hello, When I verify the signature I got the following error: func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match
The point is I can use the same code to verify some other xml signature except this one which I got response from other's Web Service. Could you check the following xml piece to see whether there is something which cause this error? Could it possible caused by "<ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="ds saml xs"/>" which seems not exist in my own generating response. Thanks Weizhong Qiang ********************** <saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_4f357ca2-ad38-4611-8dfd-f5e4d193d95c" IssueInstant="2008-10-09T15:48:59.621Z" Version="2.0"><saml:Issuer>CN=Weizhong Qiang,OU=fys.uio.no,O=NorduGrid,O=Grid</saml:Issuer><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=" http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#_4f357ca2-ad38-4611-8dfd-f5e4d193d95c"> <ds:Transforms> <ds:Transform Algorithm=" http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#";><ec:InclusiveNamespaces xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"; PrefixList="ds saml xs"/></ds:Transform> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:DigestValue>6GUoFLrpxDGrP3b8nYToGuTGDkQ=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue> Tv8kUkw0Lvplsa5WY/GfT5TW2ggxsKCFp9p+VEBLIcHQATy/kCUDQiPLeBT8ZcgOB6YFR/xo3848 GWBX4GwtREGAhIznm6GSic67lnfvpwzb/GQhxVZf+YnIvPfpytAutmM2dSm03ZTO8tPXBfG4Tcyu kqHPcwnZs34BaWKss2I= </ds:SignatureValue> <ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDMjCCApugAwIBAgICC3kwDQYJKoZIhvcNAQEFBQAwTzENMAsGA1UEChMER3JpZDESMBAGA1UE ChMJTm9yZHVHcmlkMSowKAYDVQQDEyFOb3JkdUdyaWQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw HhcNMDgwNDE2MDk1NzUxWhcNMDkwNDE2MDk1NzUxWjBRMQ0wCwYDVQQKEwRHcmlkMRIwEAYDVQQK EwlOb3JkdUdyaWQxEzARBgNVBAsTCmZ5cy51aW8ubm8xFzAVBgNVBAMTDldlaXpob25nIFFpYW5n MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwVJsM8PUkeBVSRXWbmlwSvIxwOMvDnw0CbM4k d9EBZBjjaW/TTwBfKiTuLyONSQ3BV9APndWXPoqNy3F7cZbsA9IeIalOi0KtVtNVktybspEGJZRy FN+kprbLJKoEViOB8q1DG0rv09zWA7n6qRFJcKqzePzsKy8Zo/bL3bI85QIDAQABo4IBGTCCARUw CQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgMCwGCWCGSAGG+EIBDQQf Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUfkmW6yooaz8IDx6cd2BK 7RUrDjcwdwYDVR0jBHAwboAUGAXA/AvRtzr0ZZIJ+1mhX8eIxPChU6RRME8xDTALBgNVBAoTBEdy aWQxEjAQBgNVBAoTCU5vcmR1R3JpZDEqMCgGA1UEAxMhTm9yZHVHcmlkIENlcnRpZmljYXRpb24g QXV0aG9yaXR5ggEAMCIGA1UdEQQbMBmBF3dlaXpob25ncWlhbmdAZ21haWwuY29tMA0GCSqGSIb3 DQEBBQUAA4GBABgih1dwIS2FDdMlzO/pucYju87s8V1xcVxxjh7jYeSbOgmc3rWfohKkkvomtmnJ 22Ae0mfN/sNaZVwxO82XNej5lob8xp+iroYM+Rrt6ZnhWDNaMuIKTbFA/HgfnTcZjrPm5ttNYorb qDCr7j/ab0xkaTwQYVjnJc0lyjaWGsdL</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=test,O=UiO,ST=Oslo,C=NO</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"><saml:SubjectConfirmationData><ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig# "><ds:X509Data><ds:X509Certificate>MIICozCCAgygAwIBAgIBATANBgkqhkiG9w0BAQQFADA3MQswCQYDVQQGEwJOTzENMAsGA1UECBME T3NsbzEMMAoGA1UEChMDVWlPMQswCQYDVQQDEwJDQTAeFw0wNzExMDYxNTE4NDlaFw0wODExMDUx NTE4NDlaMDkxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIEwRPc2xvMQwwCgYDVQQKEwNVaU8xDTALBgNV BAMTBHRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMUZpDYNYNuoqohEkP4w/MnGAiXV sZUSPuFChL2HT2sE7VQ2/RsFKRyAFXNaBIPcpoJF2uTv6Llc0G9F5v4G5ZyZiiexgl3HtnmiMcgW ie/d5XfYf0o+2xhofdsgxb5d2DRFyUVxkKnBRYSSebR9wsdlwtlduSDxsN22CFITqL3FAgMBAAGj gbwwgbkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm aWNhdGUwHQYDVR0OBBYEFGtX2cUVfSVs1xLKLwwscpNon2duMF8GA1UdIwRYMFaAFLg5jUhGbh+u jBIx6kabFY+E5JrWoTukOTA3MQswCQYDVQQGEwJOTzENMAsGA1UECBMET3NsbzEMMAoGA1UEChMD VWlPMQswCQYDVQQDEwJDQYIBADANBgkqhkiG9w0BAQQFAAOBgQAIrqV+I9YbXvpsRvwJLOFIVIuX Cy8l5RjfSrd4UG3oX3c0nmr5oe93XomAJ525ULOGSh5w8kmfGA96yUi2LRmdM9ZQyyVWLDagU0dt mdcJm2CedeRxI+ShtIE3PRc/OTEjz/dvY6gD/jiHDUr/IcooHMSApIuDZXWvSNWSql0Swg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></saml:SubjectConfirmationData></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2008-10-09T15:48:59.621Z" NotOnOrAfter="2008-10-10T02:48:59.621Z"/><saml:AttributeStatement><saml:Attribute Name="Degree" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xs:string">PhD</saml:AttributeValue></saml:Attribute><saml:Attribute Name="http://voms.forge.cnaf.infn.it/group"; NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xs:string">/knowarc</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string">/knowarc/UiO</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion>
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
