Look through the whole dump. One of the digests is likely invalid. Aleksey
On 5/12/16 2:37 PM, [email protected] wrote: > > Hello > > > Any thoughts on how the following can happen would be much appreciate. > > > Have some code like this which is preceeded by creating a verify contxt > etc etc just like examples:: > > ... > ... > /* print verification result to stdout */ > if(dsigCtx->status == xmlSecDSigStatusSucceeded) { > fprintf(stdout, "RESULT: Signature is OK %d\n", > dsigCtx->status); > } else { > fprintf(stdout, "RESULT: Signature is INVALID %d\n", > dsigCtx->status); > } > fprintf(stdout, > "---------------------------------------------------\n"); > > > xmlSecDSigCtxDebugDump(dsigCtx, stdout); > ... > ... > > > And get the following output: > > > RESULT: Signature is INVALID 7219120 > --------------------------------------------------- > = VERIFICATION CONTEXT > == Status: succeeded > == flags: 0x0000000e > == flags2: 0x00000000 > == Key Info Read Ctx: > = KEY INFO READ CONTEXT > == flags: 0x00000000 > == flags2: 0x00000000 > == enabled key data: all > == RetrievalMethod level (cur/max): 0/1 > == TRANSFORMS CTX (status=0) > == flags: 0x00000000 > == flags2: 0x00000000 > == enabled transforms: all > === uri: NULL > === uri xpointer expr: NULL > == EncryptedKey level (cur/max): 0/1 > === KeyReq: > ==== keyId: rsa > ==== keyType: 0x00000001 > ==== keyUsage: 0x00000002 > ==== keyBitsSize: 0 > === list size: 0 > == Key Info Write Ctx: > = KEY INFO WRITE CONTEXT > == flags: 0x00000000 > == flags2: 0x00000000 > == enabled key data: all > == RetrievalMethod level (cur/max): 0/1 > == TRANSFORMS CTX (status=0) > == flags: 0x00000000 > == flags2: 0x00000000 > == enabled transforms: all > === uri: NULL > === uri xpointer expr: NULL > == EncryptedKey level (cur/max): 0/1 > === KeyReq: > ==== keyId: NULL > ==== keyType: 0x00000001 > ==== keyUsage: 0xffffffff > ==== keyBitsSize: 0 > === list size: 0 > == Signature Transform Ctx: > == TRANSFORMS CTX (status=2) > == flags: 0x00000000 > == flags2: 0x00000000 > == enabled transforms: all > === uri: NULL > === uri xpointer expr: NULL > === Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#) > === Transform: membuf-transform (href=NULL) > === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1) > === Transform: membuf-transform (href=NULL) > == Signature Method: > === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1) > == Signature Key: > == KEY > === method: RSAKeyValue > === key type: Public > === key usage: -1 > === key not valid before: 1458586152 > === key not valid after: 1774118952 > === rsa key: size = 2048 > === list size: 1 > === X509 Data: > ==== Key Certificate: > ==== Subject Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > ==== Issuer Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > ==== Issuer Serial: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > ==== Certificate: > ==== Subject Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > ==== Issuer Name: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXX > ==== Issuer Serial: XXXXXXXXXXXXXXXXXXXXXXXXXXXXX > == SignedInfo References List: > === list size: 1 > = REFERENCE VERIFICATION CONTEXT > == Status: succeeded > == URI: "#_c4e9522ba1289864766f54df6a04eae5b77fd7c70d" > == Reference Transform Ctx: > == TRANSFORMS CTX (status=2) > == flags: 0x00000000 > == flags2: 0x00000000 > == enabled transforms: all > === uri: > === uri xpointer expr: #_c4e9522ba1289864766f54df6a04eae5b77fd7c70d > === Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr) > === Transform: enveloped-signature > (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature) > === Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#) > === Transform: membuf-transform (href=NULL) > === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) > === Transform: membuf-transform (href=NULL) > == Digest Method: > === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) > == PreDigest data - start buffer: > .... > .... > > .... > > > Any ideas how this could happen? > > The dump prints the status as being successful. > This as per the setting of the dsigCtx->status in > xmlSecDSigCtxDebugDump() function in xmldsig.c > > > But how is it printing some garbage value before hand? (7219120) > Why is it not initialized or set to unknown/invalid. > > > Would appreciate any insight? No other logs/erros from the xmlsec are > evident. > > Are there any other logs I could refer to? > Would appreciate any thoughts. > > > > > > > > > > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
