I've been following the Visa 3D-secure thread with great interest and concern.
But my "problem" is we are able to pass certification for the MPI component
using libxml2 and xmlsec without changing any source code. However I think
people on this list are much more knowlegable than I on this subject, I just
want to confirm I didn't miss anything. I am using libxml2 ver 2.5.1 and xmlsec 1.0.2
(I've tested xmlsec 1.2.0 also, same result). Can someone please explain
why this works, or doesn't work ? Thanks.
Below is what I used for signature verification, the attachment contains the PaRes.xml
./xmlsec1 --verify --trusted-pem certs/cthRoot.pem --dtd-file pares.dtd PaRes.xml
pares.dtd: <!ATTLIST PARes id ID #IMPLIED>
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*. http://join.msn.com/?page=features/virus
<ThreeDSecure><Message id="Req.19575.1057466811"><PARes id="827638898"><version>1.0.2</version><Merchant><acqBIN>11111111111</acqBIN><merID>12AB,cd/34-EF -g,5/H-67</merID></Merchant><Purchase><xid>UmVxLjE5NTc1LjEwNTc0NjY4MTE=</xid><date>20030705 21:46:51</date><purchAmount>123456</purchAmount><currency>840</currency><exponent>2</exponent></Purchase><pan>0000000001000</pan><TX><time>20030706 04:46:55</time><status>Y</status><cavv>AAABBJg0VhI0VniQEjRWAAAAAAA=</cavv><eci>03</eci><cavvAlgorithm>1</cavvAlgorithm></TX></PARes><Signature xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#";><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></SignatureMethod><Reference URI="#827638898"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></DigestMethod><DigestValue>dMPnv+WbteJrNEIrEmeKgHxAPf0=</DigestValue></Reference></SignedInfo><SignatureValue>HDtpv1A98/XHJW0bfafZite8xd4GXHVGaQOdpca5Oc5t9p0ZUeogtQMYQpblGkA5DilCgoNuJseD0sKseJgDOBYWZaNBPi2Wlp8h+OKy2vNfNpH/HirLs9qpVJiHbuTRN+vjkgrplx5yjNNUNhcPw+WbjELbzEwG85vZDdZSes4=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIICUjCCAbugAwIBAgIVAMCkxlCRAs/WKbXf2jTnUXMsAdF4MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDYXJhZGFzMSswKQYDVQQLEyIzLUQgU2VjdXJlIENvbXBsaWFuY2UgVGVzdEZhY2lsaXR5MQwwCgYDVQQDEwNDVEgwHhcNMDMwMjI2MTk0NjU3WhcNMDQwMjI1MTk0NjU3WjBeMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHQ2FyYWRhczEsMCoGA1UECxMjMy1EIFNlY3VyZSBDb21wbGlhbmNlIFRlc3QgRmFjaWxpdHkxDzANBgNVBAMTBkNUSEFDUzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArYhMfh99wKifLBUdstQsPpq44mhsQizlSP/1Mu2+LibQUFtYR+l61aP1GHin94AkCMgiZTZ1gvIhS+sR3G+dhmB5bed88rAxAxLcUn85QpkRPqYmfiGamUpyW3QNINlgjofP+ZwmIvKmw9d2j8BTlbvxwGhSEoo+LdDTA8OX73MCAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOBgQCgk3cZSLMYuFgo5OHeRYUVbC6K66QjuuGPeFBU4q+4foUJDqNk7rj0eVF1kQwNMEsnFTT8MJg+ITmt8Uly4d47pQ5QDhBmOGe3o7wWFHOLD7Z7nWFerZgVI2MgEGe6xZOZYJ2uQBxlwAVmA4gl78PyEVQFIon9syEHbiTyF8DNRA==</X509Certificate><X509Certificate>MIICWTCCAcKgAwIBAgIUF25v+QeahR3/wUht5cWKiiCQKvkwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0NhcmFkYXMxLDAqBgNVBAsTIzMtRCBTZWN1cmUgQ29tcGxpYW5jZSBUZXN0IEZhY2lsaXR5MREwDwYDVQQDEwhDVEhfUk9PVDAeFw0wMzAyMjYxOTM2NTdaFw0wNDAyMjYxOTM2NTdaMFoxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDYXJhZGFzMSswKQYDVQQLEyIzLUQgU2VjdXJlIENvbXBsaWFuY2UgVGVzdEZhY2lsaXR5MQwwCgYDVQQDEwNDVEgwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMZR/IIv2NM3K+n3EE1CZn5rnbcRrU29f4jDo3ix0QSTTQk0slC7AsoK3W1QqvCq4uXh6h4O8GMRZV7l79SuurvZ03QQC3xItMsgs/4t7wTw80KUFE7pcGgyseVp2WzBBFk5WkKRRa/JjboYPgXZ29PmS/zLRLA/cC11hX8GfeKfAgMBAAGjFjAUMBIGA1UdEwEB/wQIMAYBAf8CAQEwDQYJKoZIhvcNAQEFBQADgYEAFdlpx9BHXxzrLxj0eHLkmWVobsnbJfnIOtFhSunQrUR5N6yN+EKQTUTsNBieLoNOHXLChszT1m3cdF4J0v4c81/QzAAZb1VNXXpNDhhAs1JL7UQ/vGQ7IuEw4UjKavGUkRf+yMr9zlvlVHJMPVuGbFK3rsdyLgfuP3e6CPWZjWI=</X509Certificate><X509Certificate>MIICMjCCAZsCBDyQFZowDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0NhcmFkYXMxLDAqBgNVBAsTIzMtRCBTZWN1cmUgQ29tcGxpYW5jZSBUZXN0IEZhY2lsaXR5MREwDwYDVQQDEwhDVEhfUk9PVDAeFw0wMjAzMTQwMzE0MzRaFw0wNjAzMTUwMzE0MzRaMGAxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDYXJhZGFzMSwwKgYDVQQLEyMzLUQgU2VjdXJlIENvbXBsaWFuY2UgVGVzdCBGYWNpbGl0eTERMA8GA1UEAxMIQ1RIX1JPT1QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMVvo8AIMuGtvtmBVOs7Oa/XDVqufBAR+1d/fVs8WgmaiobCMHarfORyZy81pjAHN2GDkMKjvmHdH7JsfzkUbW7gLJcMLk8YKw5l2/RkCHuk8OvMKBrskNf8nRjPCUWebpzJUq9DY6kP3g94RJNJUufNNRWfYUjGybcFot2Q0RD9AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAo4LTkdISkq5kNb7OsPwMdke7bCG7sD49J4oCwb221a3e3MCgxajCQMT3SsdWO+6cEgoq5qbITXBRcp3dv94edWUzgDkhUO+c16n5sY4oJGRTuUoY1vd14k+aAlsJq9P78Uww32E03WGLojwq7EfLjAKNIFgGlMcQv08ZxBzK4Fc=</X509Certificate></X509Data></KeyInfo></Signature></Message></ThreeDSecure>
