Pushya,
I just quickly skimmed the signature - the reference is an enveloped signature, but there is nothing in the document but the signature itself?
Also the actual signature itself fails. Are you "pretty printing" the XML after the signature operation itself? It almost reads like line feeds have been added post signing.
Cheers,
BerinPushyamitra Navare wrote:
Hi,
Two Signature Elements (e1,e2) which seem to be equal (when serialised) but one is verified and other is not.
something like this -
... Verifying e1 ... 19 Apr, 2005 10:11:20 AM org.apache.xml.security.signature.Reference verify INFO: Verification successful for URI "" ...
Result of e1.equalsNode(e2) is:- true
... // Now this fails. Verifying e2 ... 19 Apr, 2005 10:11:21 AM org.apache.xml.security.signature.Reference verify WARNING: Verification failed for URI ""
Now i am sending e1 from one module and receiving e2 at other. and then I get verification failure .
I have also attached the dump of signature i am trying to verify.
Someone please tell me * Does verification of a signature depends on only on the element Signature or else. * I mean If Element attributes like parent node , baseURI , ownerDocument
( which are not considered in equalNode() method )
are they significant for signature verification ?
* Also , Can i know the reason for failure ?
* And , How do i solve this problem?
someone plz help me,
thanks,
Pushya.
--
These are the code fragments i use,
// Verify method.
public boolean Verify(Element e) throws Exception
{
XMLSignature xmlSignature = = new XMLSignature( (Element)e , "" );
KeyInfo ki = xmlSignature.getKeyInfo(); X509Certificate cert = xmlSignature.getKeyInfo().getX509Certificate(); cert.checkValidity(); boolean Result = xmlSignature.checkSignatureValue(cert); return Result; }
...
... System.out.println("Verifying e1 ...");
Verify(e1);
System.out.println("Result of e1.equalsNode(e2) is: " + (e1.isEqualNode(e2)));
System.out.println("Verifying e2 ..."); Verify(e2);
-- Pushyamitra Navare
------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8"?> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>pxpzdpz0tCTIxj7/Gpmqwn6ZgoU=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>GYX3TGsfarwEEBzFHCGuijnRowNREzsUdrK49aMaNOcohfeUSZrUJg==</ds:SignatureValue> <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:X509Data xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:X509Certificate xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> MIIFMjCCBBqgAwIBAgIBBTANBgkqhkiG9w0BAQQFADCBlDELMAkGA1UEBhMCSU4xCzAJBgNVBAgT Ak1IMQ0wCwYDVQQHEwRQdW5lMRIwEAYDVQQKEwlCbGl0ei5vcmcxCzAJBgNVBAsTAkNBMRswGQYD VQQDExJQdXNoeWFtaXRyYSBOYXZhcmUxKzApBgkqhkiG9w0BCQEWHHB1c2h5YW1pdHJhLm5hdmFy ZUBnbWFpbC5jb20wHhcNMDUwMzE2MTM1NzA0WhcNMDYwMzE2MTM1NzA0WjBjMQswCQYDVQQGEwJJ TjELMAkGA1UECBMCTUgxDTALBgNVBAcTBFB1bmUxEDAOBgNVBAoTB0lEUC5vcmcxEDAOBgNVBAsT B0lEUCBJTkMxFDASBgNVBAMTC3d3dy5pZHAuY29tMIIBtzCCASwGByqGSM44BAEwggEfAoGBAP1/ U4EddRIpUt9KnC7s5Of2EbdSPO9EAMMeP4C2USZpRV1AIlH7WT2NWPq/xfW6MPbLm1Vs14E7gB00 b/JmYLdrmVClpJ+f6AR7ECLCT7up1/63xhv4O1fnxqimFQ8E+4P208UewwI1VBNaFpEy9nXzrith 1yrv8iIDGZ3RSAHHAhUAl2BQjxUjC8yykrmCouuEC/BYHPUCgYEA9+GghdabPd7LvKtcNrhXuXmU r7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3zwkyjMim4TwWeotUfI0o4KOu HiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKLZl6Ae1UlZAFMO/7PSSoDgYQA AoGABYzBvi2HAaG5KYvlGbxabr9oeS5egJd/lkJost/NhBRt0mTowzA17+nTPiWZUpU2gArlNQFa fb1rCZQRcbknvHuLxxyRTekVl9m9xItygqQQz1PfcLQXSt8EJU8gzVRO+DcPN/+XK+GJBxRYmgwc aaLEyJ8fjw998TrY7rrbwV6jggEoMIIBJDAJBgNVHRMEAjAAMCwGCWCGSAGG+EIBDQQfFh1PcGVu U1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUOKOL14TNJerSJFkA9bJ7e+YJen8w gckGA1UdIwSBwTCBvoAUZQIV2LORTCjOPmIcBwbPTa7NueKhgZqkgZcwgZQxCzAJBgNVBAYTAklO MQswCQYDVQQIEwJNSDENMAsGA1UEBxMEUHVuZTESMBAGA1UEChMJQmxpdHoub3JnMQswCQYDVQQL EwJDQTEbMBkGA1UEAxMSUHVzaHlhbWl0cmEgTmF2YXJlMSswKQYJKoZIhvcNAQkBFhxwdXNoeWFt aXRyYS5uYXZhcmVAZ21haWwuY29tggkAuOPJOxtwTVMwDQYJKoZIhvcNAQEEBQADggEBABtnzzVr v4f7PCu+sLdbHISXf781s3yyF/Ya7tPDkWOBl0j8iNt0sWxi2gR9lhbktBSn5Q6qDrTNQ7iBaRmz PpJxj8fTkIY2jNkwekoZ6jVTIweeJ6Wz4yM4c/lHjbSQ1xTjf8/t67NY8JYlEotOY6OLGfQTucU0 WiLbMzV26JOeM81gcLBW2dqyW+foXLyn34xtH9AEIgZr7guEfDWXzNFRgSjA3er7CeolKf7ZK+dx NVeqwzRsZ1hXQXv5KLDPQfQuWeh+dpH8BrZM/wo42IPmuigfIv9gbcbjpkvrRfCpfiC+lZ/ogu2n C+R1+vK1gBmhVDgyqHcDULwRlwwR/AY= </ds:X509Certificate> </ds:X509Data> <ds:KeyValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:DSAKeyValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:P xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> /X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu K2HXKu/yIgMZndFIAcc= </ds:P> <ds:Q xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q> <ds:G xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> 9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3 zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL Zl6Ae1UlZAFMO/7PSSo= </ds:G> <ds:Y xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> BYzBvi2HAaG5KYvlGbxabr9oeS5egJd/lkJost/NhBRt0mTowzA17+nTPiWZUpU2gArlNQFafb1r CZQRcbknvHuLxxyRTekVl9m9xItygqQQz1PfcLQXSt8EJU8gzVRO+DcPN/+XK+GJBxRYmgwcaaLE yJ8fjw998TrY7rrbwV4= </ds:Y> </ds:DSAKeyValue> </ds:KeyValue> </ds:KeyInfo> </ds:Signature>
