Sorry to ping here. Can anyone point me in the direction of "If this a bug with Apache XMLSec?"
I'd really exect the evil empire of Microsoft and Apache to interoperate. JLC On Wed, Feb 21, 2007 at 02:37:47PM -0500, Jean-Luc Cooke wrote: > Hello team, > > I tried to verify the following XML file (not a root'd web cert, sorry): > https://216.191.58.251/apache-xmlsec-help/Word-plugin-signature.xml > > Using the org.apache.xml.security.samples.signature.VerifySignature class > that is found in src_samples directory and got this: > > java -cp > .:../libs/xmlsec-1.3.0.jar:../libs/xalan.jar:../libs/commons-logging.jar > org.apache.xml.security.samples.signature.VerifySignature > Word-plugin-signature.xml > Try to verify file:Word-plugin-signature.xml > Could find a X509Data element in the KeyInfo > Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify > INFO: Verification successful for URI "#idPackageObject" > Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify > INFO: Verification successful for URI "#idOfficeObject" > Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify > WARNING: Verification failed for URI "#idsigInvalidImage" > Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify > WARNING: Verification failed for URI "#idsigValidImage" > The XML signature in file > file:/home/jlcooke/crypt_map/sc_data/sc/xmlsec/2007-02-21/Word-plugin-signature.xml > is invalid !!!!! (bad) > Object= > > It is clear the two Objects "#idsigInvalidImage" "#idsigValidImage" are > failing. > > I have two questions: > 1) How can I pragmatically find out why the signature failed verification? > From what I can see the only way is to look at the log4j output. > 2) Passing the XML file above into Aleksey's xmlsec1 app it passes. What's > different? > > Thanks > > JLC
