santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hess Yvan" <Yvan.H...@imtf.ch>
Subject RE: Version 1.4 doesn't sign XML document correctly
Date Mon, 07 Aug 2006 14:47:17 GMT
It will be difficult to send you a test case because all my test cases are based on my library
(that is also bind to others library). I can try to do debugging to help you to isolate the
problem or to solve it :-). First a good Junit test case that you can introduce into XML security
JUnit tests is something similar to my TEST 2 (Signature with XML security and verification
with IBM toolkit XSS4J). In this case you are sure that the signature has been corectly be
generated and is valid.

Here is the signature of my XML document I am using into the context of my test case. As you
can see I am signing one part of the XML document and two  external binary documents. The
problem seems to come from the first Reference (<ds:Reference URI="">). The digest value
doesn't match after signature verification. The digest values of the two external reference
matches.

<edoc:SignatureBlock id="Revision-1-Signature-1">
   <edoc:SignatureDate>2006-08-07T12:24:18</edoc:SignatureDate>
   <edoc:Signer>Hess Yvan (first signature)</edoc:Signer>
   <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
      <ds:SignedInfo>
         <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
         <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
         <ds:Reference URI="">
            <ds:Transforms>
               <ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2">
                  <dsig-xpath:XPath xmlns:dsig-xpath="http://www.w3.org/2002/06/xmldsig-filter2"
Filter="intersect">/edoc:EDOC/edoc:Object</dsig-xpath:XPath>
               </ds:Transform>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>2jmj7l5rSw0yVb/vlWAYkK/YBwk=</ds:DigestValue>
         </ds:Reference>
         <ds:Reference URI="urn:hypersuite:8F1F8E64-C0A8024E0160C4B0-A0033464">
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>7typFfsZFzJVtEsGinu58N8RtqE=</ds:DigestValue>
         </ds:Reference>
         <ds:Reference URI="urn:hypersuite:8F1F8E64-C0A8024E0160C4B0-A0033465">
            <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
            <ds:DigestValue>oxwjv1Go+8Y0m97hiJLTKcYx4t8=</ds:DigestValue>
         </ds:Reference>
      </ds:SignedInfo>
      <ds:SignatureValue>
RYaOiVt2gDIFmFDFotJrxGWHFYFe3dAoI1L2vubdlbBZt3pk4aaolBz6NA9IswW9ZOwPGYizLB4P
vMa8f4sHx8onoVt+5BGQwLuTYRDgGrJqmwpbwJxUAPvFh1xgEDGodfZ4P7kmjsgo4fjDULdk9Zhw
vIN/+eBfirtyCcbTb1w=
</ds:SignatureValue>
      <ds:KeyInfo>
         <ds:X509Data>
            <ds:X509Certificate>
MIIDADCCAmmgAwIBAgIGAQpEtx7tMA0GCSqGSIb3DQEBBQUAMIGXMRQwEgYDVQQG.....
</ds:X509Certificate>
            <ds:X509Certificate>
MIICpDCCAg0CBgEKRLVqKDANBgkqhkiG9w0BAQUFADCBlzEUMBIGA1UEBhMLU3dpdHplcmxhbmQx....
</ds:X509Certificate>
         </ds:X509Data>
      </ds:KeyInfo>
   </ds:Signature>
</edoc:SignatureBlock>





-----Original Message-----
From: raul.benito.garcia@gmail.com [mailto:raul.benito.garcia@gmail.com] On Behalf Of Raul
Benito
Sent: lundi, 7. août 2006 16:21
To: security-dev@xml.apache.org
Subject: Re: Version 1.4 doesn't sign XML document correctly

Can you open a bug report and attach a test case?
This will help a lot.

Regards,

Raul

On 8/7/06, Hess Yvan <Yvan.Hess@imtf.ch> wrote:
>
>
> Hi,
>
> XML security version 1.4 Beta0 and Beta1 doesn't sign the XML document 
> correctly. I developped a Java library that uses XML security to 
> sign/verify and to encrypt/decrypt XML documents. When I executed my 
> JUNIT tests, they failed when XML document are verified. I have two tests that failed:
>
> TEST 1:  The XML document is already signed (with XML security version 
> 1.2) and it is verified with the version 1.4 (beta0 and beta1). This 
> test failed using version 1.4 but was ok with precedent versions.
>
> TEST 2:  The XML document is signed with XML security V1.4Beta1 and is 
> verified with IBM XSS4J toolkit. This test failed using version 
> 1.4Beta1 but was ok with precedent versions.
>
> I think it is a critical bug...Please can you help me
>
> Regards. Yvan Hess
>
>


--
http://r-bg.com

Mime
View raw message