santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bradley Beddoes <bedd...@intient.com>
Subject Re: interop problem java to C++
Date Thu, 18 Jan 2007 12:33:37 GMT

Additionally to ensure its absolutely clear as I didn't explicitly state 
it Signatures are always reported as valid by xmlsec-c for all document 
types.

thanks,
Bradley

Bradley Beddoes wrote:
> Hi All,
> I am hoping that someone on this list may be able to give me some 
> assistance with a problem I have been looking into for the past 4 days 
> and can't seem to come up with any solution for.
> 
> The problem manifests itself in the xml-security-c 3.0 code base (well 
> appears to me to at any rate) with references failing to verify, eg 
> Reference URI="#_12345-678901" failed to verify
> 
> I am currently creating signatures with canicalization method of 
> exclusive with comments, an RSA SHA1 signature, a SHA1 digest and an 
> enveloped transform. Example at the end of this message.
> 
> The XML document themselves are UTF-16 encoded and are created in Java, 
> I have tried both the xmldsig implementation (JSR105) from the Java web 
> services pack and the JSR105 implementation in the latest 1.4 java 
> security libs (binary distribution from web site).
> 
> All generated documents from both JSR implementations validate correctly 
> in Java space. A generated document with a single enveloped signature 
> for the root node only will validate correctly in xmlsec-c.
> 
> The problem of invalid references arises in xmlsec-c code base when 
> either a document has a single signature whose reference URI is some 
> child node of the document or when the root node has a signature AND 
> some child node of the document has a signature. (Validation with xerces 
> 2.7 always comes out correct)
> 
> I believe this is something I am doing wrong, possibly in some kind of 
> setup but I can't pin point anything out of the ordinary, from debug 
> output I am getting from the xmlsec-c side the various details about the 
> reference such as the transform type and targetted URI seem to be in order.
> 
> Any suggestions on why I might be seeing this issue would be much 
> appreciated. For reference I am using OpenSSL 0.9.8b, with no xalan 
> support on Linux. I have also tried the RC2 of 3.1 with the same results 
> as above. Please let me know if any other detail may be useful in 
> diagnosing this and thanks in advance for your time.
> 
> regards,
> Bradley
> 
> 
>  For example:
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>         <ds:SignedInfo>
>             <ds:CanonicalizationMethod
>                 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
>             <ds:SignatureMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>             <ds:Reference URI="#_12345-67890">
>                 <ds:Transforms>
>                     <ds:Transform 
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
>                 </ds:Transforms>
>                 <ds:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>                 
> <ds:DigestValue>p8iH5++jws3fFbJ6ry7j97JmazI=</ds:DigestValue>
>             </ds:Reference>
>         </ds:SignedInfo>
>         <ds:SignatureValue>
>          
> ZttbWswqnKdRMKb4OEChYeANHzpc+g9iX35iiVdigvPoOn0Hug8EwPXWT1GZgDSNfjbtAV47P2AO 
> 
>          
> jDM/dKlFB6wPqadsofi4sXYvvRU2uFWoKcNf8Y3t1hoFsjlx/s/G28pnIm7tJ4Qt+xUE51cPv2XA 
> 
>             T2iIWSVRHypCFUejWlY=
>         </ds:SignatureValue>
>         <ds:KeyInfo>
>             <ds:KeyName>myrsakey</ds:KeyName>
>         </ds:KeyInfo>
>     </ds:Signature>

Mime
View raw message