To help things along, Here's the output from Aleksey's tool. Notice how it verifies "#idsigInvalidImage" and "#idsigValidImage" but ApacheXMLSec cannot. The overall signature status fails with Aleksey's tool, but that's not what I'm focusing on.
Is the fact that ApacheXMLSec cannot verify idsigInvalidImage and idsigValidImage a bug? JLC On Mon, Feb 26, 2007 at 09:54:15AM -0500, Jean-Luc Cooke wrote: > Sorry to ping here. > > Can anyone point me in the direction of "If this a bug with Apache XMLSec?" > > I'd really exect the evil empire of Microsoft and Apache to interoperate. > > JLC > > On Wed, Feb 21, 2007 at 02:37:47PM -0500, Jean-Luc Cooke wrote: > > Hello team, > > > > I tried to verify the following XML file (not a root'd web cert, sorry): > > https://216.191.58.251/apache-xmlsec-help/Word-plugin-signature.xml > > > > Using the org.apache.xml.security.samples.signature.VerifySignature class > > that is found in src_samples directory and got this: > > > > java -cp > > .:../libs/xmlsec-1.3.0.jar:../libs/xalan.jar:../libs/commons-logging.jar > > org.apache.xml.security.samples.signature.VerifySignature > > Word-plugin-signature.xml > > Try to verify file:Word-plugin-signature.xml > > Could find a X509Data element in the KeyInfo > > Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify > > INFO: Verification successful for URI "#idPackageObject" > > Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify > > INFO: Verification successful for URI "#idOfficeObject" > > Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify > > WARNING: Verification failed for URI "#idsigInvalidImage" > > Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify > > WARNING: Verification failed for URI "#idsigValidImage" > > The XML signature in file > > file:/home/jlcooke/crypt_map/sc_data/sc/xmlsec/2007-02-21/Word-plugin-signature.xml > > is invalid !!!!! (bad) > > Object= > > > > It is clear the two Objects "#idsigInvalidImage" "#idsigValidImage" are > > failing. > > > > I have two questions: > > 1) How can I pragmatically find out why the signature failed verification? > > From what I can see the only way is to look at the log4j output. > > 2) Passing the XML file above into Aleksey's xmlsec1 app it passes. What's > > different? > > > > Thanks > > > > JLC
= VERIFICATION CONTEXT == Status: invalid == flags: 0x00000001 == flags2: 0x00000000 == Id: "idPackageSignature" == Key Info Read Ctx: = KEY INFO READ CONTEXT == flags: 0x00000000 == flags2: 0x00000000 == enabled key data: all == RetrievalMethod level (cur/max): 0/1 == TRANSFORMS CTX (status=0) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL == EncryptedKey level (cur/max): 0/1 === KeyReq: ==== keyId: rsa ==== keyType: 0x00000001 ==== keyUsage: 0x00000002 ==== keyBitsSize: 0 === list size: 0 == Key Info Write Ctx: = KEY INFO WRITE CONTEXT == flags: 0x00000000 == flags2: 0x00000000 == enabled key data: all == RetrievalMethod level (cur/max): 0/1 == TRANSFORMS CTX (status=0) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL == EncryptedKey level (cur/max): 0/1 === KeyReq: ==== keyId: NULL ==== keyType: 0x00000001 ==== keyUsage: 0xffffffff ==== keyBitsSize: 0 === list size: 0 == Signature Transform Ctx: == TRANSFORMS CTX (status=2) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: NULL === uri xpointer expr: NULL === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315) === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1) === Transform: membuf-transform (href=NULL) == Signature Method: === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1) == Signature Key: == KEY === method: RSAKeyValue === key type: Public === key usage: -1 === rsa key: size = 1024 == SignedInfo References List: === list size: 4 = REFERENCE VERIFICATION CONTEXT == Status: succeeded == URI: "#idPackageObject" == Type: "http://www.w3.org/2000/09/xmldsig#Object"; == Reference Transform Ctx: == TRANSFORMS CTX (status=2) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: === uri xpointer expr: #idPackageObject === Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr) === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315) === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) === Transform: membuf-transform (href=NULL) == Digest Method: === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) = REFERENCE VERIFICATION CONTEXT == Status: succeeded == URI: "#idOfficeObject" == Type: "http://www.w3.org/2000/09/xmldsig#Object"; == Reference Transform Ctx: == TRANSFORMS CTX (status=2) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: === uri xpointer expr: #idOfficeObject === Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr) === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315) === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) === Transform: membuf-transform (href=NULL) == Digest Method: === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) = REFERENCE VERIFICATION CONTEXT == Status: succeeded == URI: "#idsigInvalidImage" == Type: "http://www.w3.org/2000/09/xmldsig#Object"; == Reference Transform Ctx: == TRANSFORMS CTX (status=2) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: === uri xpointer expr: #idsigInvalidImage === Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr) === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315) === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) === Transform: membuf-transform (href=NULL) == Digest Method: === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) = REFERENCE VERIFICATION CONTEXT == Status: succeeded == URI: "#idsigValidImage" == Type: "http://www.w3.org/2000/09/xmldsig#Object"; == Reference Transform Ctx: == TRANSFORMS CTX (status=2) == flags: 0x00000000 == flags2: 0x00000000 == enabled transforms: all === uri: === uri xpointer expr: #idsigValidImage === Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr) === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315) === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) === Transform: membuf-transform (href=NULL) == Digest Method: === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) == Manifest References List: === list size: 0
