Hi,
Two Signature Elements (e1,e2) which seem to be equal (when serialised)
but one is verified and other is not.
something like this -
...
Verifying e1 ...
19 Apr, 2005 10:11:20 AM org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI ""
...
Result of e1.equalsNode(e2) is:- true
...
// Now this fails.
Verifying e2 ...
19 Apr, 2005 10:11:21 AM org.apache.xml.security.signature.Reference verify
WARNING: Verification failed for URI ""
Now i am sending e1 from one module and receiving e2 at other.
and then I get verification failure .
I have also attached the dump of signature i am trying to verify.
Someone please tell me
* Does verification of a signature depends on only on the element Signature
or else.
* I mean If Element attributes like parent node , baseURI , ownerDocument
( which are not considered in equalNode() method )
are they significant for signature verification ?
* Also , Can i know the reason for failure ?
* And , How do i solve this problem?
someone plz help me,
thanks,
Pushya.
--
These are the code fragments i use,
// Verify method.
public boolean Verify(Element e) throws Exception
{
XMLSignature xmlSignature =
= new XMLSignature( (Element)e , "" );
KeyInfo ki = xmlSignature.getKeyInfo();
X509Certificate cert = xmlSignature.getKeyInfo().getX509Certificate();
cert.checkValidity();
boolean Result = xmlSignature.checkSignatureValue(cert);
return Result;
}
...
...
System.out.println("Verifying e1 ...");
Verify(e1);
System.out.println("Result of e1.equalsNode(e2) is: " +
(e1.isEqualNode(e2)));
System.out.println("Verifying e2 ...");
Verify(e2);
--
Pushyamitra Navare
<?xml version="1.0" encoding="UTF-8"?>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Transform
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:DigestValue
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>pxpzdpz0tCTIxj7/Gpmqwn6ZgoU=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>GYX3TGsfarwEEBzFHCGuijnRowNREzsUdrK49aMaNOcohfeUSZrUJg==</ds:SignatureValue>
<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
MIIFMjCCBBqgAwIBAgIBBTANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCSU4xCzAJBgNVBAgT
Ak1IMQ0wCwYDVQQHEwRQdW5lMRIwEAYDVQQKEwlCbGl0ei5vcmcxCzAJBgNVBAsTAkNBMRswGQYD
VQQDExJQdXNoeWFtaXRyYSBOYXZhcmUxKzApBgkqhkiG9w0BCQEWHHB1c2h5YW1pdHJhLm5hdmFy
ZUBnbWFpbC5jb20wHhcNMDUwMzE2MTM1NzA0WhcNMDYwMzE2MTM1NzA0WjBjMQswCQYDVQQGEwJJ
TjELMAkGA1UECBMCTUgxDTALBgNVBAcTBFB1bmUxEDAOBgNVBAoTB0lEUC5vcmcxEDAOBgNVBAsT
B0lEUCBJTkMxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/
U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00
b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith
1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmU
r7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOu
HiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQA
AoGABYzBvi2HAaG5KYvlGbxabr9oeS5egJd/lkJost/NhBRt0mTowzA17+nTPiWZUpU2gArlNQFa
fb1rCZQRcbknvHuLxxyRTekVl9m9xItygqQQz1PfcLQXSt8EJU8gzVRO+DcPN/+XK+GJBxRYmgwc
aaLEyJ8fjw998TrY7rrbwV6jggEoMIIBJDAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu
U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUOKOL14TNJerSJFkA9bJ7e+YJen8w
gckGA1UdIwSBwTCBvoAUZQIV2LORTCjOPmIcBwbPTa7NueKhgZqkgZcwgZQxCzAJBgNVBAYTAklO
MQswCQYDVQQIEwJNSDENMAsGA1UEBxMEUHVuZTESMBAGA1UEChMJQmxpdHoub3JnMQswCQYDVQQL
EwJDQTEbMBkGA1UEAxMSUHVzaHlhbWl0cmEgTmF2YXJlMSswKQYJKoZIhvcNAQkBFhxwdXNoeWFt
aXRyYS5uYXZhcmVAZ21haWwuY29tggkAuOPJOxtwTVMwDQYJKoZIhvcNAQEEBQADggEBABtnzzVr
v4f7PCu+sLdbHISXf781s3yyF/Ya7tPDkWOBl0j8iNt0sWxi2gR9lhbktBSn5Q6qDrTNQ7iBaRmz
PpJxj8fTkIY2jNkwekoZ6jVTIweeJ6Wz4yM4c/lHjbSQ1xTjf8/t67NY8JYlEotOY6OLGfQTucU0
WiLbMzV26JOeM81gcLBW2dqyW+foXLyn34xtH9AEIgZr7guEfDWXzNFRgSjA3er7CeolKf7ZK+dx
NVeqwzRsZ1hXQXv5KLDPQfQuWeh+dpH8BrZM/wo42IPmuigfIv9gbcbjpkvrRfCpfiC+lZ/ogu2n
C+R1+vK1gBmhVDgyqHcDULwRlwwR/AY=
</ds:X509Certificate>
</ds:X509Data>
<ds:KeyValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:DSAKeyValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:P xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA
HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
K2HXKu/yIgMZndFIAcc=
</ds:P>
<ds:Q
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q>
<ds:G xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL
Zl6Ae1UlZAFMO/7PSSo=
</ds:G>
<ds:Y xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
BYzBvi2HAaG5KYvlGbxabr9oeS5egJd/lkJost/NhBRt0mTowzA17+nTPiWZUpU2gArlNQFafb1r
CZQRcbknvHuLxxyRTekVl9m9xItygqQQz1PfcLQXSt8EJU8gzVRO+DcPN/+XK+GJBxRYmgwcaaLE
yJ8fjw998TrY7rrbwV4=
</ds:Y>
</ds:DSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
