You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by "Stephen Chell (DSL AK)" <St...@datacom.co.nz> on 2004/04/07 07:37:44 UTC
Enveloped signature verification problem
Apologies for this, but I've been bashing my head against a brick wall most
of the day trying to solve this.
Can anyone tell my why the enveloped signature in the following XML document
wont verify? When I call
signature.checkSignatureValue(cert) it returns false. The problem seems to
be related to the fact that I'm using SOAP, because I can create another
simple enveloped signature without using SOAP and it verifies fine. Any
help would be much appreciated.
Thanks in advance ...
Steve
<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
<SOAP-ENV:Header/>
<SOAP-ENV:Body/>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>3G4kS4EIcy5CFXHrWOkD+1n++hc=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>WDLlcnjJXhIfX/RidflYQyWkZ7gxSSQCX3j3A0NddMG8XTMxu1KJkA==</Si
gnatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>
MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2
ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl
dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC
REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD
VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T
gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv
8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv
u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e
K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR
cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK
8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC
FA9ab72kKuB5geYGeckbBrcgPnZk
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</SOAP-ENV:Envelope>
Re: Enveloped signature verification problem
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Stephen,
How do you create the signature?
Can you put a copy of the signature to the list as a file? My mail
client is chopping stuff all over the place when I try to cut and paste :<.
Cheers,
Berin
Stephen Chell (DSL AK) wrote:
> Apologies for this, but I've been bashing my head against a brick wall most
> of the day trying to solve this.
>
> Can anyone tell my why the enveloped signature in the following XML document
> wont verify? When I call
> signature.checkSignatureValue(cert) it returns false. The problem seems to
> be related to the fact that I'm using SOAP, because I can create another
> simple enveloped signature without using SOAP and it verifies fine. Any
> help would be much appreciated.
>
> Thanks in advance ...
> Steve
>
>
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
> <SOAP-ENV:Header/>
> <SOAP-ENV:Body/>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
> <Reference URI="">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> <Transform
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>
> <DigestValue>3G4kS4EIcy5CFXHrWOkD+1n++hc=</DigestValue>
> </Reference>
> </SignedInfo>
>
> <SignatureValue>WDLlcnjJXhIfX/RidflYQyWkZ7gxSSQCX3j3A0NddMG8XTMxu1KJkA==</Si
> gnatureValue>
> <KeyInfo>
> <X509Data>
> <X509Certificate>
> MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2
> ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl
> dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC
> REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD
> VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T
> gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv
> 8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
> Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv
> u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e
> K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
> gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR
> cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK
> 8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC
> FA9ab72kKuB5geYGeckbBrcgPnZk
> </X509Certificate>
> </X509Data>
> </KeyInfo>
> </Signature>
> </SOAP-ENV:Envelope>
>
>