santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raul Benito" <r...@apache.org>
Subject Re: Microsoft Office12 Postmark will not verify
Date Mon, 26 Feb 2007 16:33:18 GMT
Hi Jean-Luc,

I will try to take a look to the issue, but can you send us the document and
the code you are using?
And thanks for telling.


Regards,

Raul,



On 2/26/07, Jean-Luc Cooke <jlcooke@certainkey.com> wrote:
>
> To help things along,
>
> Here's the output from Aleksey's tool.  Notice how it verifies
> "#idsigInvalidImage" and "#idsigValidImage" but ApacheXMLSec cannot.
> The overall signature status fails with Aleksey's tool, but that's not
> what I'm focusing on.
>
> Is the fact that ApacheXMLSec cannot verify idsigInvalidImage and
> idsigValidImage a bug?
>
> JLC
>
> On Mon, Feb 26, 2007 at 09:54:15AM -0500, Jean-Luc Cooke wrote:
> > Sorry to ping here.
> >
> > Can anyone point me in the direction of "If this a bug with Apache
> XMLSec?"
> >
> > I'd really exect the evil empire of Microsoft and Apache to
> interoperate.
> >
> > JLC
> >
> > On Wed, Feb 21, 2007 at 02:37:47PM -0500, Jean-Luc Cooke wrote:
> > > Hello team,
> > >
> > > I tried to verify the following XML file (not a root'd web cert,
> sorry):
> > >   https://216.191.58.251/apache-xmlsec-help/Word-plugin-signature.xml
> > >
> > > Using the org.apache.xml.security.samples.signature.VerifySignatureclass that
is found in src_samples directory and got this:
> > >
> > > java -cp .:../libs/xmlsec-
> 1.3.0.jar:../libs/xalan.jar:../libs/commons-logging.jar
> org.apache.xml.security.samples.signature.VerifySignature
> Word-plugin-signature.xml
> > > Try to verify file:Word-plugin-signature.xml
> > > Could find a X509Data element in the KeyInfo
> > > Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Referenceverify
> > > INFO: Verification successful for URI "#idPackageObject"
> > > Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Referenceverify
> > > INFO: Verification successful for URI "#idOfficeObject"
> > > Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Referenceverify
> > > WARNING: Verification failed for URI "#idsigInvalidImage"
> > > Feb 21, 2007 2:20:17 PM org.apache.xml.security.signature.Referenceverify
> > > WARNING: Verification failed for URI "#idsigValidImage"
> > > The XML signature in file
> file:/home/jlcooke/crypt_map/sc_data/sc/xmlsec/2007-02-21/Word-
> plugin-signature.xml is invalid !!!!! (bad)
> > > Object=
> > >
> > > It is clear the two Objects "#idsigInvalidImage" "#idsigValidImage"
> are failing.
> > >
> > > I have two questions:
> > >  1) How can I pragmatically find out why the signature failed
> verification?
> > >     From what I can see the only way is to look at the log4j output.
> > >  2) Passing the XML file above into Aleksey's xmlsec1 app it
> passes.  What's
> > >     different?
> > >
> > > Thanks
> > >
> > > JLC
>
>


-- 
http://r-bg.com

Mime
View raw message