[SANTUARIO-571] A signature generated by JAVA 8.0_231 (and above) doesn't match that generated by 8.0_221 - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Workaround
Affects Version/s: Java 2.1.3
Fix Version/s: None
Component/s: Java
Labels:
- encryption
Environment:
Windows 10, Java

Language:
- javascript

Description

As I understand it from JAVA 8.0_231 upgraded the Apache Santuario libraries to v2.1.3. From that point a signature using <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> generates an invalid signature.

I have attached signed files generated using JAVA 8.0_221 and one using JAVA 8.0_301 - all versions from 231 upwards generate invalid signature.

The signature is a requirement of the ROI Revenue services. We have a JAR file set up to generate the signature.

Hopefully this may be fixed by adding additional instructions to the JAR file. I can supply the JAR file and the unsigned XML if required used to generate the signed XML.

I don't know if this is considered a JAVA issue or an Apache issue

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

v301 LookupRPN message 2021_07_21 17_00_15.xml
26/Jul/21 12:15
5 kB
john james mustard
V221 LookupRPN message 2021_07_21 17_21_47.xml
26/Jul/21 12:15
5 kB
john james mustard

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: john james mustard

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 26/Jul/21 12:25

Updated:: 27/Jul/21 09:27

Resolved:: 27/Jul/21 09:27