c faq.xml

blautenb 20 Nov 2003 09:03:18 -0000

blautenb    2003/11/20 01:03:41


  Modified:    doc/site/src/documentation/content/xdocs/Java faq.xml
               doc/site/src/documentation/content/xdocs/c faq.xml
  Log:
  Added FAQ to C++ and Java around ordering of sign and Signature element 
insertion
  
  Revision  Changes    Path
  1.2       +48 -0     
xml-security/doc/site/src/documentation/content/xdocs/Java/faq.xml
  
  Index: faq.xml
  ===================================================================
  RCS file: 
/home/cvs/xml-security/doc/site/src/documentation/content/xdocs/Java/faq.xml,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- faq.xml   15 Mar 2003 04:44:03 -0000      1.1
  +++ faq.xml   20 Nov 2003 09:03:41 -0000      1.2
  @@ -236,9 +236,57 @@
        </p> 
         </answer>
       </faq>
  +     <faq id="elementorder">
  +       <question>
  +             I sign a document and when I try to verify using the same key, 
it fails
  +       </question>
  +       <answer>
  +             <p>
  +               After you have created the XMLSignature object, before you 
sign the
  +               document, you <em>must</em> embed the signature element in 
the owning
  +               document (using a call to 
<code>XMLSignature.getElement()</code> to
  +               retrieve the newly created Element node from the signature) 
before
  +               calling the <code>XMLSignature.sign()</code> method,
  +             </p>
  +             <p>
  +               During canonicalisation of the SignedInfo element, the 
library looks
  +               at the parent and ancestor nodes of the Signature element to 
find
  +               any namespaces that the SignedInfo node has inherited.  Any 
that are
  +               found are embedded in the canonical form of the SignedInfo.  
(This
  +               is not true when Exclusive Canonicalisation is used, but it 
is still
  +               good practice to insert the element node prior to the sign()
  +               method being called).
  +             </p>
  +             <p>
  +               If you have not embedded the signature node in the document, 
it will
  +               not have any parent or ancestor nodes, so it will not inherit 
their
  +               namespaces.  If you then embed it in the document and call 
<code>
  +                     verify()</code>, the namespaces will be found and the 
canonical 
  +               form of SignedInfo will be different to that generated during 
  +               <code>sign()</code>.
  +             </p>
  +       </answer>
  +     </faq>
     </part>
   
   </faqs>
   
   
   
  +<!-- Keep this comment at the end of the file
  +Local variables:
  +mode: xml
  +sgml-omittag:nil
  +sgml-shorttag:nil
  +sgml-namecase-general:nil
  +sgml-general-insert-case:lower
  +sgml-minimize-attributes:nil
  +sgml-always-quote-attributes:t
  +sgml-indent-step:2
  +sgml-indent-data:t
  +sgml-parent-document:nil
  +sgml-exposed-tags:nil
  +sgml-local-catalogs:nil
  +sgml-local-ecat-files:nil
  +End:
  +-->
  
  
  
  1.4       +31 -0     
xml-security/doc/site/src/documentation/content/xdocs/c/faq.xml
  
  Index: faq.xml
  ===================================================================
  RCS file: 
/home/cvs/xml-security/doc/site/src/documentation/content/xdocs/c/faq.xml,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- faq.xml   9 Aug 2003 12:02:33 -0000       1.3
  +++ faq.xml   20 Nov 2003 09:03:41 -0000      1.4
  @@ -82,6 +82,37 @@
                </p>
          </answer>
        </faq>
  +     <faq id="elementorder">
  +       <question>
  +             I sign a document and when I try to verify using the same key, 
it fails
  +       </question>
  +       <answer>
  +             <p>
  +               After you have created the XMLSignature object, before you 
sign the
  +               document, you <em>must</em> embed the signature element in 
the owning
  +               document (which is returned by the call to 
  +               <code>DSIGSignature::createBlankSignature(...)</code>) before
  +               calling the <code>DSIGSignature::sign()</code> method,
  +             </p>
  +             <p>
  +               During canonicalisation of the SignedInfo element, the 
library looks
  +               at the parent and ancestor nodes of the Signature element to 
find
  +               any namespaces that the SignedInfo node has inherited.  Any 
that are
  +               found are embedded in the canonical form of the SignedInfo.  
(This
  +               is not true when Exclusive Canonicalisation is used, but it 
is still
  +               good practice to insert the element node prior to the sign()
  +               method being called).
  +             </p>
  +             <p>
  +               If you have not embedded the signature node in the document, 
it will
  +               not have any parent or ancestor nodes, so it will not inherit 
their
  +               namespaces.  If you then embed it in the document and call 
<code>
  +                     verify()</code>, the namespaces will be found and the 
canonical 
  +               form of SignedInfo will be different to that generated during 
  +               <code>sign()</code>.
  +             </p>
  +       </answer>
  +     </faq>
     </part>
   </faqs>

cvs commit: xml-security/doc/site/src/documentation/content/xdocs/c faq.xml

Reply via email to