Cart
[Home] [By Thread] [By Date] [Recent Entries]
Hi, I just found out the problem, it is in the CRLF vs. LF dilemma. I now: - first save the xml file - reload and parse it - then regenerate the digest - store the digest in the original xml - save the original xml This works. It's just clumsy, so if anybody knows a better solution than this workaround that would be great. Iwan :> -----Original Message----- :> From: Iwan Eising [mailto:java@i...] :> Sent: Sunday, April 29, 2001 10:23 AM :> To: xml-dev@l... :> Subject: XML Digests using Xerces and XML Security Suite :> :> Hi, :> :> I'm writing an application that generates an XML document and :> saves it to a :> file. Later when the file is read again, I want to make sure :> that it is the :> same file. I want to use an MD5 digest to check this, the digest :> is stored :> in the XML document it self, so when I send it to a different location :> (possibly over the Internet) I can still check if it is the :> original file I :> created in the first place. :> I downloaded IBM's XML Security Suite and I created the following two :> methods (full code below): :> :> boolean checkSignature(Node node,String signature); :> String generateSignature(Node node); :> :> I store the signature in the XML document it self. The XML :> document has the :> following structure: :> :> <Document> :> <signature> :> <!-- signature-value in BASE64 --> :> </signature> :> <ActualContents> :> </ActualContents> :> </Document> :> :> I made sure that in both case the Digest is generated from ActualContents :> node (The System.out shows me this). I'm using DOM, so the :> complete document :> is read before it is being processed. :> :> For some reason when I read the DOM from file and take the node :> and feed it :> to checkSignature, I get a different Digest than when I create :> the DOM from :> scratch and generate the digest. :> :> Does anybody know what I'm doing wrong, or have a :> better/easier/working way :> of solving this problem? :> :> Thanks, :> Iwan :> :> :> protected boolean checkSignature(Node node,String signature) :> { :> boolean result = false; :> :> System.out.println("Start hash at: " + node.getNodeName()); :> try :> { :> byte[] digest = :> Digest.getDigest(MessageDigest.getInstance("MD5"), node); :> BASE64Encoder encoder = new BASE64Encoder(); :> String genSignature = encoder.encode(digest); :> result = signature.equals(genSignature); :> } :> catch(NoSuchAlgorithmException exc) :> { :> exc.printStackTrace(); :> } :> :> return (result); :> } :> :> protected String generateSignature(Node node) :> { :> String id=""; :> :> System.out.println("Start hash at: " + node.getNodeName()); :> try :> { :> byte[] digest = :> Digest.getDigest(MessageDigest.getInstance("MD5"), node); :> BASE64Encoder encoder = new BASE64Encoder(); :> id = encoder.encode(digest); :> } :> catch(NoSuchAlgorithmException exc) :> { :> exc.printStackTrace(); :> } :> :> return (id); :> } :> :> :> --- :> This email is sent to you by...me :> You're welcome to visit my sites at: :> :> http://www.cyberhighscore.com :> http://www.i-ware.net :> or :> ICQ: 31720413 :> :> Direct downloads: :> Free Game: http://www.i-ware.net\binaries\thrillfill.zip :> Free Tool: http://www.i-ware.net\binaries\thrillfilleditor2.zip :> :>
|
