Are you able to try the code in CVS? This is a known bug where a single text node of > 16K would get (from memory) the last size%16K bytes signed due to an incorrect assumption around the way Xerces handles transcoded text.
So if your texnode is equal to 16K+0x500 bytes long, that would explain this behaviour.
Alternatively - can you send my the full file - either directly or via a bug report in bugzilla and I will have a look.
Thanks!
Cheers,
BerinAndrzej Matejko wrote:
Hi,
I have serious problem: when I sing and verify signature the hash
value is calculated not over whole node with data, but only for about
0x500 bytes. I can't discover what is wrong.... The only things I found are:
- void TXFMSHA1::setInput(TXFMBase * inputT) (called by
DSIGReference::calculateHash through appendTxfm) calculate hash here:
while ((size = input->readBytes((XMLByte *) buffer, 1024)) != 0)
mp_h->hash(buffer, size);
- and input->readBytes is getting data by calling
XSECCanon::OutputBuffer()...
And here is the problem. OutputBuffer dosn't return all of data but it stops after about 0x500 bytes.... Can anybody tell my why?
Andrew
Ps. This is the 'core' of the file that I verify.
<SignetDocument> <ds:Signature Id="C_Signature" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#object"> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>gY/3lZRV7Ojw6ub6WVa6aW8OslY=</ds:DigestValue> </ds:Reference> <ds:Reference URI="#SignedProperties"> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>U1MHNj0g1tYWyMi+1de18P8vcwI=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>AQh4LSZJ9/n2xsOvYmuNAgg09/7ZfX43cH8qoKiEqaADY2sYLCTZ5 +8UpaKe4OulCw6ueX3HKyg7 kJ/c2t+pGBlyiYiodXI7zM0lYGBlz8uipKFeurUGeXmncHwoMTbzAQdt9fp/rqqYg4C/1NVJ 7umi DAbPaG1tVV/sh4iJ5hE=</ds:SignatureValue> <ds:KeyInfo> <!--- cut --> </ds:KeyInfo> </ds:Signature> <Object Encoding="http://www.w3.org/2000/09/xmldsig#base64"; Id="object" MimeType="text/plain">Qk3a0hAAAAAAADYAAAAoAAAAvAIAAA0CAAABABgAAAAAAKTSEA DEDgAAxA4A AAAAAAAAAAAA//////////////////////////////////////////////// //////////////////////////////////////////////////////////// <!-- cut -> </Object><Object><QualifyingProperties Target="#C_Signature"><SignedProperties Id="SignedProperties"><SignedSignatureProperties><SigningTime>2004-01-15 T10-46-20Z</SigningTime> <SigningCertificate>..........</SigningCertificate><SignaturePolicyIdent ifier/> </SignedSignatureProperties> <SignedDataObjectProperties><DataObjectFormat ObjectReference="#object"><Description/> Nowy Obraz - mapa bitowa.bmp</DataObjectFormat> </SignedDataObjectProperties> </SignedProperties> </QualifyingProperties> </Object> </SignetDocument>
