I will try your suggestions tomorrow, but I am not sure that this is the problem. Before to quit from the office I found that the digest value for this reference is different calculated for Signing and Validation.
The stack trace from Exception is missing because any exception is not thrown. The boolean value "false" is returned for whole signature. Then I check each time individually and see that the problem is in this reference again without exception. Only "false" value is returned. Because of the above I think that the digest algorithm for Signing and Validation is different. And because the only difference are both Namespaces in one element, I think that this is the real problem. On 1/31/07, Sean Mullan <[EMAIL PROTECTED]> wrote:
Miroslav Nachev wrote: > Hi, > > I need of help to find where is my mistake during signing process. > The case is: > I would like to sign some element which is part of "<dsig:Signature". > This element is located in "<dsig:Object>" as sub-element named > <xsd:SignedProperties Id="L1.S1-SignedProperties">. During signing > process everything is OK, but when I try to verify the signature, the > result is "Bad reference with URI='#L1.S1-SignedProperties'". Before you validate the signature, you may need to register the ID attribute of the QualifyingProperties element using the IdResolver.registerElementById method (or DOMValidateContext.setIdAttributeNS if you are using the JSR 105 API). Otherwise it won't be able to find it. Also, I could not find any source code that returns the error message "Bad reference ...". Can you send the stack trace of the exception? --Sean > > Can you help me or give me some suggestions where is the mistake? > At the end of the message is the XML Signature structure. > > > Best Regards, > Miroslav Nachev > > > <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; > Id="L1.S1-Signature"> > <dsig:SignedInfo> > <dsig:CanonicalizationMethod > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments "/> > <dsig:SignatureMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> > <dsig:Reference URI="#DOC1"> > <dsig:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <dsig:DigestValue>...</dsig:DigestValue> > </dsig:Reference> > <dsig:Reference > Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties"; > URI="#L1.S1-SignedProperties"> > <dsig:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <dsig:DigestValue>...</dsig:DigestValue> > </dsig:Reference> > <dsig:Reference URI="#L1.S1-KeyInfo"> > <dsig:DigestMethod > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> > <dsig:DigestValue>...</dsig:DigestValue> > </dsig:Reference> > </dsig:SignedInfo> > <dsig:SignatureValue Id="L1.S1-SignatureValue ">...</dsig:SignatureValue> > <dsig:KeyInfo Id="L1.S1-KeyInfo"> > <dsig:X509Data>...</dsig:X509Data> > </dsig:KeyInfo> > <dsig:Object> > <xsd:QualifyingProperties > xmlns:xsd="http://uri.etsi.org/01903/v1.3.2#"; > Id="L1.S1-QualifyingProperties" Target="#L1.S1-Signature"> > <xsd:SignedProperties Id="L1.S1-SignedProperties"> > <xsd:SignedSignatureProperties> > <xsd:SigningTime>2007-01-30T20:10:12+0200</xsd:SigningTime> > </xsd:SignedSignatureProperties> > </xsd:SignedProperties> > </xsd:QualifyingProperties> > </dsig:Object> > <dsig:Object/> > </dsig:Signature>
