Hello team,
I tried to verify the following XML file (not a root'd web cert, sorry):
https://216.191.58.251/apache-xmlsec-help/Word-plugin-signature.xml
Using the org.apache.xml.security.samples.signature.VerifySignature class that
is found in src_samples directory and got this:
java -cp
.:../libs/xmlsec-1.3.0.jar:../libs/xalan.jar:../libs/commons-logging.jar
org.apache.xml.security.samples.signature.VerifySignature
Word-plugin-signature.xml
Try to verify file:Word-plugin-signature.xml
Could find a X509Data element in the KeyInfo
Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#idPackageObject"
Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#idOfficeObject"
Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify
WARNING: Verification failed for URI "#idsigInvalidImage"
Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify
WARNING: Verification failed for URI "#idsigValidImage"
The XML signature in file
file:/home/jlcooke/crypt_map/sc_data/sc/xmlsec/2007-02-21/Word-plugin-signature.xml
is invalid !!!!! (bad)
Object=
It is clear the two Objects "#idsigInvalidImage" "#idsigValidImage" are failing.
I have two questions:
1) How can I pragmatically find out why the signature failed verification?
From what I can see the only way is to look at the log4j output.
2) Passing the XML file above into Aleksey's xmlsec1 app it passes. What's
different?
Thanks
JLC
