Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-571

A signature generated by JAVA 8.0_231 (and above) doesn't match that generated by 8.0_221

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Minor
    • Resolution: Workaround
    • Java 2.1.3
    • None
    • Java
    • Windows 10, Java

    Description

      As I understand it from JAVA 8.0_231 upgraded the Apache Santuario libraries to v2.1.3. From that point a signature using <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha512"/> generates an invalid signature.

      I have attached signed files generated using JAVA 8.0_221 and one using JAVA 8.0_301 - all versions from 231 upwards generate invalid signature.

      The signature is a requirement of the ROI Revenue services. We have a JAR file set up to generate the signature.

      Hopefully this may be fixed by adding additional instructions to the JAR file. I can supply the JAR file and the unsigned XML if required used to generate the signed XML.

       

      I don't know if this is considered a JAVA issue or an Apache issue

       

      Attachments

        1. V221 LookupRPN message 2021_07_21 17_21_47.xml
          5 kB
          john james mustard
        2. v301 LookupRPN message 2021_07_21 17_00_15.xml
          5 kB
          john james mustard

        Activity

          People

            coheigea Colm O hEigeartaigh
            Mustard1 john james mustard
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: