You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by "Stephen Chell (DSL AK)" <St...@datacom.co.nz> on 2004/04/07 07:37:44 UTC

Enveloped signature verification problem

Apologies for this, but I've been bashing my head against a brick wall most
of the day trying to solve this.

Can anyone tell my why the enveloped signature in the following XML document
wont verify?  When I call 
signature.checkSignatureValue(cert) it returns false.  The problem seems to
be related to the fact that I'm using SOAP, because I can create another
simple enveloped signature without using SOAP and it verifies fine.  Any
help would be much appreciated.

Thanks in advance ...
Steve


<SOAP-ENV:Envelope
xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
	<SOAP-ENV:Header/>
	<SOAP-ENV:Body/>
	<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
		<SignedInfo>
			<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
			<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
			<Reference URI="">
				<Transforms>
					<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
					<Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
				</Transforms>
				<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
	
<DigestValue>3G4kS4EIcy5CFXHrWOkD+1n++hc=</DigestValue>
			</Reference>
		</SignedInfo>
	
<SignatureValue>WDLlcnjJXhIfX/RidflYQyWkZ7gxSSQCX3j3A0NddMG8XTMxu1KJkA==</Si
gnatureValue>
		<KeyInfo>
			<X509Data>
				<X509Certificate>
MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2
ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl
dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC
REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD
VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T
gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv
8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv
u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e
K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR
cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK
8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC
FA9ab72kKuB5geYGeckbBrcgPnZk
</X509Certificate>
			</X509Data>
		</KeyInfo>
	</Signature>
</SOAP-ENV:Envelope>

Re: Enveloped signature verification problem

Posted by Berin Lautenbach <be...@wingsofhermes.org>.

Stephen,

How do you create the signature?

Can you put a copy of the signature to the list as a file?  My mail 
client is chopping stuff all over the place when I try to cut and paste :<.

Cheers,
	Berin


Stephen Chell (DSL AK) wrote:

> Apologies for this, but I've been bashing my head against a brick wall most
> of the day trying to solve this.
> 
> Can anyone tell my why the enveloped signature in the following XML document
> wont verify?  When I call 
> signature.checkSignatureValue(cert) it returns false.  The problem seems to
> be related to the fact that I'm using SOAP, because I can create another
> simple enveloped signature without using SOAP and it verifies fine.  Any
> help would be much appreciated.
> 
> Thanks in advance ...
> Steve
> 
> 
> <SOAP-ENV:Envelope
> xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/">
> 	<SOAP-ENV:Header/>
> 	<SOAP-ENV:Body/>
> 	<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> 		<SignedInfo>
> 			<CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> 			<SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
> 			<Reference URI="">
> 				<Transforms>
> 					<Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> 					<Transform
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> 				</Transforms>
> 				<DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> 	
> <DigestValue>3G4kS4EIcy5CFXHrWOkD+1n++hc=</DigestValue>
> 			</Reference>
> 		</SignedInfo>
> 	
> <SignatureValue>WDLlcnjJXhIfX/RidflYQyWkZ7gxSSQCX3j3A0NddMG8XTMxu1KJkA==</Si
> gnatureValue>
> 		<KeyInfo>
> 			<X509Data>
> 				<X509Certificate>
> MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2
> ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl
> dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC
> REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD
> VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T
> gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv
> 8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
> Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv
> u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e
> K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
> gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR
> cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK
> 8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC
> FA9ab72kKuB5geYGeckbBrcgPnZk
> </X509Certificate>
> 			</X509Data>
> 		</KeyInfo>
> 	</Signature>
> </SOAP-ENV:Envelope>
> 
>