RE: Signature validation issues

David Garcia Thu, 01 Sep 2005 06:45:45 -0700

Thanks a lot Sean :D

Regards


Dave Garcia

-----Mensaje original-----
De: Sean Mullan [mailto:[EMAIL PROTECTED] 
Enviado el: jueves, 01 de septiembre de 2005 14:29
Para: security-dev@xml.apache.org
Asunto: Re: Signature validation issues

The JSR 105 API which will be added to the next (1.4) release of Apache 
XMLSec allows you to determine whether an invalid signature was caused 
by a signature value that failed to verify and/or if one or more of the 
reference digests failed to match.

--Sean

David Garcia wrote:
> Hi,
> 
>  
> 
> My name is David Garcia and I'm developing an XmlSignature Validation 
> engine. In the first step it uses apache security framework to check 
> signature's correctness and when the signature is valid there's no 
> problem but when there's a problem with something (like a bad hash, 
> invalid SignatureValue or something) I can't get the cause of what 
> happened because only a false return value is returned. In my 
> application I return a more concise data of what happened including a 
> Major and Minor code like the following:
> 
>  
> 
> public enum Major {
> 
>                         VALID,
> 
>                         INVALID,
> 
>                         UNDEFINED,
> 
>             }
> 
>            
> 
>             public enum Minor {
> 
>                         CORRECT,
> 
>                         INCORRECT,
> 
>                         SEMANTIC_ERROR,
> 
>                         SYNTACTIC_ERROR,
> 
>                         MISSING_SIGNED_ATTRIBUTES,
> 
>                         INVALID_SIGNED_ATTRIBUTES,
> 
>                         INVALID_UNSIGNED_ATTRIBUTES,
> 
>                         INVALID_CONTENT_INFO,
> 
>                         INVALID_ENCAPSULATED_CONTENT,
> 
>                         INVALID_KEY,
> 
>                         INVALID_SIGNATURE,
> 
>                         MISSING_CERTIFICATES,
> 
>                         MISSING_SIGNER_INFO,
> 
>                         KEY_NOT_RECOVERABLE,
> 
>                         INVALID_DIGEST_VALUE,
> 
>                         REFERENCE_NOT_INITIALIZED,
> 
>                         MISSING_RESOURCE,
> 
>                         UNKNOWN_ALGORITHM;
> 
>             }
> 
>  
> 
> I found that there are several exceptions like 
> InvalidDigestValueException or InvalidSignatureValueException but
nobody 
> throws them L
> 
>  Is there any way of finding what happened on  the validation process 
> when the signature is not valid?
> 
>  
> 
> Regards
> 
>  
> 
> Dave Garcia
> 
>  
> 
>  
> 



-- 
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.344 / Virus Database: 267.10.15/82 - Release Date:
25/08/2005

smime.p7s
Description: S/MIME cryptographic signature

RE: Signature validation issues

Reply via email to