Ian Hummel wrote:
Hi Sean,
That's a very good observation, thanks for your help! Basically this
information is coming from a Java Infocard implementation called
"Higgins." To be safe, I tried to validate a token that Cardspace (MS'
implementation in Vista) uploads to my webapp, but it fails too! Below
you can find the XML that cardspace uploads to my app.
Yep, that's not valid either.
I also notice that the signature below is nicely formatted, indented,
etc.. Whitespace of this sort is significant. The whitespace would have
to be inserted *before* the signature was generated. However, this nice
formatting is not very useful since it wastes space, unless you want the
signature to be more readable as part of a course or test suite or
something like that. I'm taking a wild guess, but I suspect that
something (your webapp, or a serializer) is reformatting the signature
and invalidating it.
--Sean
But, what you said about namespaces got me thinking... this XML is
initially encrypted with xml-enc, so I wonder if perhaps I am decrypting
incorrectly and stripping some necessary namespace info that would be
needed to verify the sig...
Thanks!
- ian.
<?xml version="1.0" encoding="UTF-8"?>
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="uuid:8e024334-b6bb-44ec-a3b1-493b4e426cc6"
IssueInstant="2008-02-06T22:16:05.460Z"
Issuer="http://schemas.xmlsoap.org/ws/2005/05/identity/issuer/self";
MajorVersion="1" MinorVersion="1">
<saml:Conditions NotBefore="2008-02-06T22:16:05.460Z"
NotOnOrAfter="2008-02-06T23:16:05.460Z">
<saml:AudienceRestrictionCondition>
<saml:Audience>https://192.168.1.101:8443/jumpstart/congratulations.jsp</saml:Audience>
</saml:AudienceRestrictionCondition>
</saml:Conditions>
<saml:AttributeStatement>
<saml:Subject>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="emailaddress"
AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";>
<saml:AttributeValue>[EMAIL PROTECTED]</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute AttributeName="privatepersonalidentifier"
AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";>
<saml:AttributeValue>loKpgGdoggnZW8llohOq7lPXvD8YeEVEWHYtvBsObLw=</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#uuid:8e024334-b6bb-44ec-a3b1-493b4e426cc6">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>qSrQXyGPKvrh37EABA47zCalZb0=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>vYVqFEoae5+qOcVGQpWrvrs/1xAk4NYyljxO59D6zB3Jr8eHqO3EgPbWl12BOTsMeET1+Y68amao6pZ9MyEtdjZ0BNCFpPEBDvkm/jwy+gYyLtmRk7G/vhtjfCZAQgJoTs1jiTG8ZUIIAEgfGtKuD4u6hiYwf+5XRaLSZ7JzuDiTqt7Z/zzyepQGofKG9L11+KvniZnqt8Iux8JjNWqnKv8unjbBIb//cdAi7khFmqy1/JmvITCPW9DRDWnKQwGe9/hKFpdkdxTH7EHYgTaHR6O1ekJe7BzSNCo9t5Qo4pAtOQ0HSnlHhMUWWjUMGvkYS/8gJm/6F3FP47YVvKM2DA==</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>3YlDc8RMJV3EH2dkE4ayP1krDn3IFe0mW7gXeMWj5W7MPyL48zYlsjNWMKw8Kf7AjNYnI5DzSzTWOq98nYaK4fIRHib9CQs9dw/IRZkFyxifKFLtQmAsA2Z7jXj5sLFCIt1sAPx78nWUulxod8UMaWwKDFp2Jw6GO+bwg/X8IS7kAjKtZC7R4UFbhgbNmYbwPUYL1+y8nVtbE9FOXVlUqve+zPdmIN93N2vcKNVo1a2sfbn63IY7pfGWxJh06LaCJL2FqCe7HsV3YHgUmxuot2oMjr5gWa3SoKCrSzdTtx6dnEeW189NsflBsNV09xFd/BH2N4cEGqbe4tSH/36IYw==</Modulus>
<Exponent>AQAB</Exponent>
</RSAKeyValue>
</KeyValue>
</KeyInfo>
</Signature>
</saml:Assertion>
On Feb 20, 2008, at 2:05 PM, Sean Mullan wrote:
The signature looks a bit odd. Some of the XML Signature elements are
defined in the dsig namespace bound by a 'ds' prefix, while others don't
have a 'ds' prefix (see CanonicalizationMethod, SignatureValue and the
DigestValue elements).
When I validated the signature, the cryptographic signature itself was
invalid, so I'm wondering if the SignedInfo contents have been modified
since the signature was generated. How did you generate this signature
and why the inconsistency in namespaces?
--Sean
Ian Hummel wrote:
Hi there,
I am having some issues validating the signature on the following XML
file using both xmlsec-1.4.0 and xmlsec-1.4.1:
<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"
AssertionID="urn:uuid:44FFFE2742C5DBB6311203096718823"
IssueInstant="2008-02-15T17:31:58.817Z"
Issuer="https://rh150.sohosmart.net/TokenService/services/Trust";
MajorVersion="1" MinorVersion="1">
<saml:Conditions NotBefore="2008-02-15T17:31:58.817Z"
NotOnOrAfter="2008-02-22T17:31:58.817Z"/>
<saml:AttributeStatement>
<saml:Subject>
<saml:SubjectConfirmation>
<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:bearer</saml:ConfirmationMethod>
</saml:SubjectConfirmation>
</saml:Subject>
<saml:Attribute AttributeName="privatepersonalidentifier"
AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";>
<saml:AttributeValue>NBkhyg1zm4UTqbpjkQg7LhXFlS8EpMpDtnphO1SvASA=</saml:AttributeValue>
</saml:Attribute>
<saml:Attribute AttributeName="emailaddress"
AttributeNamespace="http://schemas.xmlsoap.org/ws/2005/05/identity/claims";>
<saml:AttributeValue>[EMAIL PROTECTED]</saml:AttributeValue>
</saml:Attribute>
</saml:AttributeStatement>
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<CanonicalizationMethod
xmlns="http://www.w3.org/2000/09/xmldsig#";
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference
URI="#urn:uuid:44FFFE2742C5DBB6311203096718823">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue
xmlns="http://www.w3.org/2000/09/xmldsig#";>IjaxSnB43LryrBM25gCeFFEoaMc=</DigestValue>
</ds:Reference>
</ds:SignedInfo>
<SignatureValue
xmlns="http://www.w3.org/2000/09/xmldsig#";>BQadvf3/JZquVfzTGVa0OSGkmddVwMWdn30JEHTKYZvT26Goxg62iYg9xkB527dphU2bHBd2KICyo2cliivKsOxFqKpOPcIxgft/y+vv+RqE5cTn2BDsVZ6WfWWfiXHgEUAkzF+BUBoGG7mJ1Gs8ycZoIl/9pYgCzeUjSJXYNSU=</SignatureValue>
<ds:KeyInfo>
<ds:KeyValue>
<ds:RSAKeyValue>
<Modulus xmlns="http://www.w3.org/2000/09/xmldsig#";>
imhZHVDvtboiubhWbcNFyIDOamOaOVWIdD6QpDq8i/D3MltwgBTDorX+/prqfj8RMWxbmYlmbuts
q9ZBHlaCz8eKdXqZQJ3bUmqDtAXU6PnAM0J4UsW/S1ikTEVgcpV6mGpjsEF8UojhcNOJkwMyDipk
xmtcY+YknWkiJ5sl+LE=
</Modulus>
<Exponent
xmlns="http://www.w3.org/2000/09/xmldsig#";>AQAB</Exponent>
</ds:RSAKeyValue>
</ds:KeyValue>
</ds:KeyInfo>
</ds:Signature>
</saml:Assertion>
The code I am using to verify the signature is the following:
public static boolean verifyXmlSignature(Document doc) {
Element signatureElement = (Element)
doc.getElementsByTagNameNS(Constants.SignatureSpecNS,
"Signature").item(0);
logger.debug("signatureElement? " + signatureElement);
XMLSignature signature;
try {
signature = new XMLSignature(signatureElement,
System.getProperty("java.io.tmpdir"));
} catch (XMLSecurityException e) {
logger.warn("error verifying digital signature", e);
return false;
}
SignedInfo signedInfo = signature.getSignedInfo();
logger.info("signedInfo? " + signedInfo);
signature.setFollowNestedManifests(true);
KeyInfo ki = signature.getKeyInfo();
logger.info("keyInfo is: " + ki);
PublicKey pk;
try {
pk = signature.getKeyInfo().getPublicKey();
logger.info("public key is: " + pk);
} catch (KeyResolverException e) {
logger.warn("Signature did not contain public key data", e);
return false;
}
try {
System.out.println("KEY The XML signature in file "
+
(signature.checkSignatureValue(pk)
? "valid (good)"
: "invalid !!!!! (bad)"));
} catch (XMLSignatureException e) {
logger.warn("Signature was invalid", e);
return false;
}
return true;
}
it always says the signature is invalid... I wonder if I am even setting
everything up correctly? I got most of the code above from the sample
files included in the 1.4.0 dist...
Am I missing something fundamental?
Thank you for any insight!
- ian.
