Re: Invalid Reference Signature when I try to refer some XMLObject element

Thu, 01 Feb 2007 11:41:40 -0800 

Miroslav Nachev wrote:

Dear Sean,
Why during validation JSR 105 takes "xmlns:xsd" attribute in case that this attribute is not set explicit to this element? This attribute is set explicit to the parent of this element. And why this is not happen during signing?
It could be a bug, but I can't really tell without running your code. When you create your QualifyingProperties element, do you explicitly set the xsd namespace attribute with the Element.setAttributeNS method?
I would recommend you file a bug and attach a test case that we can run to reproduce the problem. 

Thanks,
Sean
How to set JSR 105 to take the same attributes in both processing: signing and validation? 


Best Regards,
Miroslav Nachev

Miroslav Nachev wrote:
This is very strange because *"xmlns:xsd"* attribute is missing during signing? Actually this attribute exists in the Element. 

Sign:
2007-2-1 18:20:56 org.jcp.xml.dsig.internal.DigesterOutputStream write
<xsd:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";
                      Id="L1.S1-SignedProperties">
  <xsd:SignedSignatureProperties>
    <xsd:SigningTime>2007-02-01T18:20:56+0200</xsd:SigningTime>
<xsd:SignerDetails Id="2" Username="miro">Miroslav Nachev</xsd:SignerDetails> 
  </xsd:SignedSignatureProperties>
</xsd:SignedProperties>

Verify:
2007-2-1 18:23:34 org.jcp.xml.dsig.internal.DigesterOutputStream write
<xsd:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";
                      xmlns:xsd="http://uri.etsi.org/01903/v1.3.2#";
                      Id="L1.S1-SignedProperties">
  <xsd:SignedSignatureProperties>
    <xsd:SigningTime>2007-02-01T18:20:56+0200</xsd:SigningTime>
<xsd:SignerDetails Id="2" Username="miro">Miroslav Nachev</xsd:SignerDetails> 
  </xsd:SignedSignatureProperties>
</xsd:SignedProperties>


Sean Mullan wrote:
I'm sorry but I don't have the time to debug your problem. However, looking at the log file, the validation failure occurs because of this: 

> FINER: Pre-digested input:
> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write
> FINER: <xsd:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; xmlns:xsd="http://uri.etsi.org/01903/v1.3.2#"; Id="L1.S1-SignedProperties"><xsd:SignedSignatureProperties><xsd:SigningTime>2007-02-01T17:36:05+0200</xsd:SigningTime><xsd:SignerDetails Id="2" Username="miro">Miroslav Nachev</xsd:SignerDetails></xsd:SignedSignatureProperties></xsd:SignedProperties> 
> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
> FINE: Expected digest: hWzwrP7ScWa4ri2YeONAgjI9ZGI=
> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
> FINE: Actual digest: TlwlgnfCzrjdI0MhaBROwgTHvSI=
You'll need to figure out why the digest is different. One way to do this is to also turn on debugging when *generating* the signature, and then carefully compare the Pre-digested input to the above to see what is different. 

--Sean

Miroslav Nachev wrote:

Dear Sean,
Please find the attached log file. The problem reference is "L1.S1-SignedProperties". 
Do you have any suggestions how to solve this problem/bug?


Best Regards,
Miroslav Nachev


Sean Mullan wrote:

Miroslav Nachev wrote:
I will try your suggestions tomorrow, but I am not sure that this is the problem. Before to quit from the office I found that the digest value for this reference is different calculated for Signing and Validation.
The stack trace from Exception is missing because any exception is not thrown. The boolean value "false" is returned for whole signature. Then I check each time individually and see that the problem is in this reference again without exception. Only "false" value is returned.
Because of the above I think that the digest algorithm for Signing and Validation is different. And because the only difference are both Namespaces in one element, I think that this is the real problem.
Try enabling logging support and inspect what is being digested when signing and when validating. You should be able to precisely narrow down the problem (it is probably namespace related). I assume you are using JSR 105 from our previous correspondences. See this blog for more info on enabling the logging:
http://weblogs.java.net/blog/mullan/archive/2006/02/more_xml_signat_1.html 

--Sean
------------------------------------------------------------------------ 

2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal
FINE: Marshalling Reference
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal
FINE: Adding digestValueElem
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal
FINE: Marshalling Reference
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal
FINE: Adding digestValueElem
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal
FINE: Marshalling Reference
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal
FINE: Adding digestValueElem
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve 
FINE: quick fail for empty URIs and local ones
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineCanResolve 
FINE: State I can resolve reference: "#DOC1"
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdType 
FINE: getElementByIdType() Search for ID DOC1
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdUsingDOM 
FINE: getElementByIdUsingDOM() Search for ID DOC1
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineResolve FINE: Try to catch an Element with ID DOC1 and Element was [DataFile: null] 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference dereference FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference dereference 
FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: Pre-digested input:
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <DataFile Id="DOC1"><FileAttributtes ContentType="compressed_base64" LastModified="2004-05-25T12:34:04+0300" Size="43"><FileName>AUTOEXEC.BAT</FileName></FileAttributtes><Content Id="CONT1">H4sIAAAAAAAAAAt2DVHw8Y338XR29Qt2jXfz9HG1dbaKcctJrfDxjfHJTE7NK07VS0ks4eUCAKAs 
3rgrAAAA</Content></DataFile>
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference object uri = #DOC1
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference digesting completed
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve 
FINE: quick fail for empty URIs and local ones
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineCanResolve 
FINE: State I can resolve reference: "#L1.S1-SignedProperties"
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdType 
FINE: getElementByIdType() Search for ID L1.S1-SignedProperties
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdUsingDOM 
FINE: getElementByIdUsingDOM() Search for ID L1.S1-SignedProperties
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineResolve FINE: Try to catch an Element with ID L1.S1-SignedProperties and Element was [xsd:SignedProperties: null] 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference dereference FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference dereference 
FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: Pre-digested input:
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <xsd:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; Id="L1.S1-SignedProperties"><xsd:SignedSignatureProperties><xsd:SigningTime>2007-02-01T17:36:05+0200</xsd:SigningTime><xsd:SignerDetails Id="2" Username="miro">Miroslav Nachev</xsd:SignerDetails></xsd:SignedSignatureProperties></xsd:SignedProperties> 
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference object uri = #L1.S1-SignedProperties
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference digesting completed
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve 
FINE: quick fail for empty URIs and local ones
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineCanResolve 
FINE: State I can resolve reference: "#L1.S1-KeyInfo"
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdType 
FINE: getElementByIdType() Search for ID L1.S1-KeyInfo
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementById FINE: I could find an Element using the simple getElementByIdType method: dsig:KeyInfo 2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineResolve FINE: Try to catch an Element with ID L1.S1-KeyInfo and Element was [dsig:KeyInfo: null] 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference dereference FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference dereference 
FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: Pre-digested input:
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; Id="L1.S1-KeyInfo"><dsig:X509Data><dsig:X509Certificate>MIIDNTCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCQkcxEzARBgNVBAgT ClNvZmlhIGNpdHkxKDAmBgNVBAoTH0NPU01PUyBTb2Z0d2FyZSBFbnRlcnByaXNlcyBMdGQxDDAK BgNVBAsUA1ImRDEYMBYGA1UEAxMPTWlyb3NsYXYgTmFjaGV2MSQwIgYJKoZIhvcNAQkBFhVjb3Nt b3NAc3BhY2UtY29tbS5jb20wHhcNMDYxMDI2MTQxNjA0WhcNMDcxMDI2MTQxNjA0WjCBqDELMAkG A1UEBhMCQkcxEzARBgNVBAgTClNvZmlhIGNpdHkxDjAMBgNVBAcTBVNvZmlhMSgwJgYDVQQKEx9D
T1NNT1MgU29mdHdhcmUgRW50ZXJwcmlzZXMgTHRkMQwwCgYDVQQLFANSJkQxGDAWBgNVBAMTD01p cm9zbGF2IE5hY2hldjEiMCAGCSqGSIb3DQEJARYTbWlyb0BzcGFjZS1jb21tLmNvbTCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEA73lnjI4W3kv3ZkdoJhQPe4Vm18Ngad6QaDEyQHBlPPOR0mlP iLxLBChEX/bs4xnHP4PcrC8ZFJ0gw+3uRJ323dcJzMo6BOmTWAUvkxigVOMCTuu3ZDLaMzi5QZiI oQazA4cv87uQfIftQtlqCcrTJcAvEQdLrRXhrubO5lCqTYkCAwEAAaN7MHkwCQYDVR0TBAIwADAs BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ0S ik14AEvA+rNYpNza4zeQDe4WMB8GA1UdIwQYMBaAFMENbK6a7aOPlnS6tQEG1a/z2mQzMA0GCSqG SIb3DQEBBQUAA4GBAJsvALenpOOvnJ/1q4z76KT3xZotesbNn9OWbeDzYCoQhAlm1EILCi/o2u6Q hrWskEwfRKkm/DfhsbSj15roAq24967DYKP/yzAqrLs7XrkxAghOgRtK/mzzhIfEoycbapaoIZjE oGLfdXzU8LkpJr5lvhOjCAJxC/O59UP/sXE5</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo> 
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference object uri = #L1.S1-KeyInfo
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference digesting completed
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod sign 
FINE: Signature provider:SunPKCS11-Siemens-HiPath version 1.6
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod sign FINE: Signing with key: SunPKCS11-Siemens-HiPath RSA private key, 1024 bits (id 124128880, token object, sensitive, unextractable) 2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.transforms.Transform <init> FINE: Create URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; class "class com.sun.org.apache.xml.internal.security.transforms.implementations.TransformC14NWithComments" 2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.transforms.Transform <init> 
FINE: The NodeList is [dsig:CanonicalizationMethod: null]
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.ElementProxy setElement 
FINE: setElement(dsig:CanonicalizationMethod, "null"
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform FINE: Created transform for algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform 
FINE: isNodeSet() = true
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMSignedInfo canonicalize 
FINE: Canonicalized SignedInfo:
<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";></dsig:CanonicalizationMethod><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></dsig:SignatureMethod><dsig:Reference URI="#DOC1"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></dsig:DigestMethod><dsig:DigestValue>5L9KuDZI/6zj2kb9oP8RipkcYwc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903#SignedProperties"; URI="#L1.S1-SignedProperties"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></dsig:DigestMethod><dsig:DigestValue>hWzwrP7ScWa4ri2YeONAgjI9ZGI=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#L1.S1-KeyInfo"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></dsig:DigestMethod><dsig:DigestValue>g+LVdhRueJWcGkqiM48X1/TjOTk=</dsig:DigestValue></dsig:Reference></dsig:SignedI 
n!

 fo>
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMSignedInfo canonicalize FINE: Data to be signed/verified:PGRzaWc6U2lnbmVkSW5mbyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3ht bGRzaWcjIj48ZHNpZzpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3 dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIj48L2Rz aWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZD48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvZHNpZzpTaWdu YXR1cmVNZXRob2Q+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0RPQzEiPjxkc2lnOkRpZ2VzdE1ldGhv ZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIj48L2Rz aWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPjVMOUt1RFpJLzZ6ajJrYjlvUDhSaXBr Y1l3Yz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48ZHNpZzpSZWZlcmVuY2Ug VHlwZT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMyNTaWduZWRQcm9wZXJ0aWVzIiBVUkk9IiNM MS5TMS1TaWduZWRQcm9wZXJ0aWVzIj48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRw Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9kc2lnOkRpZ2VzdE1ldGhvZD48 ZHNpZzpEaWdlc3RWYWx1ZT5oV3p3clA3U2NXYTRyaTJZZU9OQWdqSTlaR0k9PC9kc2lnOkRpZ2Vz dFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0wxLlMxLUtleUlu Zm8iPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv MDkveG1sZHNpZyNzaGExIj48L2RzaWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPmcr TFZkaFJ1ZUpXY0drcWlNNDhYMS9Uak9Uaz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVy 
ZW5jZT48L2RzaWc6U2lnbmVkSW5mbz4=
2007-2-1 17:36:06 org.jcp.xml.dsig.internal.dom.DOMXMLSignature sign
FINE: SignatureValue = [EMAIL PROTECTED]
2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve 
FINE: quick fail for empty URIs and local ones
2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineCanResolve 
FINE: State I can resolve reference: "#DOC1"
2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdType 
FINE: getElementByIdType() Search for ID DOC1
2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdUsingDOM 
FINE: getElementByIdUsingDOM() Search for ID DOC1
2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineResolve FINE: Try to catch an Element with ID DOC1 and Element was [DataFile: null] 2007-2-1 17:36:18 org.jcp.xml.dsig.internal.dom.DOMReference dereference FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer 2007-2-1 17:36:18 org.jcp.xml.dsig.internal.dom.DOMReference dereference 
FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
2007-2-1 17:36:18 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: Pre-digested input:
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <DataFile Id="DOC1"><FileAttributtes ContentType="compressed_base64" LastModified="2004-05-25T12:34:04+0300" Size="43"><FileName>AUTOEXEC.BAT</FileName></FileAttributtes><Content Id="CONT1">H4sIAAAAAAAAAAt2DVHw8Y338XR29Qt2jXfz9HG1dbaKcctJrfDxjfHJTE7NK07VS0ks4eUCAKAs 
3rgrAAAA</Content></DataFile>
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Expected digest: 5L9KuDZI/6zj2kb9oP8RipkcYwc=
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Actual digest: 5L9KuDZI/6zj2kb9oP8RipkcYwc=
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate 
FINE: Reference[#DOC1] is valid: true
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve 
FINE: quick fail for empty URIs and local ones
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineCanResolve 
FINE: State I can resolve reference: "#L1.S1-SignedProperties"
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdType 
FINE: getElementByIdType() Search for ID L1.S1-SignedProperties
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdUsingDOM 
FINE: getElementByIdUsingDOM() Search for ID L1.S1-SignedProperties
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineResolve FINE: Try to catch an Element with ID L1.S1-SignedProperties and Element was [xsd:SignedProperties: null] 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference dereference FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference dereference 
FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: Pre-digested input:
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <xsd:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; xmlns:xsd="http://uri.etsi.org/01903/v1.3.2#"; Id="L1.S1-SignedProperties"><xsd:SignedSignatureProperties><xsd:SigningTime>2007-02-01T17:36:05+0200</xsd:SigningTime><xsd:SignerDetails Id="2" Username="miro">Miroslav Nachev</xsd:SignerDetails></xsd:SignedSignatureProperties></xsd:SignedProperties> 
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Expected digest: hWzwrP7ScWa4ri2YeONAgjI9ZGI=
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Actual digest: TlwlgnfCzrjdI0MhaBROwgTHvSI=
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate 
FINE: Reference[#L1.S1-SignedProperties] is valid: false
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate 
FINE: Couldn't validate the References
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod verify 
FINE: Signature provider:SunRsaSign version 1.5
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod verify 
FINE: verifying with key: Sun RSA public key, 1024 bits
modulus: 168164527555608136888830022857056132023036777656418518049464251253737723792048985548139271763061864520875701968328564748366237424723155092944235075765817478111725643802025622853273984978027240469613154811874843038396779307309442362407952606871051501808113074993835124868184526839845834261024714072735447928201 
  public exponent: 65537
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.transforms.Transform <init> FINE: Create URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; class "class com.sun.org.apache.xml.internal.security.transforms.implementations.TransformC14NWithComments" 2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.transforms.Transform <init> 
FINE: The NodeList is [dsig:CanonicalizationMethod: null]
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.ElementProxy setElement 
FINE: setElement(dsig:CanonicalizationMethod, "null"
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform FINE: Created transform for algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform 
FINE: isNodeSet() = true
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMSignedInfo canonicalize 
FINE: Canonicalized SignedInfo:
<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments";></dsig:CanonicalizationMethod><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></dsig:SignatureMethod><dsig:Reference URI="#DOC1"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></dsig:DigestMethod><dsig:DigestValue>5L9KuDZI/6zj2kb9oP8RipkcYwc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903#SignedProperties"; URI="#L1.S1-SignedProperties"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></dsig:DigestMethod><dsig:DigestValue>hWzwrP7ScWa4ri2YeONAgjI9ZGI=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#L1.S1-KeyInfo"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></dsig:DigestMethod><dsig:DigestValue>g+LVdhRueJWcGkqiM48X1/TjOTk=</dsig:DigestValue></dsig:Reference></dsig:SignedI 
n!

 fo>
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMSignedInfo canonicalize FINE: Data to be signed/verified:PGRzaWc6U2lnbmVkSW5mbyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3ht bGRzaWcjIj48ZHNpZzpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3 dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIj48L2Rz aWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZD48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGht PSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvZHNpZzpTaWdu YXR1cmVNZXRob2Q+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0RPQzEiPjxkc2lnOkRpZ2VzdE1ldGhv ZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIj48L2Rz aWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPjVMOUt1RFpJLzZ6ajJrYjlvUDhSaXBr Y1l3Yz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48ZHNpZzpSZWZlcmVuY2Ug VHlwZT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMyNTaWduZWRQcm9wZXJ0aWVzIiBVUkk9IiNM MS5TMS1TaWduZWRQcm9wZXJ0aWVzIj48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRw Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9kc2lnOkRpZ2VzdE1ldGhvZD48 ZHNpZzpEaWdlc3RWYWx1ZT5oV3p3clA3U2NXYTRyaTJZZU9OQWdqSTlaR0k9PC9kc2lnOkRpZ2Vz dFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0wxLlMxLUtleUlu Zm8iPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv MDkveG1sZHNpZyNzaGExIj48L2RzaWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPmcr TFZkaFJ1ZUpXY0drcWlNNDhYMS9Uak9Uaz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVy 
ZW5jZT48L2RzaWc6U2lnbmVkSW5mbz4=
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve 
FINE: quick fail for empty URIs and local ones
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver 2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineCanResolve 
FINE: State I can resolve reference: "#L1.S1-KeyInfo"
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdType 
FINE: getElementByIdType() Search for ID L1.S1-KeyInfo
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdUsingDOM 
FINE: getElementByIdUsingDOM() Search for ID L1.S1-KeyInfo
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineResolve FINE: Try to catch an Element with ID L1.S1-KeyInfo and Element was [dsig:KeyInfo: null] 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference dereference FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference dereference 
FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: Pre-digested input:
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; Id="L1.S1-KeyInfo"><dsig:X509Data><dsig:X509Certificate>MIIDNTCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCQkcxEzARBgNVBAgT ClNvZmlhIGNpdHkxKDAmBgNVBAoTH0NPU01PUyBTb2Z0d2FyZSBFbnRlcnByaXNlcyBMdGQxDDAK BgNVBAsUA1ImRDEYMBYGA1UEAxMPTWlyb3NsYXYgTmFjaGV2MSQwIgYJKoZIhvcNAQkBFhVjb3Nt b3NAc3BhY2UtY29tbS5jb20wHhcNMDYxMDI2MTQxNjA0WhcNMDcxMDI2MTQxNjA0WjCBqDELMAkG A1UEBhMCQkcxEzARBgNVBAgTClNvZmlhIGNpdHkxDjAMBgNVBAcTBVNvZmlhMSgwJgYDVQQKEx9D T1NNT1MgU29mdHdhcmUgRW50ZXJwcmlzZXMgTHRkMQwwCgYDVQQLFANSJkQxGDAWBgNVBAMTD01p cm9zbGF2IE5hY2hldjEiMCAGCSqGSIb3DQEJARYTbWlyb0BzcGFjZS1jb21tLmNvbTCBnzANBgkq hkiG9w0BAQEFAAOBjQAwgYkCgYEA73lnjI4W3kv3ZkdoJhQPe4Vm18Ngad6QaDEyQHBlPPOR0mlP iLxLBChEX/bs4xnHP4PcrC8ZFJ0gw+3uRJ323dcJzMo6BOmTWAUvkxigVOMCTuu3ZDLaMzi5QZiI oQazA4cv87uQfIftQtlqCcrTJcAvEQdLrRXhrubO5lCqTYkCAwEAAaN7MHkwCQYDVR0TBAIwADAs BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ0S ik14AEvA+rNYpNza4zeQDe4WMB8GA1UdIwQYMBaAFMENbK6a7aOPlnS6tQEG1a/z2mQzMA0GCSqG SIb3DQEBBQUAA4GBAJsvALenpOOvnJ/1q4z76KT3xZotesbNn9OWbeDzYCoQhAlm1EILCi/o2u6Q hrWskEwfRKkm/DfhsbSj15roAq24967DYKP/yzAqrLs7XrkxAghOgRtK/mzzhIfEoycbapaoIZjE oGLfdXzU8LkpJr5lvhOjCAJxC/O59UP/sXE5</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo> 
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Expected digest: g+LVdhRueJWcGkqiM48X1/TjOTk=
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Actual digest: g+LVdhRueJWcGkqiM48X1/TjOTk=
BUILD SUCCESSFUL (total time: 1 minute 34 seconds)

Reply via email to