santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Luc Cooke <jlco...@certainkey.com>
Subject Microsoft Office12 Postmark will not verify
Date Wed, 21 Feb 2007 19:37:47 GMT
Hello team,

I tried to verify the following XML file (not a root'd web cert, sorry):
  https://216.191.58.251/apache-xmlsec-help/Word-plugin-signature.xml

Using the org.apache.xml.security.samples.signature.VerifySignature class that is found in
src_samples directory and got this:

java -cp .:../libs/xmlsec-1.3.0.jar:../libs/xalan.jar:../libs/commons-logging.jar org.apache.xml.security.samples.signature.VerifySignature
Word-plugin-signature.xml
Try to verify file:Word-plugin-signature.xml
Could find a X509Data element in the KeyInfo
Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#idPackageObject"
Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify
INFO: Verification successful for URI "#idOfficeObject"
Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify
WARNING: Verification failed for URI "#idsigInvalidImage"
Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Reference verify
WARNING: Verification failed for URI "#idsigValidImage"
The XML signature in file file:/home/jlcooke/crypt_map/sc_data/sc/xmlsec/2007-02-21/Word-plugin-signature.xml
is invalid !!!!! (bad)
Object=

It is clear the two Objects "#idsigInvalidImage" "#idsigValidImage" are failing.

I have two questions:
 1) How can I pragmatically find out why the signature failed verification?
    From what I can see the only way is to look at the log4j output.
 2) Passing the XML file above into Aleksey's xmlsec1 app it passes.  What's
    different?

Thanks

JLC

Mime
View raw message