santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Miroslav Nachev <m...@space-comm.com>
Subject Re: Invalid Reference Signature when I try to refer some XMLObject element
Date Sat, 03 Feb 2007 13:34:24 GMT
Dear Lijin,

Thank you for the suggestion. I try to add but without success. Maybe I 
will need of help. Can you send me some source code where to see how to 
add this to the reference?

Thank you in advance.


Best Regards,
Miroslav Nachev


Lijun Liao wrote:
>   <dsig:Reference Type="...#SignedProperties 
> <http://uri.etsi.org/01903/v1.3.2#SignedProperties>" 
> URI="#L1.S1-SignedProperties">
>      <dsig:DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>      <dsig:DigestValue>...</dsig:DigestValue>
>    </dsig:Reference>
> Try add the EXC-C14N to the reference.
>
> On 2/3/07, * Miroslav Nachev* <miro@space-comm.com 
> <mailto:miro@space-comm.com>> wrote:
>
>     Dear Sean,
>
>     Because after writing the Document to the file using
>         "XMLUtils.outputDOMc14nWithComments(node, outStream)",
>     the document structure is correct. Is it possible to use some kind of
>     transformations/canonicalization to have the same correct structure
>     before to sign the data?
>
>
>     Best Regards,
>     Miroslav Nachev
>
>     Miroslav Nachev wrote:
>     > Dear Sean,
>     >
>     > When starting the attached Java file (test case) you will see the
>     > following result:
>     >
>     > The document from memory is: Valid
>     > The document from file is: Invalid
>     >
>     >
>     > Best Regards,
>     > Miroslav Nachev
>     >
>     >
>     >
>     > Sean Mullan wrote:
>     >> Miroslav Nachev wrote:
>     >>> Dear Sean,
>     >>>
>     >>> Why during validation JSR 105 takes "xmlns:xsd" attribute in case
>     >>> that this attribute is not set explicit to this element? This
>     >>> attribute is set explicit to the parent of this element. And why
>     >>> this is not happen during signing?
>     >>
>     >> It could be a bug, but I can't really tell without running your
>     code.
>     >> When you create your QualifyingProperties element, do you
>     explicitly
>     >> set the xsd namespace attribute with the Element.setAttributeNS
>     method?
>     >>
>     >> I would recommend you file a bug and attach a test case that we can
>     >> run to reproduce the problem.
>     >>
>     >> Thanks,
>     >> Sean
>     >>
>     >>> How to set JSR 105 to take the same attributes in both processing:
>     >>> signing and validation?
>     >>>
>     >>>
>     >>> Best Regards,
>     >>> Miroslav Nachev
>     >>>
>     >>> Miroslav Nachev wrote:
>     >>>> This is very strange because *"xmlns:xsd"* attribute is missing
>     >>>> during signing? Actually this attribute exists in the Element.
>     >>>>
>     >>>> Sign:
>     >>>> 2007-2-1 18:20:56
>     org.jcp.xml.dsig.internal.DigesterOutputStream write
>     >>>> <xsd:SignedProperties xmlns:dsig="
>     http://www.w3.org/2000/09/xmldsig#"
>     >>>>                       Id="L1.S1-SignedProperties">
>     >>>>   <xsd:SignedSignatureProperties>
>     >>>>     <xsd:SigningTime>2007-02-01T18:20:56+0200</xsd:SigningTime>
>     >>>>     <xsd:SignerDetails Id="2" Username="miro">Miroslav
>     >>>> Nachev</xsd:SignerDetails>
>     >>>>   </xsd:SignedSignatureProperties>
>     >>>> </xsd:SignedProperties>
>     >>>>
>     >>>> Verify:
>     >>>> 2007-2-1 18:23:34
>     org.jcp.xml.dsig.internal.DigesterOutputStream write
>     >>>> <xsd:SignedProperties xmlns:dsig="
>     http://www.w3.org/2000/09/xmldsig#"
>     >>>>                      
>     xmlns:xsd="http://uri.etsi.org/01903/v1.3.2#"
>     >>>>                       Id=" L1.S1-SignedProperties">
>     >>>>   <xsd:SignedSignatureProperties>
>     >>>>     <xsd:SigningTime>2007-02-01T18:20:56+0200</xsd:SigningTime>
>     >>>>     <xsd:SignerDetails Id="2" Username="miro">Miroslav
>     >>>> Nachev</xsd:SignerDetails>
>     >>>>   </xsd:SignedSignatureProperties>
>     >>>> </xsd:SignedProperties>
>     >>>>
>     >>>>
>     >>>> Sean Mullan wrote:
>     >>>>> I'm sorry but I don't have the time to debug your problem.
>     >>>>> However, looking at the log file, the validation failure occurs
>     >>>>> because of this:
>     >>>>>
>     >>>>> > FINER: Pre-digested input:
>     >>>>> > 2007-2-1 17:36:19
>     org.jcp.xml.dsig.internal.DigesterOutputStream
>     >>>>> write
>     >>>>> > FINER: <xsd:SignedProperties
>     >>>>> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
>     >>>>> xmlns:xsd="http://uri.etsi.org/01903/v1.3.2#
>     <http://uri.etsi.org/01903/v1.3.2#>"
>     >>>>>
>     Id="L1.S1-SignedProperties"><xsd:SignedSignatureProperties><xsd:SigningTime>2007-02-01T17:36:05+0200</xsd:SigningTime><xsd:SignerDetails
>     >>>>> Id="2" Username="miro">Miroslav
>     >>>>>
>     Nachev</xsd:SignerDetails></xsd:SignedSignatureProperties></xsd:SignedProperties>
>     >>>>>
>     >>>>> > 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>> validate
>     >>>>> > FINE: Expected digest: hWzwrP7ScWa4ri2YeONAgjI9ZGI=
>     >>>>> > 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>> validate
>     >>>>> > FINE: Actual digest: TlwlgnfCzrjdI0MhaBROwgTHvSI=
>     >>>>>
>     >>>>> You'll need to figure out why the digest is different. One
>     way to
>     >>>>> do this is to also turn on debugging when *generating* the
>     >>>>> signature, and then carefully compare the Pre-digested input to
>     >>>>> the above to see what is different.
>     >>>>>
>     >>>>> --Sean
>     >>>>>
>     >>>>> Miroslav Nachev wrote:
>     >>>>>> Dear Sean,
>     >>>>>>
>     >>>>>> Please find the attached log file. The problem reference is
>     >>>>>> " L1.S1-SignedProperties".
>     >>>>>> Do you have any suggestions how to solve this problem/bug?
>     >>>>>>
>     >>>>>>
>     >>>>>> Best Regards,
>     >>>>>> Miroslav Nachev
>     >>>>>>
>     >>>>>>
>     >>>>>> Sean Mullan wrote:
>     >>>>>>> Miroslav Nachev wrote:
>     >>>>>>>> I will try your suggestions tomorrow, but I am not sure that
>     >>>>>>>> this is the problem. Before to quit from the office I found
>     >>>>>>>> that the digest value for this reference is different
>     >>>>>>>> calculated for Signing and Validation.
>     >>>>>>>>
>     >>>>>>>> The stack trace from Exception is missing because any
>     exception
>     >>>>>>>> is not thrown. The boolean value "false" is returned for
>     whole
>     >>>>>>>> signature. Then I check each time individually and see
>     that the
>     >>>>>>>> problem is in this reference again without exception. Only
>     >>>>>>>> "false" value is returned.
>     >>>>>>>>
>     >>>>>>>> Because of the above I think that the digest algorithm for
>     >>>>>>>> Signing and Validation is different. And because the only
>     >>>>>>>> difference are both Namespaces in one element, I think that
>     >>>>>>>> this is the real problem.
>     >>>>>>>
>     >>>>>>> Try enabling logging support and inspect what is being
>     digested
>     >>>>>>> when signing and when validating. You should be able to
>     >>>>>>> precisely narrow down the problem (it is probably namespace
>     >>>>>>> related). I assume you are using JSR 105 from our previous
>     >>>>>>> correspondences. See this blog for more info on enabling the
>     >>>>>>> logging:
>     >>>>>>>
>     >>>>>>>
>     http://weblogs.java.net/blog/mullan/archive/2006/02/more_xml_signat_1.html
>     >>>>>>>
>     >>>>>>>
>     >>>>>>> --Sean
>     >>>>>>>
>     >>>>>>>
>     >>>>>>
>     >>>>>>
>     >>>>>>
>     ------------------------------------------------------------------------
>     >>>>>>
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.dom.DOMReference marshal
>     >>>>>> FINE: Marshalling Reference
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.dom.DOMReference marshal
>     >>>>>> FINE: Adding digestValueElem
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.dom.DOMReference marshal
>     >>>>>> FINE: Marshalling Reference
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.dom.DOMReference marshal
>     >>>>>> FINE: Adding digestValueElem
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.dom.DOMReference marshal
>     >>>>>> FINE: Marshalling Reference
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.dom.DOMReference marshal
>     >>>>>> FINE: Adding digestValueElem
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP
>     >>>>>> engineCanResolve
>     >>>>>> FINE: quick fail for empty URIs and local ones
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
>
>     >>>>>> engineCanResolve
>     >>>>>> FINE: State I can resolve reference: "#DOC1"
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.IdResolver
>     >>>>>> getElementByIdType
>     >>>>>> FINE: getElementByIdType() Search for ID DOC1
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.IdResolver
>     >>>>>> getElementByIdUsingDOM
>     >>>>>> FINE: getElementByIdUsingDOM() Search for ID DOC1
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
>
>     >>>>>> engineResolve
>     >>>>>> FINE: Try to catch an Element with ID DOC1 and Element was
>     >>>>>> [DataFile: null]
>     >>>>>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> dereference
>     >>>>>> FINE: URIDereferencer class name:
>     >>>>>> org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
>     >>>>>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> dereference
>     >>>>>> FINE: Data class name:
>     >>>>>> org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.DigesterOutputStream
>     >>>>>> write
>     >>>>>> FINER: Pre-digested input:
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.DigesterOutputStream
>     >>>>>> write
>     >>>>>> FINER: <DataFile Id="DOC1"><FileAttributtes
>     >>>>>> ContentType="compressed_base64"
>     >>>>>> LastModified="2004-05-25T12:34:04+0300"
>     >>>>>>
>     Size="43"><FileName>AUTOEXEC.BAT</FileName></FileAttributtes><Content
>     >>>>>>
>     Id="CONT1">H4sIAAAAAAAAAAt2DVHw8Y338XR29Qt2jXfz9HG1dbaKcctJrfDxjfHJTE7NK07VS0ks4eUCAKAs
>
>     >>>>>>
>     >>>>>> 3rgrAAAA</Content></DataFile>
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.dom.DOMReference digest
>     >>>>>> FINE: Reference object uri = #DOC1
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.dom.DOMReference digest
>     >>>>>> FINE: Reference digesting completed
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP
>     >>>>>> engineCanResolve
>     >>>>>> FINE: quick fail for empty URIs and local ones
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
>
>     >>>>>> engineCanResolve
>     >>>>>> FINE: State I can resolve reference: "#L1.S1-SignedProperties"
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.IdResolver
>     >>>>>> getElementByIdType
>     >>>>>> FINE: getElementByIdType() Search for ID L1.S1-SignedProperties
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.IdResolver
>     >>>>>> getElementByIdUsingDOM
>     >>>>>> FINE: getElementByIdUsingDOM() Search for ID
>     L1.S1-SignedProperties
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
>     >>>>>> engineResolve
>     >>>>>> FINE: Try to catch an Element with ID
>     L1.S1-SignedProperties and
>     >>>>>> Element was [xsd:SignedProperties: null]
>     >>>>>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> dereference
>     >>>>>> FINE: URIDereferencer class name:
>     >>>>>> org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
>     >>>>>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> dereference
>     >>>>>> FINE: Data class name:
>     >>>>>> org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.DigesterOutputStream
>     >>>>>> write
>     >>>>>> FINER: Pre-digested input:
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.DigesterOutputStream
>     >>>>>> write
>     >>>>>> FINER: <xsd:SignedProperties
>     >>>>>> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
>     >>>>>>
>     Id="L1.S1-SignedProperties"><xsd:SignedSignatureProperties><xsd:SigningTime>2007-02-01T17:36:05+0200</xsd:SigningTime><xsd:SignerDetails
>
>     >>>>>> Id="2" Username="miro">Miroslav
>     >>>>>>
>     Nachev</xsd:SignerDetails></xsd:SignedSignatureProperties></xsd:SignedProperties>
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.dom.DOMReference digest
>     >>>>>> FINE: Reference object uri = #L1.S1-SignedProperties
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.dom.DOMReference digest
>     >>>>>> FINE: Reference digesting completed
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP
>     >>>>>> engineCanResolve
>     >>>>>> FINE: quick fail for empty URIs and local ones
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
>     >>>>>> engineCanResolve
>     >>>>>> FINE: State I can resolve reference: "#L1.S1-KeyInfo"
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.IdResolver
>     >>>>>> getElementByIdType
>     >>>>>> FINE: getElementByIdType() Search for ID L1.S1-KeyInfo
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.IdResolver
>     >>>>>> getElementById
>     >>>>>> FINE: I could find an Element using the simple
>     getElementByIdType
>     >>>>>> method: dsig:KeyInfo
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
>     >>>>>> engineResolve
>     >>>>>> FINE: Try to catch an Element with ID L1.S1-KeyInfo and Element
>     >>>>>> was [dsig:KeyInfo: null]
>     >>>>>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> dereference
>     >>>>>> FINE: URIDereferencer class name:
>     >>>>>> org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
>     >>>>>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> dereference
>     >>>>>> FINE: Data class name:
>     >>>>>> org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.DigesterOutputStream
>     >>>>>> write
>     >>>>>> FINER: Pre-digested input:
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.DigesterOutputStream
>     >>>>>> write
>     >>>>>> FINER: <dsig:KeyInfo
>     >>>>>> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
>     >>>>>>
>     Id="L1.S1-KeyInfo"><dsig:X509Data><dsig:X509Certificate>MIIDNTCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCQkcxEzARBgNVBAgT
>     >>>>>>
>     >>>>>>
>     ClNvZmlhIGNpdHkxKDAmBgNVBAoTH0NPU01PUyBTb2Z0d2FyZSBFbnRlcnByaXNlcyBMdGQxDDAK
>
>     >>>>>>
>     >>>>>>
>     BgNVBAsUA1ImRDEYMBYGA1UEAxMPTWlyb3NsYXYgTmFjaGV2MSQwIgYJKoZIhvcNAQkBFhVjb3Nt
>     >>>>>>
>     >>>>>>
>     b3NAc3BhY2UtY29tbS5jb20wHhcNMDYxMDI2MTQxNjA0WhcNMDcxMDI2MTQxNjA0WjCBqDELMAkG
>
>     >>>>>>
>     >>>>>>
>     A1UEBhMCQkcxEzARBgNVBAgTClNvZmlhIGNpdHkxDjAMBgNVBAcTBVNvZmlhMSgwJgYDVQQKEx9D
>     >>>>>>
>     >>>>>>
>     >>>>>>
>     T1NNT1MgU29mdHdhcmUgRW50ZXJwcmlzZXMgTHRkMQwwCgYDVQQLFANSJkQxGDAWBgNVBAMTD01p
>
>     >>>>>>
>     >>>>>>
>     cm9zbGF2IE5hY2hldjEiMCAGCSqGSIb3DQEJARYTbWlyb0BzcGFjZS1jb21tLmNvbTCBnzANBgkq
>     >>>>>>
>     >>>>>>
>     hkiG9w0BAQEFAAOBjQAwgYkCgYEA73lnjI4W3kv3ZkdoJhQPe4Vm18Ngad6QaDEyQHBlPPOR0mlP
>
>     >>>>>>
>     >>>>>>
>     iLxLBChEX/bs4xnHP4PcrC8ZFJ0gw+3uRJ323dcJzMo6BOmTWAUvkxigVOMCTuu3ZDLaMzi5QZiI
>     >>>>>>
>     >>>>>>
>     oQazA4cv87uQfIftQtlqCcrTJcAvEQdLrRXhrubO5lCqTYkCAwEAAaN7MHkwCQYDVR0TBAIwADAs
>
>     >>>>>>
>     >>>>>>
>     BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ0S
>     >>>>>>
>     >>>>>>
>     ik14AEvA+rNYpNza4zeQDe4WMB8GA1UdIwQYMBaAFMENbK6a7aOPlnS6tQEG1a/z2mQzMA0GCSqG
>
>     >>>>>>
>     >>>>>>
>     SIb3DQEBBQUAA4GBAJsvALenpOOvnJ/1q4z76KT3xZotesbNn9OWbeDzYCoQhAlm1EILCi/o2u6Q
>     >>>>>>
>     >>>>>>
>     hrWskEwfRKkm/DfhsbSj15roAq24967DYKP/yzAqrLs7XrkxAghOgRtK/mzzhIfEoycbapaoIZjE
>
>     >>>>>>
>     >>>>>>
>     oGLfdXzU8LkpJr5lvhOjCAJxC/O59UP/sXE5</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.dom.DOMReference digest
>     >>>>>> FINE: Reference object uri = #L1.S1-KeyInfo
>     >>>>>> 2007-2-1 17:36:05
>     org.jcp.xml.dsig.internal.dom.DOMReference digest
>     >>>>>> FINE: Reference digesting completed
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>> org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod sign
>     >>>>>> FINE: Signature provider:SunPKCS11-Siemens-HiPath version 1.6
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>> org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod sign
>     >>>>>> FINE: Signing with key: SunPKCS11-Siemens-HiPath RSA
>     private key,
>     >>>>>> 1024 bits (id 124128880, token object, sensitive,
>     unextractable)
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.transforms.Transform <init>
>     >>>>>> FINE: Create URI
>     >>>>>>
>     "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
>     <http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments>"
>     >>>>>> class "class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.transforms.implementations.TransformC14NWithComments"
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.transforms.Transform <init>
>     >>>>>> FINE: The NodeList is [dsig:CanonicalizationMethod: null]
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.ElementProxy
>     >>>>>> setElement
>     >>>>>> FINE: setElement(dsig:CanonicalizationMethod, "null"
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>> org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform
>     >>>>>> FINE: Created transform for algorithm:
>     >>>>>> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
>     >>>>>> 2007-2-1 17:36:05
>     >>>>>> org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform
>     >>>>>> FINE: isNodeSet() = true
>     >>>>>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMSignedInfo
>     >>>>>> canonicalize
>     >>>>>> FINE: Canonicalized SignedInfo:
>     >>>>>> <dsig:SignedInfo
>     >>>>>>
>     xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:CanonicalizationMethod
>     >>>>>>
>     Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></dsig:CanonicalizationMethod><dsig:SignatureMethod
>
>     >>>>>>
>     Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></dsig:SignatureMethod><dsig:Reference
>     >>>>>> URI="#DOC1"><dsig:DigestMethod
>     >>>>>>
>     Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>5L9KuDZI/6zj2kb9oP8RipkcYwc=</dsig:DigestValue></dsig:Reference><dsig:Reference
>
>     >>>>>> Type="http://uri.etsi.org/01903#SignedProperties"
>     >>>>>> URI="#L1.S1-SignedProperties"><dsig:DigestMethod
>     >>>>>>
>     Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>hWzwrP7ScWa4ri2YeONAgjI9ZGI=</dsig:DigestValue></dsig:Reference><dsig:Reference
>
>     >>>>>> URI="#L1.S1-KeyInfo"><dsig:DigestMethod
>     >>>>>>
>     Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>g+LVdhRueJWcGkqiM48X1/TjOTk=</dsig:DigestValue></dsig:Reference></dsig:SignedI
>
>     >>>>>>
>     >>>>> n!
>     >>>>>>  fo>
>     >>>>>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMSignedInfo
>     >>>>>> canonicalize
>     >>>>>> FINE: Data to be
>     >>>>>>
>     signed/verified:PGRzaWc6U2lnbmVkSW5mbyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3ht
>     >>>>>>
>     >>>>>>
>     bGRzaWcjIj48ZHNpZzpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3
>
>     >>>>>>
>     >>>>>>
>     dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIj48L2Rz
>     >>>>>>
>     >>>>>>
>     aWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZD48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGht
>
>     >>>>>>
>     >>>>>>
>     PSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvZHNpZzpTaWdu
>     >>>>>>
>     >>>>>>
>     YXR1cmVNZXRob2Q+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0RPQzEiPjxkc2lnOkRpZ2VzdE1ldGhv
>
>     >>>>>>
>     >>>>>>
>     ZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIj48L2Rz
>     >>>>>>
>     >>>>>>
>     aWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPjVMOUt1RFpJLzZ6ajJrYjlvUDhSaXBr
>
>     >>>>>>
>     >>>>>>
>     Y1l3Yz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48ZHNpZzpSZWZlcmVuY2Ug
>     >>>>>>
>     >>>>>>
>     VHlwZT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMyNTaWduZWRQcm9wZXJ0aWVzIiBVUkk9IiNM
>
>     >>>>>>
>     >>>>>>
>     MS5TMS1TaWduZWRQcm9wZXJ0aWVzIj48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRw
>     >>>>>>
>     >>>>>>
>     Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9kc2lnOkRpZ2VzdE1ldGhvZD48
>
>     >>>>>>
>     >>>>>>
>     ZHNpZzpEaWdlc3RWYWx1ZT5oV3p3clA3U2NXYTRyaTJZZU9OQWdqSTlaR0k9PC9kc2lnOkRpZ2Vz
>     >>>>>>
>     >>>>>>
>     dFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0wxLlMxLUtleUlu
>
>     >>>>>>
>     >>>>>>
>     Zm8iPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv
>     >>>>>>
>     >>>>>>
>     MDkveG1sZHNpZyNzaGExIj48L2RzaWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPmcr
>
>     >>>>>>
>     >>>>>>
>     TFZkaFJ1ZUpXY0drcWlNNDhYMS9Uak9Uaz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVy
>     >>>>>>
>     >>>>>> ZW5jZT48L2RzaWc6U2lnbmVkSW5mbz4=
>     >>>>>> 2007-2-1 17:36:06
>     org.jcp.xml.dsig.internal.dom.DOMXMLSignature sign
>     >>>>>> FINE: SignatureValue = [B@1efbbb1
>     >>>>>> 2007-2-1 17:36:18
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:18
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP
>     >>>>>> engineCanResolve
>     >>>>>> FINE: quick fail for empty URIs and local ones
>     >>>>>> 2007-2-1 17:36:18
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:18
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:18
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
>
>     >>>>>> engineCanResolve
>     >>>>>> FINE: State I can resolve reference: "#DOC1"
>     >>>>>> 2007-2-1 17:36:18
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.IdResolver
>     >>>>>> getElementByIdType
>     >>>>>> FINE: getElementByIdType() Search for ID DOC1
>     >>>>>> 2007-2-1 17:36:18
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.IdResolver
>     >>>>>> getElementByIdUsingDOM
>     >>>>>> FINE: getElementByIdUsingDOM() Search for ID DOC1
>     >>>>>> 2007-2-1 17:36:18
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
>
>     >>>>>> engineResolve
>     >>>>>> FINE: Try to catch an Element with ID DOC1 and Element was
>     >>>>>> [DataFile: null]
>     >>>>>> 2007-2-1 17:36:18 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> dereference
>     >>>>>> FINE: URIDereferencer class name:
>     >>>>>> org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
>     >>>>>> 2007-2-1 17:36:18 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> dereference
>     >>>>>> FINE: Data class name:
>     >>>>>> org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
>     >>>>>> 2007-2-1 17:36:18
>     org.jcp.xml.dsig.internal.DigesterOutputStream
>     >>>>>> write
>     >>>>>> FINER: Pre-digested input:
>     >>>>>> 2007-2-1 17:36:19
>     org.jcp.xml.dsig.internal.DigesterOutputStream
>     >>>>>> write
>     >>>>>> FINER: <DataFile Id="DOC1"><FileAttributtes
>     >>>>>> ContentType="compressed_base64"
>     >>>>>> LastModified="2004-05-25T12:34:04+0300"
>     >>>>>>
>     Size="43"><FileName>AUTOEXEC.BAT</FileName></FileAttributtes><Content
>     >>>>>>
>     Id="CONT1">H4sIAAAAAAAAAAt2DVHw8Y338XR29Qt2jXfz9HG1dbaKcctJrfDxjfHJTE7NK07VS0ks4eUCAKAs
>
>     >>>>>>
>     >>>>>> 3rgrAAAA</Content></DataFile>
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> validate
>     >>>>>> FINE: Expected digest: 5L9KuDZI/6zj2kb9oP8RipkcYwc=
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> validate
>     >>>>>> FINE: Actual digest: 5L9KuDZI/6zj2kb9oP8RipkcYwc=
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMXMLSignature
>     >>>>>> validate
>     >>>>>> FINE: Reference[#DOC1] is valid: true
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP
>
>     >>>>>> engineCanResolve
>     >>>>>> FINE: quick fail for empty URIs and local ones
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
>
>     >>>>>> engineCanResolve
>     >>>>>> FINE: State I can resolve reference: "#L1.S1-SignedProperties"
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.IdResolver
>     >>>>>> getElementByIdType
>     >>>>>> FINE: getElementByIdType() Search for ID L1.S1-SignedProperties
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.IdResolver
>     >>>>>> getElementByIdUsingDOM
>     >>>>>> FINE: getElementByIdUsingDOM() Search for ID
>     L1.S1-SignedProperties
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
>     >>>>>> engineResolve
>     >>>>>> FINE: Try to catch an Element with ID
>     L1.S1-SignedProperties and
>     >>>>>> Element was [xsd:SignedProperties: null]
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> dereference
>     >>>>>> FINE: URIDereferencer class name:
>     >>>>>> org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> dereference
>     >>>>>> FINE: Data class name:
>     >>>>>> org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
>     >>>>>> 2007-2-1 17:36:19
>     org.jcp.xml.dsig.internal.DigesterOutputStream
>     >>>>>> write
>     >>>>>> FINER: Pre-digested input:
>     >>>>>> 2007-2-1 17:36:19
>     org.jcp.xml.dsig.internal.DigesterOutputStream
>     >>>>>> write
>     >>>>>> FINER: <xsd:SignedProperties
>     >>>>>> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
>     >>>>>> xmlns:xsd=" http://uri.etsi.org/01903/v1.3.2#"
>     >>>>>>
>     Id="L1.S1-SignedProperties"><xsd:SignedSignatureProperties><xsd:SigningTime>2007-02-01T17:36:05+0200</xsd:SigningTime><xsd:SignerDetails
>
>     >>>>>> Id="2" Username="miro">Miroslav
>     >>>>>>
>     Nachev</xsd:SignerDetails></xsd:SignedSignatureProperties></xsd:SignedProperties>
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> validate
>     >>>>>> FINE: Expected digest: hWzwrP7ScWa4ri2YeONAgjI9ZGI=
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> validate
>     >>>>>> FINE: Actual digest: TlwlgnfCzrjdI0MhaBROwgTHvSI=
>     >>>>>> 2007-2-1 17:36:19
>     org.jcp.xml.dsig.internal.dom.DOMXMLSignature
>     >>>>>> validate
>     >>>>>> FINE: Reference[#L1.S1-SignedProperties] is valid: false
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMXMLSignature
>     >>>>>> validate
>     >>>>>> FINE: Couldn't validate the References
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>> org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod verify
>     >>>>>> FINE: Signature provider:SunRsaSign version 1.5
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>> org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod verify
>     >>>>>> FINE: verifying with key: Sun RSA public key, 1024 bits
>     >>>>>>   modulus:
>     >>>>>>
>     168164527555608136888830022857056132023036777656418518049464251253737723792048985548139271763061864520875701968328564748366237424723155092944235075765817478111725643802025622853273984978027240469613154811874843038396779307309442362407952606871051501808113074993835124868184526839845834261024714072735447928201
>
>     >>>>>>
>     >>>>>>   public exponent: 65537
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.transforms.Transform <init>
>     >>>>>> FINE: Create URI
>     >>>>>> "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
>     >>>>>> class "class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.transforms.implementations.TransformC14NWithComments"
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.transforms.Transform <init>
>     >>>>>> FINE: The NodeList is [dsig:CanonicalizationMethod: null]
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.ElementProxy
>     >>>>>> setElement
>     >>>>>> FINE: setElement(dsig:CanonicalizationMethod, "null"
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>> org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform
>     >>>>>> FINE: Created transform for algorithm:
>     >>>>>> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>> org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform
>     >>>>>> FINE: isNodeSet() = true
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMSignedInfo
>     >>>>>> canonicalize
>     >>>>>> FINE: Canonicalized SignedInfo:
>     >>>>>> <dsig:SignedInfo
>     >>>>>>
>     xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:CanonicalizationMethod
>     >>>>>>
>     Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></dsig:CanonicalizationMethod><dsig:SignatureMethod
>
>     >>>>>>
>     Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></dsig:SignatureMethod><dsig:Reference
>     >>>>>> URI="#DOC1"><dsig:DigestMethod
>     >>>>>>
>     Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>5L9KuDZI/6zj2kb9oP8RipkcYwc=</dsig:DigestValue></dsig:Reference><dsig:Reference
>
>     >>>>>> Type="http://uri.etsi.org/01903#SignedProperties"
>     >>>>>> URI="#L1.S1-SignedProperties"><dsig:DigestMethod
>     >>>>>>
>     Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>hWzwrP7ScWa4ri2YeONAgjI9ZGI=</dsig:DigestValue></dsig:Reference><dsig:Reference
>
>     >>>>>> URI="#L1.S1-KeyInfo"><dsig:DigestMethod
>     >>>>>>
>     Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>g+LVdhRueJWcGkqiM48X1/TjOTk=</dsig:DigestValue></dsig:Reference></dsig:SignedI
>
>     >>>>>>
>     >>>>> n!
>     >>>>>>  fo>
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMSignedInfo
>     >>>>>> canonicalize
>     >>>>>> FINE: Data to be
>     >>>>>>
>     signed/verified:PGRzaWc6U2lnbmVkSW5mbyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3ht
>     >>>>>>
>     >>>>>>
>     bGRzaWcjIj48ZHNpZzpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3
>
>     >>>>>>
>     >>>>>>
>     dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIj48L2Rz
>     >>>>>>
>     >>>>>>
>     aWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZD48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGht
>
>     >>>>>>
>     >>>>>>
>     PSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvZHNpZzpTaWdu
>     >>>>>>
>     >>>>>>
>     YXR1cmVNZXRob2Q+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0RPQzEiPjxkc2lnOkRpZ2VzdE1ldGhv
>
>     >>>>>>
>     >>>>>>
>     ZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIj48L2Rz
>     >>>>>>
>     >>>>>>
>     aWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPjVMOUt1RFpJLzZ6ajJrYjlvUDhSaXBr
>
>     >>>>>>
>     >>>>>>
>     Y1l3Yz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48ZHNpZzpSZWZlcmVuY2Ug
>     >>>>>>
>     >>>>>>
>     VHlwZT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMyNTaWduZWRQcm9wZXJ0aWVzIiBVUkk9IiNM
>
>     >>>>>>
>     >>>>>>
>     MS5TMS1TaWduZWRQcm9wZXJ0aWVzIj48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRw
>     >>>>>>
>     >>>>>>
>     Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9kc2lnOkRpZ2VzdE1ldGhvZD48
>
>     >>>>>>
>     >>>>>>
>     ZHNpZzpEaWdlc3RWYWx1ZT5oV3p3clA3U2NXYTRyaTJZZU9OQWdqSTlaR0k9PC9kc2lnOkRpZ2Vz
>     >>>>>>
>     >>>>>>
>     dFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0wxLlMxLUtleUlu
>
>     >>>>>>
>     >>>>>>
>     Zm8iPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv
>     >>>>>>
>     >>>>>>
>     MDkveG1sZHNpZyNzaGExIj48L2RzaWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPmcr
>
>     >>>>>>
>     >>>>>>
>     TFZkaFJ1ZUpXY0drcWlNNDhYMS9Uak9Uaz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVy
>     >>>>>>
>     >>>>>> ZW5jZT48L2RzaWc6U2lnbmVkSW5mbz4=
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP
>
>     >>>>>> engineCanResolve
>     >>>>>> FINE: quick fail for empty URIs and local ones
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>> getInstance
>     >>>>>> FINE: check resolvability by class
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
>
>     >>>>>> engineCanResolve
>     >>>>>> FINE: State I can resolve reference: "#L1.S1-KeyInfo"
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.IdResolver
>     >>>>>> getElementByIdType
>     >>>>>> FINE: getElementByIdType() Search for ID L1.S1-KeyInfo
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>> com.sun.org.apache.xml.internal.security.utils.IdResolver
>     >>>>>> getElementByIdUsingDOM
>     >>>>>> FINE: getElementByIdUsingDOM() Search for ID L1.S1-KeyInfo
>     >>>>>> 2007-2-1 17:36:19
>     >>>>>>
>     com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment
>
>     >>>>>> engineResolve
>     >>>>>> FINE: Try to catch an Element with ID L1.S1-KeyInfo and Element
>     >>>>>> was [dsig:KeyInfo: null]
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> dereference
>     >>>>>> FINE: URIDereferencer class name:
>     >>>>>> org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> dereference
>     >>>>>> FINE: Data class name:
>     >>>>>> org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
>     >>>>>> 2007-2-1 17:36:19
>     org.jcp.xml.dsig.internal.DigesterOutputStream
>     >>>>>> write
>     >>>>>> FINER: Pre-digested input:
>     >>>>>> 2007-2-1 17:36:19
>     org.jcp.xml.dsig.internal.DigesterOutputStream
>     >>>>>> write
>     >>>>>> FINER: <dsig:KeyInfo
>     >>>>>> xmlns:dsig=" http://www.w3.org/2000/09/xmldsig#"
>     >>>>>>
>     Id="L1.S1-KeyInfo"><dsig:X509Data><dsig:X509Certificate>MIIDNTCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCQkcxEzARBgNVBAgT
>
>     >>>>>>
>     >>>>>>
>     ClNvZmlhIGNpdHkxKDAmBgNVBAoTH0NPU01PUyBTb2Z0d2FyZSBFbnRlcnByaXNlcyBMdGQxDDAK
>     >>>>>>
>     >>>>>>
>     BgNVBAsUA1ImRDEYMBYGA1UEAxMPTWlyb3NsYXYgTmFjaGV2MSQwIgYJKoZIhvcNAQkBFhVjb3Nt
>
>     >>>>>>
>     >>>>>>
>     b3NAc3BhY2UtY29tbS5jb20wHhcNMDYxMDI2MTQxNjA0WhcNMDcxMDI2MTQxNjA0WjCBqDELMAkG
>     >>>>>>
>     >>>>>>
>     A1UEBhMCQkcxEzARBgNVBAgTClNvZmlhIGNpdHkxDjAMBgNVBAcTBVNvZmlhMSgwJgYDVQQKEx9D
>
>     >>>>>>
>     >>>>>>
>     T1NNT1MgU29mdHdhcmUgRW50ZXJwcmlzZXMgTHRkMQwwCgYDVQQLFANSJkQxGDAWBgNVBAMTD01p
>     >>>>>>
>     >>>>>>
>     cm9zbGF2IE5hY2hldjEiMCAGCSqGSIb3DQEJARYTbWlyb0BzcGFjZS1jb21tLmNvbTCBnzANBgkq
>
>     >>>>>>
>     >>>>>>
>     hkiG9w0BAQEFAAOBjQAwgYkCgYEA73lnjI4W3kv3ZkdoJhQPe4Vm18Ngad6QaDEyQHBlPPOR0mlP
>     >>>>>>
>     >>>>>>
>     iLxLBChEX/bs4xnHP4PcrC8ZFJ0gw+3uRJ323dcJzMo6BOmTWAUvkxigVOMCTuu3ZDLaMzi5QZiI
>
>     >>>>>>
>     >>>>>>
>     oQazA4cv87uQfIftQtlqCcrTJcAvEQdLrRXhrubO5lCqTYkCAwEAAaN7MHkwCQYDVR0TBAIwADAs
>     >>>>>>
>     >>>>>>
>     BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ0S
>
>     >>>>>>
>     >>>>>>
>     ik14AEvA+rNYpNza4zeQDe4WMB8GA1UdIwQYMBaAFMENbK6a7aOPlnS6tQEG1a/z2mQzMA0GCSqG
>     >>>>>>
>     >>>>>>
>     SIb3DQEBBQUAA4GBAJsvALenpOOvnJ/1q4z76KT3xZotesbNn9OWbeDzYCoQhAlm1EILCi/o2u6Q
>
>     >>>>>>
>     >>>>>>
>     hrWskEwfRKkm/DfhsbSj15roAq24967DYKP/yzAqrLs7XrkxAghOgRtK/mzzhIfEoycbapaoIZjE
>     >>>>>>
>     >>>>>>
>     oGLfdXzU8LkpJr5lvhOjCAJxC/O59UP/sXE5</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
>
>     >>>>>>
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> validate
>     >>>>>> FINE: Expected digest: g+LVdhRueJWcGkqiM48X1/TjOTk=
>     >>>>>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference
>     >>>>>> validate
>     >>>>>> FINE: Actual digest: g+LVdhRueJWcGkqiM48X1/TjOTk=
>     >>>>>> BUILD SUCCESSFUL (total time: 1 minute 34 seconds)
>     >>>>>
>     >>>>>
>     >>>>
>     >>>
>     >>
>     >>
>     >
>
>
>
>
>
>
> -- 
> Lijun Liao 


Mime
View raw message