Ok, I guess it was a bit unreasonable to send you a link - my apologies! Here's a concrete example. See attached.
Thanks for your patience. On Feb 18, 2008 5:08 PM, Aleksey Sanin <[EMAIL PROTECTED]> wrote: > I have no idea what "target kdm certificate" is :) Please, attach > a signed document to the email. > > Aleksey > > Paul Keeler wrote: > > Here is a link to an online generator of signed documents that will > > demonstrate the behaviour I described previously: > > > > http://www.cinecert.com/dci_ref_01/ > > > > Is there perhaps something about these documents that means xmlsec is > > unable to populate a store of untrusted certificates? > > > > Many thanks for your help already. > > > > > > On Feb 14, 2008 5:29 PM, Aleksey Sanin <[EMAIL PROTECTED] > > <mailto:[EMAIL PROTECTED]>> wrote: > > > > The error indicates that verification of one of the certificate > > chains failed but xmlsec was able to extract the key either from > > another certificate chain or from some other place. Hard to say > > more w/o looking at the document. > > > > Aleksey > > > > > > > > Paul Keeler wrote: > > > I would be grateful if somone could help me with this problem. I > > have a > > > signed document which reports that it verifies ok, but also gives > an > > > error message: "unable to get local issuer certificate". The > > same thing > > > happens both running from my own application and calling xmlsec > > from the > > > command line: > > > > > > xmlsec1 --verify --id-attr:<my_ID_attribute_name> > > > <my_node_namespace_uri>:<my_first_node_name> > > > --id-attr:<my_ID_attribute_name> > > > <my_node_namespace_uri>:<my_second_node_name> --trusted-pem > > > <my_trusted_root_pem> <my_signed_document> > > > > > > This is the result: > > > > > > > > func=xmlSecOpenSSLX509StoreVerify:file= > x509vfy.c:line=351:obj=x509-store:subj=unknown:error=71:certificate > > > verification failed:err=20;msg=unable to get local issuer > certificate > > > OK > > > SignedInfo References (ok/all): 2/2 > > > Manifests References (ok/all): 0/0 > > > > > > The verification seems to have been successful (indicated by > > "OK"), but > > > clearly an error was also reported. > > > > > > The signed document contains my entire certificate chain: Signer > -> > > > Intermediate CA -> Root CA. The Root CA in the chain is the same > > as the > > > trusted root pem I pass using the --trusted-pem option, so I > would > > > expect verification to succeed. > > > > > > Now, I can make the error message go away by extracting the > > Intermediate > > > CA certificate from the signed document and passing it to XMLSEC > > using > > > the --untrusted-pem option: > > > > > > xmlsec1 --verify --id-attr:<my_ID_attribute_name> > > > <my_node_namespace_uri>:<my_first_node_name> > > > --id-attr:<my_ID_attribute_name> > > > <my_node_namespace_uri>:<my_second_node_name> --trusted-pem > > > <my_trusted_root_pem> --untrusted-pem <intermediate_CA_pem> > > > <my_signed_document> > > > > > > I did not expect that I would have to explicitly pass a > > certificate from > > > the chain to xmlsec and flag it as being untrusted. Am I doing > > > something wrong? Surely xmlsec should assume that all X509 > > certificates > > > in a chain are untrusted by default? Have I missed the point > > somewhere? > > > > > > Many thanks in advance. > > > > > > > > > > > > ------------------------------------------------------------------------ > > > > > > _______________________________________________ > > > xmlsec mailing list > > > [email protected] <mailto:[email protected]> > > > http://www.aleksey.com/mailman/listinfo/xmlsec > > > > > > > > ------------------------------------------------------------------------ > > > > _______________________________________________ > > xmlsec mailing list > > [email protected] > > http://www.aleksey.com/mailman/listinfo/xmlsec >
<?xml version="1.0" encoding="UTF-8" standalone="no" ?><DCinemaSecurityMessage xmlns="http://www.smpte-ra.org/schemas/430-3/2006/ETM"; xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; xmlns:enc="http://www.w3.org/2001/04/xmlenc#";> <!-- Generated by Wailua Version 0.3.23 --> <AuthenticatedPublic Id="ID_AuthenticatedPublic"> <MessageId>urn:uuid:011b1dfc-baeb-4eca-b8b5-90eebbc09063</MessageId> <MessageType>http://www.smpte-ra.org/430-1/2006/KDM#kdm-key-type</MessageType> <AnnotationText>Sync Test Ciphertext (DCI/SMPTE) v1.3 ~ KDM for FP.Sony.DongleSha256Test.000001</AnnotationText> <IssueDate>2008-02-19T10:22:41-00:00</IssueDate> <Signer> <dsig:X509IssuerName>dnQualifier=CgJP/z2e2mDKEbz8IcZc4gUXyys=,CN=.cc-admin,OU=.ra-1a.s430-2.ca.cinecert.com,O=.ca.cinecert.com</dsig:X509IssuerName> <dsig:X509SerialNumber>51255</dsig:X509SerialNumber> </Signer> <RequiredExtensions> <KDMRequiredExtensions xmlns="http://www.smpte-ra.org/schemas/430-1/2006/KDM";> <Recipient> <X509IssuerSerial> <dsig:X509IssuerName>dnQualifier=cR7D\+us5Oc/DEUyM2CT28p6Fyz0=,O=DC.CA.Sony.Com,OU=PRO,CN=.Sony.TrialDCIssuerCA.v1</dsig:X509IssuerName> <dsig:X509SerialNumber>5608707737291557133</dsig:X509SerialNumber> </X509IssuerSerial> <X509SubjectName>dnQualifier=uiVVfLXCSCT6Bg83khfZTEkffYA=,O=DC.CA.Sony.Com,OU=PRO,CN=FP.Sony.DongleSha256Test.000001</X509SubjectName> </Recipient> <CompositionPlaylistId>urn:uuid:01fd6ce3-6da2-4be5-b3c7-422260c2169b</CompositionPlaylistId> <ContentTitleText>Sync Test Ciphertext (DCI/SMPTE) v1.3</ContentTitleText> <ContentKeysNotValidBefore>2008-02-19T10:22:40-00:00</ContentKeysNotValidBefore> <ContentKeysNotValidAfter>2008-03-20T10:22:40-00:00</ContentKeysNotValidAfter> <AuthorizedDeviceInfo> <DeviceListIdentifier>urn:uuid:d1fdb3c0-4558-470a-bd4b-e79423b721c6</DeviceListIdentifier> <DeviceList> <CertificateThumbprint>B4evpm59H/KXuCHInNCV4pyYwr4=</CertificateThumbprint> </DeviceList> </AuthorizedDeviceInfo> <KeyIdList> <TypedKeyId> <KeyType>MDIK</KeyType> <KeyId>urn:uuid:e47b76ad-1bcf-49e8-bb6d-3d86a79f27e2</KeyId> </TypedKeyId> <TypedKeyId> <KeyType>MDAK</KeyType> <KeyId>urn:uuid:8eaee94f-1968-49be-85dc-612e8617a350</KeyId> </TypedKeyId> <TypedKeyId> <KeyType>MDIK</KeyType> <KeyId>urn:uuid:cdb932bd-d6ff-4680-90c3-ef6016d032e2</KeyId> </TypedKeyId> <TypedKeyId> <KeyType>MDAK</KeyType> <KeyId>urn:uuid:a839287e-a6e0-4cb1-aae6-0986f0009d3b</KeyId> </TypedKeyId> </KeyIdList> <ForensicMarkFlagList> <ForensicMarkFlag>http://www.smpte-ra.org/430-1/2006/KDM#mrkflg-audio-disable</ForensicMarkFlag> </ForensicMarkFlagList> </KDMRequiredExtensions> </RequiredExtensions> <NonCriticalExtensions/> </AuthenticatedPublic> <AuthenticatedPrivate Id="ID_AuthenticatedPrivate"><enc:EncryptedKey xmlns:enc="http://www.w3.org/2001/04/xmlenc#";> <enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";> <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> </enc:EncryptionMethod> <enc:CipherData> <enc:CipherValue>16trqqcioCHiY8iuKEp3KK7KtRuuysvrE1o3OCoTg3o4aGWXext83ZqCJkY5CVeTp+nTcEaGv79k K/gcZBQxp+/zXyak7bniMWQ8d7+iUG4E4Tsxtrh+hCuSL8iuBRLQoONgM3rp7XxUxdlGPkstpvm8 leb5SFD49+YrIzYLGg6eehRvtpjue/7FEbK2SEOc0azjXgbKgGxWVgHJ0Uj0k+/+pRkVLF5nZGCK 5myFRgNIiG2E52Oc/ldqmUtZ4UbICmt9zEKyW0DGcWclys/tD09lisv5ledmBTgKQQ7wDQCLlSuG I9qRIOc71LdPk84IazyNnhQnW/vU5PFxkG/Spg==</enc:CipherValue> </enc:CipherData> </enc:EncryptedKey><enc:EncryptedKey xmlns:enc="http://www.w3.org/2001/04/xmlenc#";> <enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";> <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> </enc:EncryptionMethod> <enc:CipherData> <enc:CipherValue>T/rD8ulpucf43vjCu4MVhEGpFY/Stfj82x44EvYxPX+ftw1NRpJP+h3fZaW2iZzRkE2R4xu/uiLj J1s9mfI6bglnsT/w958vkXvHVzxNjeysIZXRKyfmeffY9Uy3ih9q4+3W5q1+ufxqsBIctl8u0uEG 6zXAASFv83p0+4pFL9NOBp0gXBwt+DM1Hc2XdNyqXc6p/my/7ljlcNPaaqUfl9q/jRaaiMDoFzKB sw6APKefLhlUka3M+dw9kcL4eU04WoYDxyzqhqjfJYJCQldzKgLkLoTOqtrXMURXOW/A143En6ge ohY6N54Td+u9aEBHGzEuxCfUOqbcwyyPzTmxbg==</enc:CipherValue> </enc:CipherData> </enc:EncryptedKey><enc:EncryptedKey xmlns:enc="http://www.w3.org/2001/04/xmlenc#";> <enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";> <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> </enc:EncryptionMethod> <enc:CipherData> <enc:CipherValue>JmdzkkTBzFY8S48BJ2tI74O4bxP9GUAFbrSX4STpFTUbePMCJwo+6BW9M9XjmdqEAUJ9cxC7pHMd lDyGbbs2ONNS58DJQV0fDwKkp9JJX9wT8LcJsEBwaffaQYRaMuiM3VJ8zv9bvWerOwwgOd7WldI7 ASz5C28XZmh8+AoC24+m6InhWWQnoYtQKuwsDUJn4LwE46AlteaCCxfmnw/ajLMKT0DhQgrIl43U ovu8OdnFYka7PFNuPHGVHtADTdtFWIBZhmvxg/ea2AaUA7/Wljn+SmY1L9O61oyKPXtkmGhbgN9v HPslGlfg5KyEAqDR2fhx6wbL/4J7uABddiKw7g==</enc:CipherValue> </enc:CipherData> </enc:EncryptedKey><enc:EncryptedKey xmlns:enc="http://www.w3.org/2001/04/xmlenc#";> <enc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-oaep-mgf1p";> <ds:DigestMethod xmlns:ds="http://www.w3.org/2000/09/xmldsig#"; Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> </enc:EncryptionMethod> <enc:CipherData> <enc:CipherValue>QAZRxiDr7H+zNk2igscSs5NfcVMNoyA/2AinO3wLBA9qFiIJes6hzJNSmkx89vJUaRnig18ZAmXn 7AjqN/YCR8DwMn71ufMvl0Onkw0JbY2ijYXEo/aiQyVZFU2Bsm4yrTVnNVa/F95iW3p+iTijWUiR t24VGm/1dLruW+K7zTsxREJzlKZQCXY3AdSPQLJsBCUqxEV20H2RUeAnj9UzgN+Ye731xAi5L8Y9 xztxhQomLJdYNPu9WO7Jp4CAqxoaRnbtD4Cyppte1nWWQzlbg3IMp5zRtBJCud08nxWSVfNnOaWe bdLbmqmGbxYbSJHCLu4HPMnojxJcT86uxYtZuA==</enc:CipherValue> </enc:CipherData> </enc:EncryptedKey></AuthenticatedPrivate> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> <dsig:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <dsig:Reference URI="#ID_AuthenticatedPublic"> <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <dsig:DigestValue>r+CsuPiTp0JB7l66qX1axJlyoQve7cQCT9oiYA3d9Oo=</dsig:DigestValue> </dsig:Reference> <dsig:Reference URI="#ID_AuthenticatedPrivate"> <dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <dsig:DigestValue>dg9dvdJuGFc0Bb3dOfzwbKAs393E/Bxqu5o1ocya8aw=</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>KNv4vzgc+gP+u3oiYYCxf4GqitoHGd4kME9z+YCHXSxzeJJobRYML4cdGHa0JdWT djKUQOWhleRzehlhnipbmaU8lRUx6l8Pg1R9QcEcN2qP5D+LDriLWqLdbI5724cB i5joWQVG+dSr0ZMQWdecgak4fOrX1V6E6UYl9rmmwNvAbMvGszriwrTl4IQYPAUN KDzHDIGNIqdvJIdRP/WXzYCf0g3O3SQYdkt2Mow7FOS3m8RlyRwGAkCcg4KHckld H3j2QVy5F7JULuaoMOIa/MXUbakwznEhvOXVucqK2ktheY2GRAH1pRdzH7eNviN/ aUyZxwGoImYgan+VL/+Hlw==</dsig:SignatureValue> <dsig:KeyInfo> <dsig:X509Data> <dsig:X509IssuerSerial> <dsig:X509IssuerName>dnQualifier=CgJP/z2e2mDKEbz8IcZc4gUXyys=,CN=.cc-admin,OU=.ra-1a.s430-2.ca.cinecert.com,O=.ca.cinecert.com</dsig:X509IssuerName> <dsig:X509SerialNumber>51255</dsig:X509SerialNumber> </dsig:X509IssuerSerial> <dsig:X509Certificate>MIIEazCCA1OgAwIBAgIDAMg3MA0GCSqGSIb3DQEBCwUAMH4xGTAXBgNVBAoTEC5j YS5jaW5lY2VydC5jb20xJjAkBgNVBAsTHS5yYS0xYS5zNDMwLTIuY2EuY2luZWNl cnQuY29tMRIwEAYDVQQDEwkuY2MtYWRtaW4xJTAjBgNVBC4THENnSlAvejJlMm1E S0ViejhJY1pjNGdVWHl5cz0wHhcNMDcwMzEyMTc0MDQ2WhcNMDgwMzExMTc0MDQ2 WjCBiDEZMBcGA1UEChMQLmNhLmNpbmVjZXJ0LmNvbTEmMCQGA1UECxMdLnJhLTFh LnM0MzAtMi5jYS5jaW5lY2VydC5jb20xHDAaBgNVBAMTE1NNLnd3dy5jaW5lY2Vy dC5jb20xJTAjBgNVBC4THHU4N2hJQU5qdjlJQmtiQ1hzN0p3QzZ0YkVkdz0wggEi MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDUWva5Nz6Yb9gsb/qK0jKEgzX4 0VYnosOa6f59hDaO4KMScW2DGEgnGHMaq3AxN8WchP44VEI5yhg1vTHrHWd4lF1a X3Kodvo2koRU8vuwMbUNT3ehSphxsHZnc6uqBS/Q6F+oxCjxMs7l8YLpExfh/Vye IxdbuV3x5VqdHVdXq2bdtvacEEA77v1ATgN62aRI2w6wbnEoLo9CyDm5lgdXeYJE J7oOJG6P+HO6b7rVCZraZYBKLBwKHoWlnkxJUZMx6M0+my6WhUL7jOf5nQ0XEmxL QWieqUk4jp8pEMhysTN9GeKIBnFCNWjcgkTiVXneFbafpUVPZeutyltgs3AJAgMB AAGjgeYwgeMwCwYDVR0PBAQDAgSwMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFLvO 4SADY7/SAZGwl7OycAurWxHcMIGmBgNVHSMEgZ4wgZuAFAoCT/89ntpgyhG8/CHG XOIFF8sroX+kfTB7MRkwFwYDVQQKExAuY2EuY2luZWNlcnQuY29tMSYwJAYDVQQL Ex0ucmEtMWEuczQzMC0yLmNhLmNpbmVjZXJ0LmNvbTEPMA0GA1UEAxMGLnJhLTFi MSUwIwYDVQQuExwwQ0w3RDNqZlNQdGpQR2RYY29KVkFIVWFwdUU9ggJ65jANBgkq hkiG9w0BAQsFAAOCAQEAoEg0d/cqdmNOgF914FTQqQmV9dFsHB25Qwvf/FBE4A7h AqsihXHVm3HstZGnabl4TluEAMLC5TARM3NjR/d4P0hdd1DRR6NGVItso2or6Zoc bPUXNbXUc9mIx8vpEre24LxcJMmvZiNlEsiUrTxOc+OnZ+aiULsY9wTezUaCDZ+6 zCWKrRCfqjWSKkY08Td2u5EivH9p5JwFWdaIag3/aBYCsycE0/FcjpTrVjxXG4JP FdzmcOigxuPI1OTJoZPkn915jVGWlKd9yuRiyhE5VgIolQEhlkwy6bqNri7WTEcu PD5AF5AA7pjqcQ44NQpZwBQydXHYCgWh9KbEY+TkZQ== </dsig:X509Certificate> </dsig:X509Data> <dsig:X509Data> <dsig:X509IssuerSerial> <dsig:X509IssuerName>dnQualifier=0CL7D3jfSPtjPGdXcoJVAHUapuE=,CN=.ra-1b,OU=.ra-1a.s430-2.ca.cinecert.com,O=.ca.cinecert.com</dsig:X509IssuerName> <dsig:X509SerialNumber>31462</dsig:X509SerialNumber> </dsig:X509IssuerSerial> <dsig:X509Certificate>MIIEXDCCA0SgAwIBAgICeuYwDQYJKoZIhvcNAQELBQAwezEZMBcGA1UEChMQLmNh LmNpbmVjZXJ0LmNvbTEmMCQGA1UECxMdLnJhLTFhLnM0MzAtMi5jYS5jaW5lY2Vy dC5jb20xDzANBgNVBAMTBi5yYS0xYjElMCMGA1UELhMcMENMN0QzamZTUHRqUEdk WGNvSlZBSFVhcHVFPTAeFw0wNzAzMTIxNzA4NDFaFw0xMDAxMDEwMDAwMDBaMH4x GTAXBgNVBAoTEC5jYS5jaW5lY2VydC5jb20xJjAkBgNVBAsTHS5yYS0xYS5zNDMw LTIuY2EuY2luZWNlcnQuY29tMRIwEAYDVQQDEwkuY2MtYWRtaW4xJTAjBgNVBC4T HENnSlAvejJlMm1ES0ViejhJY1pjNGdVWHl5cz0wggEiMA0GCSqGSIb3DQEBAQUA A4IBDwAwggEKAoIBAQDFvnpMWU1599rqoH8MfD3frqOReHyv+aoNl3O5gZvfMUG8 +dlufkaWbtfMnb0ZGTiSlnPi/J17qkFOAc/zYOmTZOSdss8m3GrL0gNBYhT7BUZh hLSjM54vvLymWaUMDrdd6Wq5w3WPVADrilmEWma/5V3v4k03MgbCXfjfqpMik5uP iQUf/efUcxpAe40YoWzvRAeYZajsw1bkLjWfcHMwtTrj9m6di2AKg+OOKkaZtH7Y CmoDHUrK+EjqwPMyZv0le8aEbWRzCLN7lj8b8eGOYn8bQ3DQA9krlCfw7MjlY6oF dqWmE9andMMiMw2GMcJ5pY+fUED6lUX+zJOEXE7ZAgMBAAGjgeYwgeMwCwYDVR0P BAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwHQYDVR0OBBYEFAoCT/89ntpgyhG8 /CHGXOIFF8srMIGgBgNVHSMEgZgwgZWAFNAi+w9430j7YzxnV3KCVQB1GqbhoXmk dzB1MRkwFwYDVQQKExAuY2EuY2luZWNlcnQuY29tMSAwHgYDVQQLExcuczQzMC0y LmNhLmNpbmVjZXJ0LmNvbTEPMA0GA1UEAxMGLnJhLTFhMSUwIwYDVQQuExw0dkZm d0l1Yno0Y3NkRVE0Sm5rUERhOG05UFE9ggJz3TANBgkqhkiG9w0BAQsFAAOCAQEA 5n4caQDIiSJIOA4/YxizfbkYUWk4XLE0W8O96TZLThh9tFT0rixS+E5e9krDXQjA 05EuowCI+QcDqUUvLaLPzr/Dcc93jSY4k/KL5Wg85EAao/VvWAQ5qxOTxNE1rslh QOjn6JrQbPWjwHcevOJ7a9YurMnkHKaGJ7IoR4XAEJBkoSw6jRLRBnl4ZstEPp9k t+Xl53tZYEAgQ+hWuF20agufzKCiHqJISHWXMo4ioruE1r4gkrz7gbBf4WasaNOR 7J74MvGQGnps/ceVTdwHSdO9hev47seswfP7J3bEYn83IUmP2uu0AV+BqB0x0A99 iVsDbGdaPANH+q62BFIy3Q== </dsig:X509Certificate> </dsig:X509Data> <dsig:X509Data> <dsig:X509IssuerSerial> <dsig:X509IssuerName>dnQualifier=4vFfwIubz4csdEQ4JnkPDa8m9PQ=,CN=.ra-1a,OU=.s430-2.ca.cinecert.com,O=.ca.cinecert.com</dsig:X509IssuerName> <dsig:X509SerialNumber>29661</dsig:X509SerialNumber> </dsig:X509IssuerSerial> <dsig:X509Certificate>MIIETjCCAzagAwIBAgICc90wDQYJKoZIhvcNAQELBQAwdTEZMBcGA1UEChMQLmNh LmNpbmVjZXJ0LmNvbTEgMB4GA1UECxMXLnM0MzAtMi5jYS5jaW5lY2VydC5jb20x DzANBgNVBAMTBi5yYS0xYTElMCMGA1UELhMcNHZGZndJdWJ6NGNzZEVRNEpua1BE YThtOVBRPTAeFw0wNzAzMTIxNzA4MzRaFw0xMTAxMDEwMDAwMDBaMHsxGTAXBgNV BAoTEC5jYS5jaW5lY2VydC5jb20xJjAkBgNVBAsTHS5yYS0xYS5zNDMwLTIuY2Eu Y2luZWNlcnQuY29tMQ8wDQYDVQQDEwYucmEtMWIxJTAjBgNVBC4THDBDTDdEM2pm U1B0alBHZFhjb0pWQUhVYXB1RT0wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK AoIBAQDyrN/tmX2ucyB46Q3ZlBckHVXNhg/eiLCpY2RVBXMnj8i7ChqZI7xoW26Z pAlBV9YLgrZS68Hcx4MiRv93ZMb7hvrjYsD7zuIvSMsN47iM0as6oaGVJadOhLB2 4opBtGi0DrKzketBzn0ao7yA1E0Q2kq4+QrUpI3oMmdVcb82djn4jDz0Asji0V2T +yOxdvtI8kvh7rIykHLkAqziAEnXjps69pfZXTtnvhpSfHhZYAsdz4DzUUNVtzzE RD+cGsN4Y/oBtuESm7ZWlv5hh0tyWfn8g/SWLaCcrcTobNHCgHG8NMXmmjIw3Z80 CWkGnZJd4v0GneR3Ku0IK/vZ2sQ7AgMBAAGjgeEwgd4wCwYDVR0PBAQDAgEGMBIG A1UdEwEB/wQIMAYBAf8CAQMwHQYDVR0OBBYEFNAi+w9430j7YzxnV3KCVQB1Gqbh MIGbBgNVHSMEgZMwgZCAFOLxX8CLm8+HLHREOCZ5Dw2vJvT0oXOkcTBvMRkwFwYD VQQKExAuY2EuY2luZWNlcnQuY29tMRkwFwYDVQQLExAuY2EuY2luZWNlcnQuY29t MRAwDgYDVQQDEwcuczQzMC0yMSUwIwYDVQQuExw4TzhXOG9ZSGxmOTdZOG4wa2RB Z01VNy9qVVU9ggMAxxQwDQYJKoZIhvcNAQELBQADggEBAJlwPy+nZqs3BUxPkrED d2x8OCo5xkyJKXUF0/R5Wb3wL5CdG/+WIHLBpspg6OZrrtjzdf7h+NajCjYlDh1w p9dvDwuQPFvXBArR1V7ywGCQnikg9WkYUr++hkv6dEApjWyMhaqd/g6Iqmz0T8Fd GZWujhJ5oh7y/j9J8kJh/0AhNvkVUoy1iL2EmesgCAb26x6oOe8i+mW4iXwlPKkx GQzcp/+tsQVnmrHtX4uGWjhJG/iqTGYG+0wNtaSbV+BXUZ4+kogDaH3/ZcDgOyrw nrvnqajkueBRJaqPBEKx5TbEAAtWTIGiQSD7MGO0XJ17Zm0j1jxraMvQaOvTtSPl cX8= </dsig:X509Certificate> </dsig:X509Data> <dsig:X509Data> <dsig:X509IssuerSerial> <dsig:X509IssuerName>dnQualifier=8O8W8oYHlf97Y8n0kdAgMU7/jUU=,CN=.s430-2,OU=.ca.cinecert.com,O=.ca.cinecert.com</dsig:X509IssuerName> <dsig:X509SerialNumber>50964</dsig:X509SerialNumber> </dsig:X509IssuerSerial> <dsig:X509Certificate>MIIESTCCAzGgAwIBAgIDAMcUMA0GCSqGSIb3DQEBCwUAMG8xGTAXBgNVBAoTEC5j YS5jaW5lY2VydC5jb20xGTAXBgNVBAsTEC5jYS5jaW5lY2VydC5jb20xEDAOBgNV BAMTBy5zNDMwLTIxJTAjBgNVBC4THDhPOFc4b1lIbGY5N1k4bjBrZEFnTVU3L2pV VT0wHhcNMDcwMzEyMTcwODMwWhcNMTIwMTAxMDAwMDAwWjB1MRkwFwYDVQQKExAu Y2EuY2luZWNlcnQuY29tMSAwHgYDVQQLExcuczQzMC0yLmNhLmNpbmVjZXJ0LmNv bTEPMA0GA1UEAxMGLnJhLTFhMSUwIwYDVQQuExw0dkZmd0l1Yno0Y3NkRVE0Sm5r UERhOG05UFE9MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0vjX+n2/ 2yZcVw4LagD9vSRiULGby+RZ9k6KDDPM9K5F+KA5WhFKDoLAy/RiQr5j55FQSWNQ yn5Fw1hikRLsRPmJ0YJ5NddKXwAUg8TBzBR/sMEU3AKXseAW9ZvTOeh7w2emZoUy gGKdZRO0GyjN8w+VfjKqRgKqcqYzk6rNSTB9s/AuEpm6dpqSJDdHAvNCXknNkTSu 15VNR6oTVY4E7N7bBpkiUxF5UCl26KJ0AOqus1LG+go/GxvEQQhFP4Jf8gNQFZuc OcJdalhuByJXWSXblJ+vHTpr1wirM5mZKQzv4oq3EYzJD+lQK/YtkTwVgyRZ/YWC QmNtuQhsI88qSQIDAQABo4HnMIHkMAsGA1UdDwQEAwIBBjASBgNVHRMBAf8ECDAG AQH/AgEEMB0GA1UdDgQWBBTi8V/Ai5vPhyx0RDgmeQ8Nryb09DCBoQYDVR0jBIGZ MIGWgBTw7xbyhgeV/3tjyfSR0CAxTv+NRaFzpHEwbzEZMBcGA1UEChMQLmNhLmNp bmVjZXJ0LmNvbTEZMBcGA1UECxMQLmNhLmNpbmVjZXJ0LmNvbTEQMA4GA1UEAxMH LnM0MzAtMjElMCMGA1UELhMcOE84VzhvWUhsZjk3WThuMGtkQWdNVTcvalVVPYIJ ALhGwbfi5fVsMA0GCSqGSIb3DQEBCwUAA4IBAQCjKiM4B1ZD5mfv2uKZNJ1VUy30 DTh3mlgBp2/+uHz9GyAttoLe+ORcITdfmWdDVjURdQ35vh5/HMY7t8HnXBLgkxZF Al/vj+Ffdq5crb+eMFVqlhhKsVatlhVQYpq8xL+G6VS24y3IHs3Zu2eDboRqnGQN THOGMz4ay3dgxNywVu4SKmN0w42r4Q+v0mRBQRYA7ZJSBCKHpYu14fdF+UkM6V/J 5SHVsDHo5rYvtIiTAZythoK9CoXmvDOfJA03jKaC7kaCJDqRtR08+99ERYNYlQWB hKROj0fUlgQTygpUIkc9Yl8tdb8u3Pb9lkKg39JMPbah3wVJBOqp7fL7crgZ </dsig:X509Certificate> </dsig:X509Data> <dsig:X509Data> <dsig:X509IssuerSerial> <dsig:X509IssuerName>dnQualifier=8O8W8oYHlf97Y8n0kdAgMU7/jUU=,CN=.s430-2,OU=.ca.cinecert.com,O=.ca.cinecert.com</dsig:X509IssuerName> <dsig:X509SerialNumber>13278513546878383468</dsig:X509SerialNumber> </dsig:X509IssuerSerial> <dsig:X509Certificate>MIIESTCCAzGgAwIBAgIJALhGwbfi5fVsMA0GCSqGSIb3DQEBCwUAMG8xGTAXBgNV BAoTEC5jYS5jaW5lY2VydC5jb20xGTAXBgNVBAsTEC5jYS5jaW5lY2VydC5jb20x EDAOBgNVBAMTBy5zNDMwLTIxJTAjBgNVBC4THDhPOFc4b1lIbGY5N1k4bjBrZEFn TVU3L2pVVT0wHhcNMDcwMzEyMTQ1MjEyWhcNMjcwMzA3MTQ1MjEyWjBvMRkwFwYD VQQKExAuY2EuY2luZWNlcnQuY29tMRkwFwYDVQQLExAuY2EuY2luZWNlcnQuY29t MRAwDgYDVQQDEwcuczQzMC0yMSUwIwYDVQQuExw4TzhXOG9ZSGxmOTdZOG4wa2RB Z01VNy9qVVU9MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAph/idpSe h3CuscvGWmU+i2nZcyQAWJkztubSvukI9OMyLdLcXA4b1sRpxzkzFJ4NGyloHoVG OW3dhm/HrUdbiICHgEzMOJq33bBvZvf8OIw6zbSkTJCu2NbX8rBkjxs72i2ANjXJ LBJz4hHi3KQ0027fZRQ80uksUA96pN4xSkUEdz9cm2IrjmIRTXBKxxL7VvG2sK4j DodedAOQPMczKYeA4CC64cFpPyl9s4mbZJ6roNahBX3p5zmxk9C/qWDEZeiJoPQS +gDEfRJFTLOkH2/onrE1Gw5/ErBzhZcfh6uOYUt3YlEYZDN6cJuUyPr3BaSI2rC2 vB/Ex8HioTm4rwIDAQABo4HnMIHkMB0GA1UdDgQWBBTw7xbyhgeV/3tjyfSR0CAx Tv+NRTCBoQYDVR0jBIGZMIGWgBTw7xbyhgeV/3tjyfSR0CAxTv+NRaFzpHEwbzEZ MBcGA1UEChMQLmNhLmNpbmVjZXJ0LmNvbTEZMBcGA1UECxMQLmNhLmNpbmVjZXJ0 LmNvbTEQMA4GA1UEAxMHLnM0MzAtMjElMCMGA1UELhMcOE84VzhvWUhsZjk3WThu MGtkQWdNVTcvalVVPYIJALhGwbfi5fVsMBIGA1UdEwEB/wQIMAYBAf8CAQUwCwYD VR0PBAQDAgIEMA0GCSqGSIb3DQEBCwUAA4IBAQBXNS39cY/a0bIUJRqL+LfI7lIw EY6sXABbwmUUO42Y/eS7gbpacJnSKrGtdRFWhoC0cCNR1QWrn4IOsKNRi3ed0kCo ccMjlaUFnUhjLUW5xQSx2w09v+bUkPlUm2hjFxOneFPbSCiWTrlmDFRqPz8+rvpT Q7tMBqEDNFtjrB/8KJmJwajf5CaamyFPqc2aMYj9B7GPtzcKPQlbQeAGf+x4l7Iz Y5iOkXqv8VqwxV3ngjV9RlLfPN3OhoBH9jTXV8kNe+mkzqQhhf6HYI50FDOVR6yC C7Fa0KtH0mnRwmZZKW/8vPOIeffauUs2BVVGz/K6Xvk1XWPz2O34IfGIC8r9 </dsig:X509Certificate> </dsig:X509Data> </dsig:KeyInfo> </dsig:Signature> </DCinemaSecurityMessage>
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
