> Hi, > > I used version 1.1 and I signed documents that has external URI references > using JUNIT tests. Applying the same test with version 1.2, my JUNIT tests > failed. I compare the signature and digest value and they are DIFFERENT > !!!!! > First of all I need more information, can you send the document wich is failling. If not we cannot do anything. Second, I 'm not an xpath expert but I'll take a look to the Object, and see if the signature node are included, in the <edoc:EDOC><edoc:Object> i.e: You have something like: <edoc:EDOC> ... <edoc:Object> ... .. <ds:Siganture> .. .. </edoc:Object> </edoc:EDOC> It this your case you know where you problem reside. If not please fill a bug report
Thanks, Raul > **************************************************************************** > ** > Here is the signature result of my XML document with version 1.1: > **************************************************************************** > ** > > <edoc:SignatureBlock > id="Revision-1-Signature-1"><edoc:SignatureDate>2004-12-16T15:19:57</edoc:Si > gnatureDate><edoc:Signer>Hess Yvan (first signature)</edoc:Signer> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></ds:Canonicaliz > ationMethod> > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod> > <ds:Reference URI=""> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2";> > <dsig-xpath:XPath > xmlns:dsig-xpath="http://www.w3.org/2002/06/xmldsig-filter2"; > Filter="intersect">/edoc:EDOC/edoc:Object</dsig-xpath:XPath> > </ds:Transform> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > <ds:DigestValue>iR+QqWJUmEp9SqD/y7EWwF2Svqg=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="urn:hypersuite:8F1F8E64-C0A8024E0160C4B0-A0033464"> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > <ds:DigestValue>7typFfsZFzJVtEsGinu58N8RtqE=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue> > RwNgZQIe2haQQufbN8N/MeSsLKZOLkDczPai9H2j4GUvc4MYyh5DHzumAUN6TY9xQGp+oisOlPJJ > bLbe33kK0i637v1r737RYg+axX3zuc6N89hjgqpSlGWET23JfzYpCw+ZnhLtDjbD/8pqVB7+NC0P > G7C8E43ZklpxeAZsHI0cuYXwWCOo0GFKyAxhpuvhyjSc2NX9UBy9N5IL/l6rHTH7T3PXv1+nuKXV > gkXEG587IWCcxjRLM/rBzdCr3WE1gslpWOr/9LOOhXzm6JkswS+QaBaawThuZi8KryTfeM4YTHvO > urniH1fN3pH5aNpgGLu/PB6zusv7jjXEJBzHmQ== > </ds:SignatureValue> > ...... > > **************************************************************************** > ** > Here is the signature result of my XML document with version 1.2 > **************************************************************************** > ** > > <edoc:SignatureBlock > id="Revision-1-Signature-1"><edoc:SignatureDate>2004-12-10T15:04:55</edoc:Si > gnatureDate><edoc:Signer>Hess Yvan (first signature)</edoc:Signer> > <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > <ds:SignedInfo> > <ds:CanonicalizationMethod > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></ds:Canonicaliz > ationMethod> > <ds:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></ds:SignatureMethod> > <ds:Reference URI=""> > <ds:Transforms> > <ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2";> > <dsig-xpath:XPath > xmlns:dsig-xpath="http://www.w3.org/2002/06/xmldsig-filter2"; > Filter="intersect">/edoc:EDOC/edoc:Object</dsig-xpath:XPath> > </ds:Transform> > </ds:Transforms> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > <ds:DigestValue>VUXqX81Q/RLCegjQdaBOISDDayE=</ds:DigestValue> > </ds:Reference> > <ds:Reference URI="urn:hypersuite:8F1F8E64-C0A8024E0160C4B0-A0033464"> > <ds:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></ds:DigestMethod> > <ds:DigestValue>7typFfsZFzJVtEsGinu58N8RtqE=</ds:DigestValue> > </ds:Reference> > </ds:SignedInfo> > <ds:SignatureValue> > rnvby10ZnBnqZcR6qQk48SmagIRdF9dBZ0RAvR/eSq44G12nZbxWJHDGPfZE3d7msCZKKsbXqqGl > 6QnoqOJUf+mMjoBcytsfXUBfznGu20T63JbXEGhaGW/XqBvbyATiSnR3NFf/KzrxV73KKQAWHOv/ > SZDMln17J//mRvjEa+78JEdaKRRS4C1JCtktm88FJrpeeIsNJoZ1Swm0Lcn/9/aX1L85Xrs7NDKz > 0eCt/bfaFStY9ILYLzzKVrrQmyeU8nJA8a3ky1ZFBMYXB8n4DsYb6f+JJTvJjtBtgZw7doV/hzc+ > PTK6pVUCD90t7Gv7vSq+eI7NQte3WC3RK/yfBA== > </ds:SignatureValue> > ....... > > As you can see DigestValue and SignatureValue are different with version > 1.1 and 1.2 !!!!!!!!!!!!!!!! What is the problem ? In which version can I > rely ? > > Can anybody help me. It is a critical point for us because we archive > signed > xml document on optical disk and if they are wrong signed.... > > > Regards. Yvan Hess > >
