValue></dsig:Reference><dsig:Reference
URI="#OpenESignForms_Seal_ID"><dsig:DigestMethod
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2001/04/xmlenc#sha512"
moz-do-not-send="true">"http://www.w3.org/2001/04/xmlenc#sha512"</a>/><dsig:DigestValue>jhVDd7nvr4s2bu7LRNHb7yj2gQRzAE7fXcsgonq2Qsn4EWNfpqNEVUViIy9jh86tTs5ZiakaGAEs<br>
l9YV1hNnEg==</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>izJCFA5lBOjc7zhlc/1Wrsu+/jd0o0aPtemm4hM7aMKJvzkKddhjaHRY9iX4qtMZJtl7L1qj4YGN
<br>
hxHc2Wjuj6F1ZFD9asPf/kumVliAqTwNvhfyVfmpbaZtzQVtOQWhNIC1PivbPfbwTKr1yztLbo0K
<br>
B8TJWWiqHBjgEjlhw8X84buXVsCIUaAkOJG73Q0x9hMDVPf5y5R56xknLwjwzQPdveMI3zKvKvq5
<br>
vj1UPKVqlCjrjPa1HR0g4wEOjL51HCK/EWVbB4LLRAL59KB6ERW01CaRX1crGzQw6wz5eFVWK/0o
<br>
NcIdn4wc7rWPdYfT362iqqJMzIyUQGHmk7FVD/1Nky2wlEvYaRk7PrpbXo8ISSPB+RQM+EWQbYCP
<br>
RVT5oq6d4dnu0cUuj/wG8Ng7FIfSY3C8Ds9cw7CTKi/Dbmw3oE8yaJHNqfjEMAW2tmqQmuC4ZRXG
<br>
7DfqeNdgiHwoQLdLzD/vj/00SWmcM67NWQNwblbPJ5MhVeFmh/fIbd7bkIyANbw1FAYIj1b+Hf8b
<br>
cZzC+lNecKxzkcY9/VZ3ny4kBBQmxwBLlojBa2ll8B9m+sYN0enRGwy9GG2eBY2Gb53KqAALQAUU
<br>
kjXjJYxrQh64Y2RTAgp01Nbfj7QbvuKW93YDR6cpjNTM7EfJfQM/cz+VHHngFCRr/N0/WmM4j0A=</dsig:SignatureValue><dsig:KeyInfo
Id="KeyInfo_ID"><dsig:KeyName>c42c747f-0f03-46a3-8ae8-81fc95464c8f</dsig:KeyName><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>kPCr+Fy0NInaICpnzDpGLkNQ93kd0NzZfTBfQOb3PUH1Bt4OrBWcvYoch7wUm6k1Il3apsi7s2B9
<br>
Geqbh7tzF41MwvTWBNCQg3Kw3FKcF0jzKZ7D+na8Ndc52YPmsjU9zjpf+SDfKqb0NIDe3Bo3csWW
<br>
I42CkF3sI9AFknogovrfRM7ITJatA6WRHU8Kv6Qee8VfXZ1XAdKzWcc9EWbj74Kagiz8bMeATujU
<br>
MCI/XQb1luwvlrVxZUtnfLL9WD6Nvmj3uDYK52z5E80vqTKIq7EJvmlR7kcEdH1NuxDQSWCJQgQX
<br>
oU2TzuB0Nmov7P/pZ40JPF72Knb18Rgu4aRSMiaKKw+jzFHpw75VlQn2YkdfjNMwfUaEaZ4wuHoJ
<br>
Qjud79jilbam++eUQFRxjcXK9Nl/z01KtmuV1mPhm97LRaKQlsbBxa56pncrkAmF0cuIipPzo9aB
<br>
snJZkUQuwQtD/moDkUm84v5SOU1hn4RpWdGAkaJ1ubIrnKfF0qKmbCOcO69SEL5zP0JXEgSZ+D6z
<br>
Vv7VkAJizdJ91KKs4y/ypel4lurNcyBd3hzw8xpz9joMl8DOTLCcLhGp350Vrccbh9vauAcRcK/n
<br>
C+yaPI/mghmN2D2yZ3LZ3Z6k78Jl9BUV7PL5YyuxQmZjVP07lJvi6glLUm23o+c3c4D7rgHL4gM=</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue><dsig:X509Data><dsig:X509Certificate>MIIKvTCCCKWgAwIBAgIJAPaU10x5GhRQMA0GCSqGSIb3DQEBDQUAMIHYMU0wSwYDVQQDDERPcGVu
<br>
X2VTaWduRm9ybXNfaHR0cHM6Ly9sb2NhbGhvc3QubG9jYWxkb21haW4vb3Blbi1lU2lnbkZvcm1z
<br>
VmFhZGluNzE6MDgGA1UECgwxRGVwbG95bWVudElEL2FhMGUyYjllLWM5ZDItNDk0NS04ZWVmLWI2
<br>
NDhiZDYzYWFjNDE8MDoGA1UECwwzU2lnbmF0dXJlS2V5SUQvMDJkYmMwMDktMTAyYi00ZWE3LTlh
<br>
YzgtNzYwZThiMzY4NTlmMQ0wCwYDVQQGEwRudWxsMB4XDTE0MTIxNjAzMjc1NVoXDTI0MTIxNjAz
<br>
Mjc1NVowgdgxTTBLBgNVBAMMRE9wZW5fZVNpZ25Gb3Jtc19odHRwczovL2xvY2FsaG9zdC5sb2Nh
<br>
bGRvbWFpbi9vcGVuLWVTaWduRm9ybXNWYWFkaW43MTowOAYDVQQKDDFEZXBsb3ltZW50SUQvYWEw
<br>
ZTJiOWUtYzlkMi00OTQ1LThlZWYtYjY0OGJkNjNhYWM0MTwwOgYDVQQLDDNTaWduYXR1cmVLZXlJ
<br>
RC8wMmRiYzAwOS0xMDJiLTRlYTctOWFjOC03NjBlOGIzNjg1OWYxDTALBgNVBAYTBG51bGwwggIi
<br>
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCQ8Kv4XLQ0idogKmfMOkYuQ1D3eR3Q3Nl9MF9A
<br>
5vc9QfUG3g6sFZy9ihyHvBSbqTUiXdqmyLuzYH0Z6puHu3MXjUzC9NYE0JCDcrDcUpwXSPMpnsP6
<br>
drw11znZg+ayNT3OOl/5IN8qpvQ0gN7cGjdyxZYjjYKQXewj0AWSeiCi+t9EzshMlq0DpZEdTwq/
<br>
pB57xV9dnVcB0rNZxz0RZuPvgpqCLPxsx4BO6NQwIj9dBvWW7C+WtXFlS2d8sv1YPo2+aPe4Ngrn
<br>
bPkTzS+pMoirsQm+aVHuRwR0fU27ENBJYIlCBBehTZPO4HQ2ai/s/+lnjQk8XvYqdvXxGC7hpFIy
<br>
JoorD6PMUenDvlWVCfZiR1+M0zB9RoRpnjC4eglCO53v2OKVtqb755RAVHGNxcr02X/PTUq2a5XW
<br>
Y+Gb3stFopCWxsHFrnqmdyuQCYXRy4iKk/Oj1oGyclmRRC7BC0P+agORSbzi/lI5TWGfhGlZ0YCR
<br>
onW5siucp8XSoqZsI5w7r1IQvnM/QlcSBJn4PrNW/tWQAmLN0n3UoqzjL/Kl6XiW6s1zIF3eHPDz
<br>
GnP2OgyXwM5MsJwuEanfnRWtxxuH29q4BxFwr+cL7Jo8j+aCGY3YPbJnctndnqTvwmX0FRXs8vlj
<br>
K7FCZmNU/TuUm+LqCUtSbbej5zdzgPuuAcviAwIDAQABo4IEhjCCBIIwggIzBgNVHQ4EggIqBIIC
<br>
JjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJDwq/hctDSJ2iAqZ8w6Ri5DUPd5HdDc
<br>
2X0wX0Dm9z1B9QbeDqwVnL2KHIe8FJupNSJd2qbIu7NgfRnqm4e7cxeNTML01gTQkINysNxSnBdI
<br>
8ymew/p2vDXXOdmD5rI1Pc46X/kg3yqm9DSA3twaN3LFliONgpBd7CPQBZJ6IKL630TOyEyWrQOl
<br>
kR1PCr+kHnvFX12dVwHSs1nHPRFm4++CmoIs/GzHgE7o1DAiP10G9ZbsL5a1cWVLZ3yy/Vg+jb5o
<br>
97g2Cuds+RPNL6kyiKuxCb5pUe5HBHR9TbsQ0ElgiUIEF6FNk87gdDZqL+z/6WeNCTxe9ip29fEY
<br>
LuGkUjImiisPo8xR6cO+VZUJ9mJHX4zTMH1GhGmeMLh6CUI7ne/Y4pW2pvvnlEBUcY3FyvTZf89N
<br>
SrZrldZj4Zvey0WikJbGwcWueqZ3K5AJhdHLiIqT86PWgbJyWZFELsELQ/5qA5FJvOL+UjlNYZ+E
<br>
aVnRgJGidbmyK5ynxdKipmwjnDuvUhC+cz9CVxIEmfg+s1b+1ZACYs3SfdSirOMv8qXpeJbqzXMg
<br>
Xd4c8PMac/Y6DJfAzkywnC4Rqd+dFa3HG4fb2rgHEXCv5wvsmjyP5oIZjdg9smdy2d2epO/CZfQV
<br>
Fezy+WMrsUJmY1T9O5Sb4uoJS1Jtt6PnN3OA+64By+IDAgMBAAEwggI3BgNVHSMEggIuMIICKoCC
<br>
AiYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCQ8Kv4XLQ0idogKmfMOkYuQ1D3eR3Q
<br>
3Nl9MF9A5vc9QfUG3g6sFZy9ihyHvBSbqTUiXdqmyLuzYH0Z6puHu3MXjUzC9NYE0JCDcrDcUpwX
<br>
SPMpnsP6drw11znZg+ayNT3OOl/5IN8qpvQ0gN7cGjdyxZYjjYKQXewj0AWSeiCi+t9EzshMlq0D
<br>
pZEdTwq/pB57xV9dnVcB0rNZxz0RZuPvgpqCLPxsx4BO6NQwIj9dBvWW7C+WtXFlS2d8sv1YPo2+
<br>
aPe4NgrnbPkTzS+pMoirsQm+aVHuRwR0fU27ENBJYIlCBBehTZPO4HQ2ai/s/+lnjQk8XvYqdvXx
<br>
GC7hpFIyJoorD6PMUenDvlWVCfZiR1+M0zB9RoRpnjC4eglCO53v2OKVtqb755RAVHGNxcr02X/P
<br>
TUq2a5XWY+Gb3stFopCWxsHFrnqmdyuQCYXRy4iKk/Oj1oGyclmRRC7BC0P+agORSbzi/lI5TWGf
<br>
hGlZ0YCRonW5siucp8XSoqZsI5w7r1IQvnM/QlcSBJn4PrNW/tWQAmLN0n3UoqzjL/Kl6XiW6s1z
<br>
IF3eHPDzGnP2OgyXwM5MsJwuEanfnRWtxxuH29q4BxFwr+cL7Jo8j+aCGY3YPbJnctndnqTvwmX0
<br>
FRXs8vljK7FCZmNU/TuUm+LqCUtSbbej5zdzgPuuAcviAwIDAQABMA4GA1UdDwEB/wQEAwIGwDAN
<br>
BgkqhkiG9w0BAQ0FAAOCAgEAOu3Y4o7P4wel6zcwGIHfwuTuL/IX9qzYnxtPNkEHL8D8v3P4Tovk
<br>
zDHOou4Ai5yycZninbaoK2WJr80p2HNfISY51fCJZ+Z16xmBlPmunnLI23cTAJGnZlI6WtsZLXQw
<br>
LX91VkqKlRL73+MZECxO0m5I4hxNu8CeOIcQ7aCLvnkO8AEeCa9zAwmiL2tJ8coJvELvqS9Zaiaz
<br>
syix8IWETtrZ+vv+85rASl5PSkCb0AX3eipJoqRgGazWraV7NBwDZgPEYXNQq1/jbQoirjJIzNQO
<br>
KEgH3wViGFVwnW4YJ4dzbtVd6EVaHZGmYb666FpwNPz6OBLgX1sjvDTMTYGYo/VrIN02neYEvBtK
<br>
GrZ5Gw7l7BOyKe92F3iQ3q90/kOBmGnEn8agkKlynv5IlJR8xOCxG1U9e8GFfmAwFS5hYtf0Gh/u
<br>
FRqnOepWQKuZ3kBBR+6KttbE58aD2kVuB36et5Dij1nxr+ihL7e4V42KsQQn/VBDrMoU5xW+yZH/
<br>
aAEgpbfUm5detK5oFqs5JIILFiyUXQCrvYuNZFx4vDqrsDmmAaaAPBlcybCUXseqh4hThyrOJ0dX
<br>
3xaXcwd32t1+/aOa7jgJRTgSklxhhcRCMHI9HWNlLgUWmvZ2O5G70reY4Kyg1NAS56qX48Xbckvy
<br>
VMfem/JPPYT/veThnefIgQk=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><QualifyingProperties
xmlns:ns0=<a class="moz-txt-link-rfc2396E"
href="http://uri.etsi.org/01903/v1.1.1#"
moz-do-not-send="true">"http://uri.etsi.org/01903/v1.1.1#"</a>
ns0:Id="QualifyingProperties_ID"
xmlns=<a class="moz-txt-link-rfc2396E"
href="http://uri.etsi.org/01903/v1.1.1#"
moz-do-not-send="true">"http://uri.etsi.org/01903/v1.1.1#"</a>><SignedProperties><SignedSignatureProperties><SigningTime>2019-02-13T11:02:30-08:00</SigningTime></SignedSignatureProperties><SignedDataObjectProperties><DataObjectFormat
ns0:ObjectReference="#Payload_Reference_ID"><Description>description</Description><MimeType>text/html</MimeType></DataObjectFormat></SignedDataObjectProperties></SignedProperties></QualifyingProperties></dsig:Object><dsig:Object><dsig:SignatureProperties><dsig:SignatureProperty
Id="OpenESignForms_Seal_ID"
Target="#OpenESignForms_Seal"><OpenESignForms_XmlDigitalSignatureSeal
xmlns:ns0=<a class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns0:DeploymentHostAddress="192.1.1.1" xmlns:ns1=<a
class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns1:DeploymentHostName="open.esignforms.com" xmlns:ns2=<a
class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns2:DeploymentId="1.1.1.1" xmlns:ns3=<a
class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns3:SignerAddress="192.1.1.1" xmlns:ns4=<a
class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns4:SignerAgent="No-Browser-Test" xmlns:ns5=<a
class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns5:Timestamp="2019-02-13T11:02:30-08:00" xmlns:ns6=<a
class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns6:Version="19.1.19"/></dsig:SignatureProperty></dsig:SignatureProperties></dsig:Object></dsig:Signature></snapshot><br>
<br>
while when run under Java 11 it shows what seems to be the same
(clearly, the digest/hashes aren't the same as the 'timestamp'
differs because they are actual times) except for lots of
' ' added to the digests and signatures: <br>
<br>
<snapshot xmlns=<a class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
timestamp="2019-02-13T11:01:22-08:00"
type="document"><![CDATA[<html
xmlns=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/1999/xhtml" moz-do-not-send="true">"http://www.w3.org/1999/xhtml"</a>><head></head><body><p>Dummy
HTML
document</p></body></html>]]><dsig:Signature
xmlns:dsig=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2000/09/xmldsig#"
moz-do-not-send="true">"http://www.w3.org/2000/09/xmldsig#"</a>
Id="OpenESignForms_Seal"><dsig:SignedInfo><dsig:CanonicalizationMethod
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2006/12/xml-c14n11#WithComments"
moz-do-not-send="true">"http://www.w3.org/2006/12/xml-c14n11#WithComments"</a>/><dsig:SignatureMethod
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"
moz-do-not-send="true">"http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"</a>/><dsig:Reference
Id="Payload_Reference_ID"
URI=""><dsig:Transforms><dsig:Transform
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2000/09/xmldsig#enveloped-signature"
moz-do-not-send="true">"http://www.w3.org/2000/09/xmldsig#enveloped-signature"</a>/></dsig:Transforms><dsig:DigestMethod
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2001/04/xmlenc#sha512"
moz-do-not-send="true">"http://www.w3.org/2001/04/xmlenc#sha512"</a>/><dsig:DigestValue>LdB/ydGxr3VUoTshQtOvQNmMZmt2OHgLax4tSk9Lqb1c+X1h4Uc/RBVXwfI9QrVnITBz85Fi8Bwr
<br>
7wyMjw84cA==</dsig:DigestValue></dsig:Reference><dsig:Reference
URI="#KeyInfo_ID"><dsig:DigestMethod
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2001/04/xmlenc#sha512"
moz-do-not-send="true">"http://www.w3.org/2001/04/xmlenc#sha512"</a>/><dsig:DigestValue>FkpexxTwhpCPHHsMrKGnBXE5hkZ/x10ArpzjX6ltYfOilvVAubzc9sNPwo6phw//ot1rSKPU5jTB <br>
LRD7p7t50g==</dsig:DigestValue></dsig:Reference><dsig:Reference
URI="#QualifyingProperties_ID"><dsig:DigestMethod
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2001/04/xmlenc#sha512"
moz-do-not-send="true">"http://www.w3.org/2001/04/xmlenc#sha512"</a>/><dsig:DigestValue>LxB0xAsDxKqeyCflaSUgMQOMhoxP4Gl9GfvlpCiL/gd9rz36qG4roaFRl+4PBC+IxzGiRDOqzQYX <br>
x6gSn5d1IQ==</dsig:DigestValue></dsig:Reference><dsig:Reference
URI="#OpenESignForms_Seal_ID"><dsig:DigestMethod
Algorithm=<a class="moz-txt-link-rfc2396E"
href="http://www.w3.org/2001/04/xmlenc#sha512"
moz-do-not-send="true">"http://www.w3.org/2001/04/xmlenc#sha512"</a>/><dsig:DigestValue>Pqd+9yaeBMytcG1sTTpuq+Wrd3lZSC18j7lv6VQ6LjUSz9VN7uwVNNn1E79mY8H6XUI2jbd/IozM <br>
oba2KF46ig==</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>IpdHZtzSw8TOnp0gfKMaCp30jJAPP8YCAIg4OBvRobIwHBFrG+O9v7peXRRA5nXi+fm4bdemi5jI
<br>
/N2smS7W6lKMMeTzrYNJEmpD/0c/SVCs0M1peZmiWZD/F6GYP6RkhZfTglk9skKsZIme3W5lHL5e
<br>
vTFno50J32oW0chq/jPzD42snoVQmVKS9wqqybGgRrm1W2RSWfziNo7QjXtJuR5eVuCtqpOLrGrS
<br>
J0aLaaNLucia/6cJyZ13mz7131Lj2Y4oJbrbpzvrDY5xDfFDK+bRRMR3DCvTLgKcZZz5zxcAKYL8
<br>
lG64U/tsmd/ZVn+d+fJGH03hPdvY/wMW7MTN1k/6S95PiNdx0cLeP0HLCug9zWiC7vUkrVDrsO9i
<br>
qsvSYKcAH8vQlG1arZgGJn88Hg8EGjmmWXs15ulU3Lm8TOTXl/xi6O4stSgMi9dFSsE1ISHAPaxN
<br>
D3Rqg7Bv7p/iEVn0xXq/C9AI3iwrpHbip8K81uJOsaiZgwR5D40XyYLV9FUPIacRclfT5EJKsx6k
<br>
jYiprWMOMjmnlJwj2vI8zG6sYLVJdQywm2isWu5eHSw39Wof0BYfDeOzh0LrifUcnt86no5fUEOI
<br>
OlNbqOO7rjuxtb+gt1iO2dTHfQhG99BCBQhC7AEMp67fIlPjEOECXldDTpzPMZ1K6cPlk22rpvc=</dsig:SignatureValue><dsig:KeyInfo
Id="KeyInfo_ID"><dsig:KeyName>184a40b0-78b6-4070-a7d7-1497078a06e4</dsig:KeyName><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>kPCr+Fy0NInaICpnzDpGLkNQ93kd0NzZfTBfQOb3PUH1Bt4OrBWcvYoch7wUm6k1Il3apsi7s2B9
<br>
Geqbh7tzF41MwvTWBNCQg3Kw3FKcF0jzKZ7D+na8Ndc52YPmsjU9zjpf+SDfKqb0NIDe3Bo3csWW
<br>
I42CkF3sI9AFknogovrfRM7ITJatA6WRHU8Kv6Qee8VfXZ1XAdKzWcc9EWbj74Kagiz8bMeATujU
<br>
MCI/XQb1luwvlrVxZUtnfLL9WD6Nvmj3uDYK52z5E80vqTKIq7EJvmlR7kcEdH1NuxDQSWCJQgQX
<br>
oU2TzuB0Nmov7P/pZ40JPF72Knb18Rgu4aRSMiaKKw+jzFHpw75VlQn2YkdfjNMwfUaEaZ4wuHoJ
<br>
Qjud79jilbam++eUQFRxjcXK9Nl/z01KtmuV1mPhm97LRaKQlsbBxa56pncrkAmF0cuIipPzo9aB
<br>
snJZkUQuwQtD/moDkUm84v5SOU1hn4RpWdGAkaJ1ubIrnKfF0qKmbCOcO69SEL5zP0JXEgSZ+D6z
<br>
Vv7VkAJizdJ91KKs4y/ypel4lurNcyBd3hzw8xpz9joMl8DOTLCcLhGp350Vrccbh9vauAcRcK/n
<br>
C+yaPI/mghmN2D2yZ3LZ3Z6k78Jl9BUV7PL5YyuxQmZjVP07lJvi6glLUm23o+c3c4D7rgHL4gM=</dsig:Modulus><dsig:Exponent>AQAB</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue><dsig:X509Data><dsig:X509Certificate>MIIKvTCCCKWgAwIBAgIJAPaU10x5GhRQMA0GCSqGSIb3DQEBDQUAMIHYMU0wSwYDVQQDDERPcGVu
<br>
X2VTaWduRm9ybXNfaHR0cHM6Ly9sb2NhbGhvc3QubG9jYWxkb21haW4vb3Blbi1lU2lnbkZvcm1z
<br>
VmFhZGluNzE6MDgGA1UECgwxRGVwbG95bWVudElEL2FhMGUyYjllLWM5ZDItNDk0NS04ZWVmLWI2
<br>
NDhiZDYzYWFjNDE8MDoGA1UECwwzU2lnbmF0dXJlS2V5SUQvMDJkYmMwMDktMTAyYi00ZWE3LTlh
<br>
YzgtNzYwZThiMzY4NTlmMQ0wCwYDVQQGEwRudWxsMB4XDTE0MTIxNjAzMjc1NVoXDTI0MTIxNjAz
<br>
Mjc1NVowgdgxTTBLBgNVBAMMRE9wZW5fZVNpZ25Gb3Jtc19odHRwczovL2xvY2FsaG9zdC5sb2Nh
<br>
bGRvbWFpbi9vcGVuLWVTaWduRm9ybXNWYWFkaW43MTowOAYDVQQKDDFEZXBsb3ltZW50SUQvYWEw
<br>
ZTJiOWUtYzlkMi00OTQ1LThlZWYtYjY0OGJkNjNhYWM0MTwwOgYDVQQLDDNTaWduYXR1cmVLZXlJ
<br>
RC8wMmRiYzAwOS0xMDJiLTRlYTctOWFjOC03NjBlOGIzNjg1OWYxDTALBgNVBAYTBG51bGwwggIi
<br>
MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCQ8Kv4XLQ0idogKmfMOkYuQ1D3eR3Q3Nl9MF9A
<br>
5vc9QfUG3g6sFZy9ihyHvBSbqTUiXdqmyLuzYH0Z6puHu3MXjUzC9NYE0JCDcrDcUpwXSPMpnsP6
<br>
drw11znZg+ayNT3OOl/5IN8qpvQ0gN7cGjdyxZYjjYKQXewj0AWSeiCi+t9EzshMlq0DpZEdTwq/
<br>
pB57xV9dnVcB0rNZxz0RZuPvgpqCLPxsx4BO6NQwIj9dBvWW7C+WtXFlS2d8sv1YPo2+aPe4Ngrn
<br>
bPkTzS+pMoirsQm+aVHuRwR0fU27ENBJYIlCBBehTZPO4HQ2ai/s/+lnjQk8XvYqdvXxGC7hpFIy
<br>
JoorD6PMUenDvlWVCfZiR1+M0zB9RoRpnjC4eglCO53v2OKVtqb755RAVHGNxcr02X/PTUq2a5XW
<br>
Y+Gb3stFopCWxsHFrnqmdyuQCYXRy4iKk/Oj1oGyclmRRC7BC0P+agORSbzi/lI5TWGfhGlZ0YCR
<br>
onW5siucp8XSoqZsI5w7r1IQvnM/QlcSBJn4PrNW/tWQAmLN0n3UoqzjL/Kl6XiW6s1zIF3eHPDz
<br>
GnP2OgyXwM5MsJwuEanfnRWtxxuH29q4BxFwr+cL7Jo8j+aCGY3YPbJnctndnqTvwmX0FRXs8vlj
<br>
K7FCZmNU/TuUm+LqCUtSbbej5zdzgPuuAcviAwIDAQABo4IEhjCCBIIwggIzBgNVHQ4EggIqBIIC
<br>
JjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJDwq/hctDSJ2iAqZ8w6Ri5DUPd5HdDc
<br>
2X0wX0Dm9z1B9QbeDqwVnL2KHIe8FJupNSJd2qbIu7NgfRnqm4e7cxeNTML01gTQkINysNxSnBdI
<br>
8ymew/p2vDXXOdmD5rI1Pc46X/kg3yqm9DSA3twaN3LFliONgpBd7CPQBZJ6IKL630TOyEyWrQOl
<br>
kR1PCr+kHnvFX12dVwHSs1nHPRFm4++CmoIs/GzHgE7o1DAiP10G9ZbsL5a1cWVLZ3yy/Vg+jb5o
<br>
97g2Cuds+RPNL6kyiKuxCb5pUe5HBHR9TbsQ0ElgiUIEF6FNk87gdDZqL+z/6WeNCTxe9ip29fEY
<br>
LuGkUjImiisPo8xR6cO+VZUJ9mJHX4zTMH1GhGmeMLh6CUI7ne/Y4pW2pvvnlEBUcY3FyvTZf89N
<br>
SrZrldZj4Zvey0WikJbGwcWueqZ3K5AJhdHLiIqT86PWgbJyWZFELsELQ/5qA5FJvOL+UjlNYZ+E
<br>
aVnRgJGidbmyK5ynxdKipmwjnDuvUhC+cz9CVxIEmfg+s1b+1ZACYs3SfdSirOMv8qXpeJbqzXMg
<br>
Xd4c8PMac/Y6DJfAzkywnC4Rqd+dFa3HG4fb2rgHEXCv5wvsmjyP5oIZjdg9smdy2d2epO/CZfQV
<br>
Fezy+WMrsUJmY1T9O5Sb4uoJS1Jtt6PnN3OA+64By+IDAgMBAAEwggI3BgNVHSMEggIuMIICKoCC
<br>
AiYwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCQ8Kv4XLQ0idogKmfMOkYuQ1D3eR3Q
<br>
3Nl9MF9A5vc9QfUG3g6sFZy9ihyHvBSbqTUiXdqmyLuzYH0Z6puHu3MXjUzC9NYE0JCDcrDcUpwX
<br>
SPMpnsP6drw11znZg+ayNT3OOl/5IN8qpvQ0gN7cGjdyxZYjjYKQXewj0AWSeiCi+t9EzshMlq0D
<br>
pZEdTwq/pB57xV9dnVcB0rNZxz0RZuPvgpqCLPxsx4BO6NQwIj9dBvWW7C+WtXFlS2d8sv1YPo2+
<br>
aPe4NgrnbPkTzS+pMoirsQm+aVHuRwR0fU27ENBJYIlCBBehTZPO4HQ2ai/s/+lnjQk8XvYqdvXx
<br>
GC7hpFIyJoorD6PMUenDvlWVCfZiR1+M0zB9RoRpnjC4eglCO53v2OKVtqb755RAVHGNxcr02X/P
<br>
TUq2a5XWY+Gb3stFopCWxsHFrnqmdyuQCYXRy4iKk/Oj1oGyclmRRC7BC0P+agORSbzi/lI5TWGf
<br>
hGlZ0YCRonW5siucp8XSoqZsI5w7r1IQvnM/QlcSBJn4PrNW/tWQAmLN0n3UoqzjL/Kl6XiW6s1z
<br>
IF3eHPDzGnP2OgyXwM5MsJwuEanfnRWtxxuH29q4BxFwr+cL7Jo8j+aCGY3YPbJnctndnqTvwmX0
<br>
FRXs8vljK7FCZmNU/TuUm+LqCUtSbbej5zdzgPuuAcviAwIDAQABMA4GA1UdDwEB/wQEAwIGwDAN
<br>
BgkqhkiG9w0BAQ0FAAOCAgEAOu3Y4o7P4wel6zcwGIHfwuTuL/IX9qzYnxtPNkEHL8D8v3P4Tovk
<br>
zDHOou4Ai5yycZninbaoK2WJr80p2HNfISY51fCJZ+Z16xmBlPmunnLI23cTAJGnZlI6WtsZLXQw
<br>
LX91VkqKlRL73+MZECxO0m5I4hxNu8CeOIcQ7aCLvnkO8AEeCa9zAwmiL2tJ8coJvELvqS9Zaiaz
<br>
syix8IWETtrZ+vv+85rASl5PSkCb0AX3eipJoqRgGazWraV7NBwDZgPEYXNQq1/jbQoirjJIzNQO
<br>
KEgH3wViGFVwnW4YJ4dzbtVd6EVaHZGmYb666FpwNPz6OBLgX1sjvDTMTYGYo/VrIN02neYEvBtK
<br>
GrZ5Gw7l7BOyKe92F3iQ3q90/kOBmGnEn8agkKlynv5IlJR8xOCxG1U9e8GFfmAwFS5hYtf0Gh/u
<br>
FRqnOepWQKuZ3kBBR+6KttbE58aD2kVuB36et5Dij1nxr+ihL7e4V42KsQQn/VBDrMoU5xW+yZH/
<br>
aAEgpbfUm5detK5oFqs5JIILFiyUXQCrvYuNZFx4vDqrsDmmAaaAPBlcybCUXseqh4hThyrOJ0dX
<br>
3xaXcwd32t1+/aOa7jgJRTgSklxhhcRCMHI9HWNlLgUWmvZ2O5G70reY4Kyg1NAS56qX48Xbckvy
<br>
VMfem/JPPYT/veThnefIgQk=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo><dsig:Object><QualifyingProperties
xmlns:ns0=<a class="moz-txt-link-rfc2396E"
href="http://uri.etsi.org/01903/v1.1.1#"
moz-do-not-send="true">"http://uri.etsi.org/01903/v1.1.1#"</a>
ns0:Id="QualifyingProperties_ID"
xmlns=<a class="moz-txt-link-rfc2396E"
href="http://uri.etsi.org/01903/v1.1.1#"
moz-do-not-send="true">"http://uri.etsi.org/01903/v1.1.1#"</a>><SignedProperties><SignedSignatureProperties><SigningTime>2019-02-13T11:01:22-08:00</SigningTime></SignedSignatureProperties><SignedDataObjectProperties><DataObjectFormat
ns0:ObjectReference="#Payload_Reference_ID"><Description>description</Description><MimeType>text/html</MimeType></DataObjectFormat></SignedDataObjectProperties></SignedProperties></QualifyingProperties></dsig:Object><dsig:Object><dsig:SignatureProperties><dsig:SignatureProperty
Id="OpenESignForms_Seal_ID"
Target="#OpenESignForms_Seal"><OpenESignForms_XmlDigitalSignatureSeal
xmlns:ns0=<a class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns0:DeploymentHostAddress="192.1.1.1" xmlns:ns1=<a
class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns1:DeploymentHostName="open.esignforms.com" xmlns:ns2=<a
class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns2:DeploymentId="1.1.1.1" xmlns:ns3=<a
class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns3:SignerAddress="192.1.1.1" xmlns:ns4=<a
class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns4:SignerAgent="No-Browser-Test" xmlns:ns5=<a
class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns5:Timestamp="2019-02-13T11:01:22-08:00" xmlns:ns6=<a
class="moz-txt-link-rfc2396E"
href="http://open.esignforms.com/XMLSchema/2011"
moz-do-not-send="true">"http://open.esignforms.com/XMLSchema/2011"</a>
ns6:Version="19.1.19"/></dsig:SignatureProperty></dsig:SignatureProperties></dsig:Object></dsig:Signature></snapshot><br>
<br>
<br>
It's particularly odd because hex 13 isn't a typical character
(^S). <br>
<br>
Any idea what that difference is about for the base64 digests
and signatures? <br>
<br>
David <br>
<br>
<br>
On 2/13/19 6:03 AM, Sean Mullan wrote: <br>
<blockquote type="cite">On 2/12/19 6:28 PM, Open eSignForms
wrote: <br>
<blockquote type="cite">Thanks for the update, Sean. I'm a
bit perplexed because I found the original code works under
Java 9 and Java 10, so it seems like the change occurred in
Java 11. <br>
</blockquote>
<br>
Sorry, that was a typo, I meant to say JDK 11. <br>
<br>
<blockquote type="cite">I don't see the modified version of
the test case. If you attached it, it somehow didn't make
it through to me. <br>
<br>
If it's just a matter of making the code more correct, we'd
love to make the changes. My concern, of course, is that
we've already done millions of XML digital signatures, so we
need that to continue to verify correctly (and even under
Java 11, it seems that the verify code works against
previously digitally signed content) even if we now start
digitally signing using more update-to-date code. <br>
</blockquote>
<br>
The verification of pre-existing signatures should continue to
work regardless of how this bug is addressed. <br>
<br>
<blockquote type="cite">Please send over the modified test
case and I'll take a look. <br>
</blockquote>
<br>
It is attached to the bug report in the Attachments section: <a
class="moz-txt-link-freetext"
href="https://bugs.openjdk.java.net/browse/JDK-8218629"
moz-do-not-send="true">https://bugs.openjdk.java.net/browse/JDK-8218629</a>
(make sure you download the one I added yesterday). <br>
<br>
--Sean <br>
<br>
<blockquote type="cite"> <br>
Thanks! <br>
David <br>
<br>
On 2/12/19 2:14 PM, Sean Mullan wrote: <br>
<blockquote type="cite">The bug is now at <a
class="moz-txt-link-freetext"
href="https://bugs.openjdk.java.net/browse/JDK-8218629"
moz-do-not-send="true">https://bugs.openjdk.java.net/browse/JDK-8218629</a>
<br>
<br>
I have started looking at this issue and have some
progress I can report. <br>
<br>
In JDK 9, we updated the version of the Apache XML
Signature implementation in the JDK. Some of the
marshalling code was rewritten such that it will throw
Exceptions if legacy DOM level 1 methods were used to
create XML content which is then passed into XMLObject and
similar XMLSignature types that take DOMStructure objects.
This is because the DOM level 1 methods do not support
namespaces. <br>
<br>
I am still evaluating what the best fix is. However, you
can workaround the issue by always using DOM level 3
methods which are namespace aware. For example, use
Document.createElementNS instead of Document.createElement
and Element.createAttributeNS instead of
Element.createAttribute. <br>
<br>
Using legacy or non-namespace aware XML parsers or
implementations is not recommended and the XML Signature
Best Practices document gives some rationale:
<a class="moz-txt-link-freetext"
href="https://www.w3.org/TR/xmldsig-bestpractices/#signing-xml-without-namespaces"
moz-do-not-send="true">https://www.w3.org/TR/xmldsig-bestpractices/#signing-xml-without-namespaces</a>
<br>
That said, this is a regression in behavior so it would be
best if we could restore the previous behavior. <br>
<br>
I have attached a modified version of the test case to the
bug report which no longer throws an Exception. Let me
know if this is an acceptable workaround. Double-check the
namespaces that I used to make sure they are correct. <br>
<br>
--Sean <br>
<br>
<br>
On 2/7/19 11:23 AM, Open eSignForms wrote: <br>
<br>
<blockquote type="cite">On 2/7/19 7:49 AM, Sean Mullan
wrote: <br>
<blockquote type="cite">On 2/6/19 4:51 PM, Open
eSignForms wrote: <br>
<blockquote type="cite">I have a test version of the
code that can run standalone and shows the bug. I'm
not sure how best to transfer this information to
the forum for those to play with, but it is included
below. <br>
</blockquote>
<br>
Thanks, I can reproduce the issue now. I will need to
debug further to see what might be causing this. <br>
<br>
--Sean <br>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</blockquote>
</body>
</html>