Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 50257 invoked from network); 1 Feb 2007 18:15:37 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 1 Feb 2007 18:15:37 -0000 Received: (qmail 10560 invoked by uid 500); 1 Feb 2007 18:15:42 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 10542 invoked by uid 500); 1 Feb 2007 18:15:42 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 10531 invoked by uid 99); 1 Feb 2007 18:15:42 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Feb 2007 10:15:42 -0800 X-ASF-Spam-Status: No, hits=2.9 required=10.0 tests=HTML_10_20,HTML_MESSAGE X-Spam-Check-By: apache.org Received-SPF: neutral (herse.apache.org: local policy) Received: from [64.233.182.191] (HELO nf-out-0910.google.com) (64.233.182.191) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 01 Feb 2007 10:15:32 -0800 Received: by nf-out-0910.google.com with SMTP id c31so1763601nfb for ; Thu, 01 Feb 2007 10:15:10 -0800 (PST) Received: by 10.48.254.1 with SMTP id b1mr4865396nfi.1170353710062; Thu, 01 Feb 2007 10:15:10 -0800 (PST) Received: from ?10.1.1.10? ( [91.92.1.2]) by mx.google.com with ESMTP id 59sm3751011ugf.2007.02.01.10.15.07; Thu, 01 Feb 2007 10:15:09 -0800 (PST) Message-ID: <45C22E29.50404@space-comm.com> Date: Thu, 01 Feb 2007 20:15:05 +0200 From: Miroslav Nachev Organization: COSMOS Software Enterprises, Ltd. User-Agent: Thunderbird 1.5.0.9 (Windows/20061207) MIME-Version: 1.0 To: security-dev@xml.apache.org Subject: Re: Invalid Reference Signature when I try to refer some XMLObject element References: <45C0A9BF.6090708@space-comm.com> <45C0E66C.4070807@Sun.COM> <45C107E6.50202@Sun.COM> <45C20BFC.7020902@space-comm.com> <45C20DD6.3030705@Sun.COM> <45C216E7.2030608@space-comm.com> In-Reply-To: <45C216E7.2030608@space-comm.com> Content-Type: multipart/mixed; boundary="------------010809030403070709050702" X-Virus-Checked: Checked by ClamAV on apache.org This is a multi-part message in MIME format. --------------010809030403070709050702 Content-Type: multipart/alternative; boundary="------------050901010603070009030304" --------------050901010603070009030304 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Dear Sean, Why during validation JSR 105 takes "xmlns:xsd" attribute in case that this attribute is not set explicit to this element? This attribute is set explicit to the parent of this element. And why this is not happen during signing? How to set JSR 105 to take the same attributes in both processing: signing and validation? Best Regards, Miroslav Nachev Miroslav Nachev wrote: > This is very strange because *"xmlns:xsd"* attribute is missing during > signing? Actually this attribute exists in the Element. > > Sign: > 2007-2-1 18:20:56 org.jcp.xml.dsig.internal.DigesterOutputStream write > Id="L1.S1-SignedProperties"> > > 2007-02-01T18:20:56+0200 > Miroslav > Nachev > > > > Verify: > 2007-2-1 18:23:34 org.jcp.xml.dsig.internal.DigesterOutputStream write > xmlns:xsd="http://uri.etsi.org/01903/v1.3.2#" > Id="L1.S1-SignedProperties"> > > 2007-02-01T18:20:56+0200 > Miroslav > Nachev > > > > > Sean Mullan wrote: >> I'm sorry but I don't have the time to debug your problem. However, >> looking at the log file, the validation failure occurs because of this: >> >> > FINER: Pre-digested input: >> > 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write >> > FINER: > xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" >> xmlns:xsd="http://uri.etsi.org/01903/v1.3.2#" >> Id="L1.S1-SignedProperties">2007-02-01T17:36:05+0200> Id="2" Username="miro">Miroslav >> Nachev >> >> > 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate >> > FINE: Expected digest: hWzwrP7ScWa4ri2YeONAgjI9ZGI= >> > 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate >> > FINE: Actual digest: TlwlgnfCzrjdI0MhaBROwgTHvSI= >> >> You'll need to figure out why the digest is different. One way to do >> this is to also turn on debugging when *generating* the signature, >> and then carefully compare the Pre-digested input to the above to see >> what is different. >> >> --Sean >> >> Miroslav Nachev wrote: >>> Dear Sean, >>> >>> Please find the attached log file. The problem reference is >>> "L1.S1-SignedProperties". >>> Do you have any suggestions how to solve this problem/bug? >>> >>> >>> Best Regards, >>> Miroslav Nachev >>> >>> >>> Sean Mullan wrote: >>>> Miroslav Nachev wrote: >>>>> I will try your suggestions tomorrow, but I am not sure that this >>>>> is the problem. Before to quit from the office I found that the >>>>> digest value for this reference is different calculated for >>>>> Signing and Validation. >>>>> >>>>> The stack trace from Exception is missing because any exception is >>>>> not thrown. The boolean value "false" is returned for whole >>>>> signature. Then I check each time individually and see that the >>>>> problem is in this reference again without exception. Only "false" >>>>> value is returned. >>>>> >>>>> Because of the above I think that the digest algorithm for Signing >>>>> and Validation is different. And because the only difference are >>>>> both Namespaces in one element, I think that this is the real >>>>> problem. >>>> >>>> Try enabling logging support and inspect what is being digested >>>> when signing and when validating. You should be able to precisely >>>> narrow down the problem (it is probably namespace related). I >>>> assume you are using JSR 105 from our previous correspondences. See >>>> this blog for more info on enabling the logging: >>>> >>>> http://weblogs.java.net/blog/mullan/archive/2006/02/more_xml_signat_1.html >>>> >>>> >>>> --Sean >>>> >>>> >>> >>> >>> ------------------------------------------------------------------------ >>> >>> >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal >>> FINE: Marshalling Reference >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal >>> FINE: Adding digestValueElem >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal >>> FINE: Marshalling Reference >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal >>> FINE: Adding digestValueElem >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal >>> FINE: Marshalling Reference >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal >>> FINE: Adding digestValueElem >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP >>> engineCanResolve >>> FINE: quick fail for empty URIs and local ones >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment >>> engineCanResolve >>> FINE: State I can resolve reference: "#DOC1" >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.IdResolver >>> getElementByIdType >>> FINE: getElementByIdType() Search for ID DOC1 >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.IdResolver >>> getElementByIdUsingDOM >>> FINE: getElementByIdUsingDOM() Search for ID DOC1 >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment >>> engineResolve >>> FINE: Try to catch an Element with ID DOC1 and Element was >>> [DataFile: null] >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference >>> dereference >>> FINE: URIDereferencer class name: >>> org.jcp.xml.dsig.internal.dom.DOMURIDereferencer >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference >>> dereference >>> FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write >>> FINER: Pre-digested input: >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write >>> FINER: >> ContentType="compressed_base64" >>> LastModified="2004-05-25T12:34:04+0300" >>> Size="43">AUTOEXEC.BAT>> Id="CONT1">H4sIAAAAAAAAAAt2DVHw8Y338XR29Qt2jXfz9HG1dbaKcctJrfDxjfHJTE7NK07VS0ks4eUCAKAs >>> >>> 3rgrAAAA >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest >>> FINE: Reference object uri = #DOC1 >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest >>> FINE: Reference digesting completed >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP >>> engineCanResolve >>> FINE: quick fail for empty URIs and local ones >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment >>> engineCanResolve >>> FINE: State I can resolve reference: "#L1.S1-SignedProperties" >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.IdResolver >>> getElementByIdType >>> FINE: getElementByIdType() Search for ID L1.S1-SignedProperties >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.IdResolver >>> getElementByIdUsingDOM >>> FINE: getElementByIdUsingDOM() Search for ID L1.S1-SignedProperties >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment >>> engineResolve >>> FINE: Try to catch an Element with ID L1.S1-SignedProperties and >>> Element was [xsd:SignedProperties: null] >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference >>> dereference >>> FINE: URIDereferencer class name: >>> org.jcp.xml.dsig.internal.dom.DOMURIDereferencer >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference >>> dereference >>> FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write >>> FINER: Pre-digested input: >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write >>> FINER: >> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" >>> Id="L1.S1-SignedProperties">2007-02-01T17:36:05+0200>> Id="2" Username="miro">Miroslav >>> Nachev >>> >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest >>> FINE: Reference object uri = #L1.S1-SignedProperties >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest >>> FINE: Reference digesting completed >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP >>> engineCanResolve >>> FINE: quick fail for empty URIs and local ones >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment >>> engineCanResolve >>> FINE: State I can resolve reference: "#L1.S1-KeyInfo" >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.IdResolver >>> getElementByIdType >>> FINE: getElementByIdType() Search for ID L1.S1-KeyInfo >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.IdResolver >>> getElementById >>> FINE: I could find an Element using the simple getElementByIdType >>> method: dsig:KeyInfo >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment >>> engineResolve >>> FINE: Try to catch an Element with ID L1.S1-KeyInfo and Element was >>> [dsig:KeyInfo: null] >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference >>> dereference >>> FINE: URIDereferencer class name: >>> org.jcp.xml.dsig.internal.dom.DOMURIDereferencer >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference >>> dereference >>> FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write >>> FINER: Pre-digested input: >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write >>> FINER: >> Id="L1.S1-KeyInfo">MIIDNTCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCQkcxEzARBgNVBAgT >>> >>> ClNvZmlhIGNpdHkxKDAmBgNVBAoTH0NPU01PUyBTb2Z0d2FyZSBFbnRlcnByaXNlcyBMdGQxDDAK >>> >>> BgNVBAsUA1ImRDEYMBYGA1UEAxMPTWlyb3NsYXYgTmFjaGV2MSQwIgYJKoZIhvcNAQkBFhVjb3Nt >>> >>> b3NAc3BhY2UtY29tbS5jb20wHhcNMDYxMDI2MTQxNjA0WhcNMDcxMDI2MTQxNjA0WjCBqDELMAkG >>> >>> A1UEBhMCQkcxEzARBgNVBAgTClNvZmlhIGNpdHkxDjAMBgNVBAcTBVNvZmlhMSgwJgYDVQQKEx9D >>> >>> >>> T1NNT1MgU29mdHdhcmUgRW50ZXJwcmlzZXMgTHRkMQwwCgYDVQQLFANSJkQxGDAWBgNVBAMTD01p >>> >>> cm9zbGF2IE5hY2hldjEiMCAGCSqGSIb3DQEJARYTbWlyb0BzcGFjZS1jb21tLmNvbTCBnzANBgkq >>> >>> hkiG9w0BAQEFAAOBjQAwgYkCgYEA73lnjI4W3kv3ZkdoJhQPe4Vm18Ngad6QaDEyQHBlPPOR0mlP >>> >>> iLxLBChEX/bs4xnHP4PcrC8ZFJ0gw+3uRJ323dcJzMo6BOmTWAUvkxigVOMCTuu3ZDLaMzi5QZiI >>> >>> oQazA4cv87uQfIftQtlqCcrTJcAvEQdLrRXhrubO5lCqTYkCAwEAAaN7MHkwCQYDVR0TBAIwADAs >>> >>> BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ0S >>> >>> ik14AEvA+rNYpNza4zeQDe4WMB8GA1UdIwQYMBaAFMENbK6a7aOPlnS6tQEG1a/z2mQzMA0GCSqG >>> >>> SIb3DQEBBQUAA4GBAJsvALenpOOvnJ/1q4z76KT3xZotesbNn9OWbeDzYCoQhAlm1EILCi/o2u6Q >>> >>> hrWskEwfRKkm/DfhsbSj15roAq24967DYKP/yzAqrLs7XrkxAghOgRtK/mzzhIfEoycbapaoIZjE >>> >>> oGLfdXzU8LkpJr5lvhOjCAJxC/O59UP/sXE5 >>> >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest >>> FINE: Reference object uri = #L1.S1-KeyInfo >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest >>> FINE: Reference digesting completed >>> 2007-2-1 17:36:05 >>> org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod sign >>> FINE: Signature provider:SunPKCS11-Siemens-HiPath version 1.6 >>> 2007-2-1 17:36:05 >>> org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod sign >>> FINE: Signing with key: SunPKCS11-Siemens-HiPath RSA private key, >>> 1024 bits (id 124128880, token object, sensitive, unextractable) >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.transforms.Transform >>> FINE: Create URI >>> "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" class >>> "class >>> com.sun.org.apache.xml.internal.security.transforms.implementations.TransformC14NWithComments" >>> >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.transforms.Transform >>> FINE: The NodeList is [dsig:CanonicalizationMethod: null] >>> 2007-2-1 17:36:05 >>> com.sun.org.apache.xml.internal.security.utils.ElementProxy setElement >>> FINE: setElement(dsig:CanonicalizationMethod, "null" >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer >>> transform >>> FINE: Created transform for algorithm: >>> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer >>> transform >>> FINE: isNodeSet() = true >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMSignedInfo >>> canonicalize >>> FINE: Canonicalized SignedInfo: >>> >> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments">>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1">>> URI="#DOC1">>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">5L9KuDZI/6zj2kb9oP8RipkcYwc=>> Type="http://uri.etsi.org/01903#SignedProperties" >>> URI="#L1.S1-SignedProperties">>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">hWzwrP7ScWa4ri2YeONAgjI9ZGI=>> URI="#L1.S1-KeyInfo">>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">g+LVdhRueJWcGkqiM48X1/TjOTk=>> >> n! >>> fo> >>> 2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMSignedInfo >>> canonicalize >>> FINE: Data to be >>> signed/verified:PGRzaWc6U2lnbmVkSW5mbyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3ht >>> >>> bGRzaWcjIj48ZHNpZzpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3 >>> >>> dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIj48L2Rz >>> >>> aWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZD48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGht >>> >>> PSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvZHNpZzpTaWdu >>> >>> YXR1cmVNZXRob2Q+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0RPQzEiPjxkc2lnOkRpZ2VzdE1ldGhv >>> >>> ZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIj48L2Rz >>> >>> aWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPjVMOUt1RFpJLzZ6ajJrYjlvUDhSaXBr >>> >>> Y1l3Yz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48ZHNpZzpSZWZlcmVuY2Ug >>> >>> VHlwZT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMyNTaWduZWRQcm9wZXJ0aWVzIiBVUkk9IiNM >>> >>> MS5TMS1TaWduZWRQcm9wZXJ0aWVzIj48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRw >>> >>> Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9kc2lnOkRpZ2VzdE1ldGhvZD48 >>> >>> ZHNpZzpEaWdlc3RWYWx1ZT5oV3p3clA3U2NXYTRyaTJZZU9OQWdqSTlaR0k9PC9kc2lnOkRpZ2Vz >>> >>> dFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0wxLlMxLUtleUlu >>> >>> Zm8iPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv >>> >>> MDkveG1sZHNpZyNzaGExIj48L2RzaWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPmcr >>> >>> TFZkaFJ1ZUpXY0drcWlNNDhYMS9Uak9Uaz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVy >>> >>> ZW5jZT48L2RzaWc6U2lnbmVkSW5mbz4= >>> 2007-2-1 17:36:06 org.jcp.xml.dsig.internal.dom.DOMXMLSignature sign >>> FINE: SignatureValue = [B@1efbbb1 >>> 2007-2-1 17:36:18 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:18 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP >>> engineCanResolve >>> FINE: quick fail for empty URIs and local ones >>> 2007-2-1 17:36:18 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:18 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:18 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment >>> engineCanResolve >>> FINE: State I can resolve reference: "#DOC1" >>> 2007-2-1 17:36:18 >>> com.sun.org.apache.xml.internal.security.utils.IdResolver >>> getElementByIdType >>> FINE: getElementByIdType() Search for ID DOC1 >>> 2007-2-1 17:36:18 >>> com.sun.org.apache.xml.internal.security.utils.IdResolver >>> getElementByIdUsingDOM >>> FINE: getElementByIdUsingDOM() Search for ID DOC1 >>> 2007-2-1 17:36:18 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment >>> engineResolve >>> FINE: Try to catch an Element with ID DOC1 and Element was >>> [DataFile: null] >>> 2007-2-1 17:36:18 org.jcp.xml.dsig.internal.dom.DOMReference >>> dereference >>> FINE: URIDereferencer class name: >>> org.jcp.xml.dsig.internal.dom.DOMURIDereferencer >>> 2007-2-1 17:36:18 org.jcp.xml.dsig.internal.dom.DOMReference >>> dereference >>> FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData >>> 2007-2-1 17:36:18 org.jcp.xml.dsig.internal.DigesterOutputStream write >>> FINER: Pre-digested input: >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write >>> FINER: >> ContentType="compressed_base64" >>> LastModified="2004-05-25T12:34:04+0300" >>> Size="43">AUTOEXEC.BAT>> Id="CONT1">H4sIAAAAAAAAAAt2DVHw8Y338XR29Qt2jXfz9HG1dbaKcctJrfDxjfHJTE7NK07VS0ks4eUCAKAs >>> >>> 3rgrAAAA >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate >>> FINE: Expected digest: 5L9KuDZI/6zj2kb9oP8RipkcYwc= >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate >>> FINE: Actual digest: 5L9KuDZI/6zj2kb9oP8RipkcYwc= >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMXMLSignature >>> validate >>> FINE: Reference[#DOC1] is valid: true >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP >>> engineCanResolve >>> FINE: quick fail for empty URIs and local ones >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment >>> engineCanResolve >>> FINE: State I can resolve reference: "#L1.S1-SignedProperties" >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.IdResolver >>> getElementByIdType >>> FINE: getElementByIdType() Search for ID L1.S1-SignedProperties >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.IdResolver >>> getElementByIdUsingDOM >>> FINE: getElementByIdUsingDOM() Search for ID L1.S1-SignedProperties >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment >>> engineResolve >>> FINE: Try to catch an Element with ID L1.S1-SignedProperties and >>> Element was [xsd:SignedProperties: null] >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference >>> dereference >>> FINE: URIDereferencer class name: >>> org.jcp.xml.dsig.internal.dom.DOMURIDereferencer >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference >>> dereference >>> FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write >>> FINER: Pre-digested input: >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write >>> FINER: >> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" >>> xmlns:xsd="http://uri.etsi.org/01903/v1.3.2#" >>> Id="L1.S1-SignedProperties">2007-02-01T17:36:05+0200>> Id="2" Username="miro">Miroslav >>> Nachev >>> >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate >>> FINE: Expected digest: hWzwrP7ScWa4ri2YeONAgjI9ZGI= >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate >>> FINE: Actual digest: TlwlgnfCzrjdI0MhaBROwgTHvSI= >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMXMLSignature >>> validate >>> FINE: Reference[#L1.S1-SignedProperties] is valid: false >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMXMLSignature >>> validate >>> FINE: Couldn't validate the References >>> 2007-2-1 17:36:19 >>> org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod verify >>> FINE: Signature provider:SunRsaSign version 1.5 >>> 2007-2-1 17:36:19 >>> org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod verify >>> FINE: verifying with key: Sun RSA public key, 1024 bits >>> modulus: >>> 168164527555608136888830022857056132023036777656418518049464251253737723792048985548139271763061864520875701968328564748366237424723155092944235075765817478111725643802025622853273984978027240469613154811874843038396779307309442362407952606871051501808113074993835124868184526839845834261024714072735447928201 >>> >>> public exponent: 65537 >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.transforms.Transform >>> FINE: Create URI >>> "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" class >>> "class >>> com.sun.org.apache.xml.internal.security.transforms.implementations.TransformC14NWithComments" >>> >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.transforms.Transform >>> FINE: The NodeList is [dsig:CanonicalizationMethod: null] >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.ElementProxy setElement >>> FINE: setElement(dsig:CanonicalizationMethod, "null" >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer >>> transform >>> FINE: Created transform for algorithm: >>> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer >>> transform >>> FINE: isNodeSet() = true >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMSignedInfo >>> canonicalize >>> FINE: Canonicalized SignedInfo: >>> >> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments">>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1">>> URI="#DOC1">>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">5L9KuDZI/6zj2kb9oP8RipkcYwc=>> Type="http://uri.etsi.org/01903#SignedProperties" >>> URI="#L1.S1-SignedProperties">>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">hWzwrP7ScWa4ri2YeONAgjI9ZGI=>> URI="#L1.S1-KeyInfo">>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">g+LVdhRueJWcGkqiM48X1/TjOTk=>> >> n! >>> fo> >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMSignedInfo >>> canonicalize >>> FINE: Data to be >>> signed/verified:PGRzaWc6U2lnbmVkSW5mbyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3ht >>> >>> bGRzaWcjIj48ZHNpZzpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3 >>> >>> dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIj48L2Rz >>> >>> aWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZD48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGht >>> >>> PSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvZHNpZzpTaWdu >>> >>> YXR1cmVNZXRob2Q+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0RPQzEiPjxkc2lnOkRpZ2VzdE1ldGhv >>> >>> ZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIj48L2Rz >>> >>> aWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPjVMOUt1RFpJLzZ6ajJrYjlvUDhSaXBr >>> >>> Y1l3Yz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48ZHNpZzpSZWZlcmVuY2Ug >>> >>> VHlwZT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMyNTaWduZWRQcm9wZXJ0aWVzIiBVUkk9IiNM >>> >>> MS5TMS1TaWduZWRQcm9wZXJ0aWVzIj48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRw >>> >>> Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9kc2lnOkRpZ2VzdE1ldGhvZD48 >>> >>> ZHNpZzpEaWdlc3RWYWx1ZT5oV3p3clA3U2NXYTRyaTJZZU9OQWdqSTlaR0k9PC9kc2lnOkRpZ2Vz >>> >>> dFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0wxLlMxLUtleUlu >>> >>> Zm8iPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv >>> >>> MDkveG1sZHNpZyNzaGExIj48L2RzaWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPmcr >>> >>> TFZkaFJ1ZUpXY0drcWlNNDhYMS9Uak9Uaz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVy >>> >>> ZW5jZT48L2RzaWc6U2lnbmVkSW5mbz4= >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP >>> engineCanResolve >>> FINE: quick fail for empty URIs and local ones >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> getInstance >>> FINE: check resolvability by class >>> com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver >>> >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment >>> engineCanResolve >>> FINE: State I can resolve reference: "#L1.S1-KeyInfo" >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.IdResolver >>> getElementByIdType >>> FINE: getElementByIdType() Search for ID L1.S1-KeyInfo >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.IdResolver >>> getElementByIdUsingDOM >>> FINE: getElementByIdUsingDOM() Search for ID L1.S1-KeyInfo >>> 2007-2-1 17:36:19 >>> com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment >>> engineResolve >>> FINE: Try to catch an Element with ID L1.S1-KeyInfo and Element was >>> [dsig:KeyInfo: null] >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference >>> dereference >>> FINE: URIDereferencer class name: >>> org.jcp.xml.dsig.internal.dom.DOMURIDereferencer >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference >>> dereference >>> FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write >>> FINER: Pre-digested input: >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write >>> FINER: >> Id="L1.S1-KeyInfo">MIIDNTCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCQkcxEzARBgNVBAgT >>> >>> ClNvZmlhIGNpdHkxKDAmBgNVBAoTH0NPU01PUyBTb2Z0d2FyZSBFbnRlcnByaXNlcyBMdGQxDDAK >>> >>> BgNVBAsUA1ImRDEYMBYGA1UEAxMPTWlyb3NsYXYgTmFjaGV2MSQwIgYJKoZIhvcNAQkBFhVjb3Nt >>> >>> b3NAc3BhY2UtY29tbS5jb20wHhcNMDYxMDI2MTQxNjA0WhcNMDcxMDI2MTQxNjA0WjCBqDELMAkG >>> >>> A1UEBhMCQkcxEzARBgNVBAgTClNvZmlhIGNpdHkxDjAMBgNVBAcTBVNvZmlhMSgwJgYDVQQKEx9D >>> >>> T1NNT1MgU29mdHdhcmUgRW50ZXJwcmlzZXMgTHRkMQwwCgYDVQQLFANSJkQxGDAWBgNVBAMTD01p >>> >>> cm9zbGF2IE5hY2hldjEiMCAGCSqGSIb3DQEJARYTbWlyb0BzcGFjZS1jb21tLmNvbTCBnzANBgkq >>> >>> hkiG9w0BAQEFAAOBjQAwgYkCgYEA73lnjI4W3kv3ZkdoJhQPe4Vm18Ngad6QaDEyQHBlPPOR0mlP >>> >>> iLxLBChEX/bs4xnHP4PcrC8ZFJ0gw+3uRJ323dcJzMo6BOmTWAUvkxigVOMCTuu3ZDLaMzi5QZiI >>> >>> oQazA4cv87uQfIftQtlqCcrTJcAvEQdLrRXhrubO5lCqTYkCAwEAAaN7MHkwCQYDVR0TBAIwADAs >>> >>> BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ0S >>> >>> ik14AEvA+rNYpNza4zeQDe4WMB8GA1UdIwQYMBaAFMENbK6a7aOPlnS6tQEG1a/z2mQzMA0GCSqG >>> >>> SIb3DQEBBQUAA4GBAJsvALenpOOvnJ/1q4z76KT3xZotesbNn9OWbeDzYCoQhAlm1EILCi/o2u6Q >>> >>> hrWskEwfRKkm/DfhsbSj15roAq24967DYKP/yzAqrLs7XrkxAghOgRtK/mzzhIfEoycbapaoIZjE >>> >>> oGLfdXzU8LkpJr5lvhOjCAJxC/O59UP/sXE5 >>> >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate >>> FINE: Expected digest: g+LVdhRueJWcGkqiM48X1/TjOTk= >>> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate >>> FINE: Actual digest: g+LVdhRueJWcGkqiM48X1/TjOTk= >>> BUILD SUCCESSFUL (total time: 1 minute 34 seconds) >> >> > --------------050901010603070009030304 Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Dear Sean,

Why during validation JSR 105 takes "xmlns:xsd" attribute in case that this attribute is not set explicit to this element? This attribute is set explicit to the parent of this element. And why this is not happen during signing?
How to set JSR 105 to take the same attributes in both processing: signing and validation?


Best Regards,
Miroslav Nachev

Miroslav Nachev wrote:
This is very strange because "xmlns:xsd" attribute is missing during signing? Actually this attribute exists in the Element.

Sign:
2007-2-1 18:20:56 org.jcp.xml.dsig.internal.DigesterOutputStream write
<xsd:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
                      Id="L1.S1-SignedProperties">
  <xsd:SignedSignatureProperties>
    <xsd:SigningTime>2007-02-01T18:20:56+0200</xsd:SigningTime>
    <xsd:SignerDetails Id="2" Username="miro">Miroslav Nachev</xsd:SignerDetails>
  </xsd:SignedSignatureProperties>
</xsd:SignedProperties>

Verify:
2007-2-1 18:23:34 org.jcp.xml.dsig.internal.DigesterOutputStream write
<xsd:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
                      xmlns:xsd="http://uri.etsi.org/01903/v1.3.2#"
                      Id="L1.S1-SignedProperties">
  <xsd:SignedSignatureProperties>
    <xsd:SigningTime>2007-02-01T18:20:56+0200</xsd:SigningTime>
    <xsd:SignerDetails Id="2" Username="miro">Miroslav Nachev</xsd:SignerDetails>
  </xsd:SignedSignatureProperties>
</xsd:SignedProperties>


Sean Mullan wrote:
I'm sorry but I don't have the time to debug your problem. However, looking at the log file, the validation failure occurs because of this:

> FINER: Pre-digested input:
> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write
> FINER: <xsd:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://uri.etsi.org/01903/v1.3.2#" Id="L1.S1-SignedProperties"><xsd:SignedSignatureProperties><xsd:SigningTime>2007-02-01T17:36:05+0200</xsd:SigningTime><xsd:SignerDetails Id="2" Username="miro">Miroslav Nachev</xsd:SignerDetails></xsd:SignedSignatureProperties></xsd:SignedProperties>
> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
> FINE: Expected digest: hWzwrP7ScWa4ri2YeONAgjI9ZGI=
> 2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
> FINE: Actual digest: TlwlgnfCzrjdI0MhaBROwgTHvSI=

You'll need to figure out why the digest is different. One way to do this is to also turn on debugging when *generating* the signature, and then carefully compare the Pre-digested input to the above to see what is different.

--Sean

Miroslav Nachev wrote:
Dear Sean,

Please find the attached log file. The problem reference is "L1.S1-SignedProperties".
Do you have any suggestions how to solve this problem/bug?


Best Regards,
Miroslav Nachev


Sean Mullan wrote:
Miroslav Nachev wrote:
I will try your suggestions tomorrow, but I am not sure that this is the problem. Before to quit from the office I found that the digest value for this reference is different calculated for Signing and Validation.

The stack trace from Exception is missing because any exception is not thrown. The boolean value "false" is returned for whole signature. Then I check each time individually and see that the problem is in this reference again without exception. Only "false" value is returned.

Because of the above I think that the digest algorithm for Signing and Validation is different. And because the only difference are both Namespaces in one element, I think that this is the real problem.

Try enabling logging support and inspect what is being digested when signing and when validating. You should be able to precisely narrow down the problem (it is probably namespace related). I assume you are using JSR 105 from our previous correspondences. See this blog for more info on enabling the logging:

http://weblogs.java.net/blog/mullan/archive/2006/02/more_xml_signat_1.html

--Sean




------------------------------------------------------------------------

2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal
FINE: Marshalling Reference
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal
FINE: Adding digestValueElem
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal
FINE: Marshalling Reference
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal
FINE: Adding digestValueElem
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal
FINE: Marshalling Reference
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference marshal
FINE: Adding digestValueElem
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve
FINE: quick fail for empty URIs and local ones
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineCanResolve
FINE: State I can resolve reference: "#DOC1"
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdType
FINE: getElementByIdType() Search for ID DOC1
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdUsingDOM
FINE: getElementByIdUsingDOM() Search for ID DOC1
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineResolve
FINE: Try to catch an Element with ID DOC1 and Element was [DataFile: null]
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: Pre-digested input:
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <DataFile Id="DOC1"><FileAttributtes ContentType="compressed_base64" LastModified="2004-05-25T12:34:04+0300" Size="43"><FileName>AUTOEXEC.BAT</FileName></FileAttributtes><Content Id="CONT1">H4sIAAAAAAAAAAt2DVHw8Y338XR29Qt2jXfz9HG1dbaKcctJrfDxjfHJTE7NK07VS0ks4eUCAKAs
3rgrAAAA</Content></DataFile>
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference object uri = #DOC1
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference digesting completed
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve
FINE: quick fail for empty URIs and local ones
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineCanResolve
FINE: State I can resolve reference: "#L1.S1-SignedProperties"
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdType
FINE: getElementByIdType() Search for ID L1.S1-SignedProperties
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdUsingDOM
FINE: getElementByIdUsingDOM() Search for ID L1.S1-SignedProperties
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineResolve
FINE: Try to catch an Element with ID L1.S1-SignedProperties and Element was [xsd:SignedProperties: null]
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: Pre-digested input:
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <xsd:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="L1.S1-SignedProperties"><xsd:SignedSignatureProperties><xsd:SigningTime>2007-02-01T17:36:05+0200</xsd:SigningTime><xsd:SignerDetails Id="2" Username="miro">Miroslav Nachev</xsd:SignerDetails></xsd:SignedSignatureProperties></xsd:SignedProperties>
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference object uri = #L1.S1-SignedProperties
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference digesting completed
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve
FINE: quick fail for empty URIs and local ones
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineCanResolve
FINE: State I can resolve reference: "#L1.S1-KeyInfo"
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdType
FINE: getElementByIdType() Search for ID L1.S1-KeyInfo
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementById
FINE: I could find an Element using the simple getElementByIdType method: dsig:KeyInfo
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineResolve
FINE: Try to catch an Element with ID L1.S1-KeyInfo and Element was [dsig:KeyInfo: null]
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: Pre-digested input:
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="L1.S1-KeyInfo"><dsig:X509Data><dsig:X509Certificate>MIIDNTCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCQkcxEzARBgNVBAgT
ClNvZmlhIGNpdHkxKDAmBgNVBAoTH0NPU01PUyBTb2Z0d2FyZSBFbnRlcnByaXNlcyBMdGQxDDAK
BgNVBAsUA1ImRDEYMBYGA1UEAxMPTWlyb3NsYXYgTmFjaGV2MSQwIgYJKoZIhvcNAQkBFhVjb3Nt
b3NAc3BhY2UtY29tbS5jb20wHhcNMDYxMDI2MTQxNjA0WhcNMDcxMDI2MTQxNjA0WjCBqDELMAkG
A1UEBhMCQkcxEzARBgNVBAgTClNvZmlhIGNpdHkxDjAMBgNVBAcTBVNvZmlhMSgwJgYDVQQKEx9D

T1NNT1MgU29mdHdhcmUgRW50ZXJwcmlzZXMgTHRkMQwwCgYDVQQLFANSJkQxGDAWBgNVBAMTD01p
cm9zbGF2IE5hY2hldjEiMCAGCSqGSIb3DQEJARYTbWlyb0BzcGFjZS1jb21tLmNvbTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA73lnjI4W3kv3ZkdoJhQPe4Vm18Ngad6QaDEyQHBlPPOR0mlP
iLxLBChEX/bs4xnHP4PcrC8ZFJ0gw+3uRJ323dcJzMo6BOmTWAUvkxigVOMCTuu3ZDLaMzi5QZiI
oQazA4cv87uQfIftQtlqCcrTJcAvEQdLrRXhrubO5lCqTYkCAwEAAaN7MHkwCQYDVR0TBAIwADAs
BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ0S
ik14AEvA+rNYpNza4zeQDe4WMB8GA1UdIwQYMBaAFMENbK6a7aOPlnS6tQEG1a/z2mQzMA0GCSqG
SIb3DQEBBQUAA4GBAJsvALenpOOvnJ/1q4z76KT3xZotesbNn9OWbeDzYCoQhAlm1EILCi/o2u6Q
hrWskEwfRKkm/DfhsbSj15roAq24967DYKP/yzAqrLs7XrkxAghOgRtK/mzzhIfEoycbapaoIZjE
oGLfdXzU8LkpJr5lvhOjCAJxC/O59UP/sXE5</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference object uri = #L1.S1-KeyInfo
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMReference digest
FINE: Reference digesting completed
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod sign
FINE: Signature provider:SunPKCS11-Siemens-HiPath version 1.6
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod sign
FINE: Signing with key: SunPKCS11-Siemens-HiPath RSA private key, 1024 bits (id 124128880, token object, sensitive, unextractable)
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.transforms.Transform <init>
FINE: Create URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" class "class com.sun.org.apache.xml.internal.security.transforms.implementations.TransformC14NWithComments"
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.transforms.Transform <init>
FINE: The NodeList is [dsig:CanonicalizationMethod: null]
2007-2-1 17:36:05 com.sun.org.apache.xml.internal.security.utils.ElementProxy setElement
FINE: setElement(dsig:CanonicalizationMethod, "null"
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform
FINE: Created transform for algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform
FINE: isNodeSet() = true
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMSignedInfo canonicalize
FINE: Canonicalized SignedInfo:
<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></dsig:CanonicalizationMethod><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></dsig:SignatureMethod><dsig:Reference URI="#DOC1"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>5L9KuDZI/6zj2kb9oP8RipkcYwc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#L1.S1-SignedProperties"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>hWzwrP7ScWa4ri2YeONAgjI9ZGI=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#L1.S1-KeyInfo"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>g+LVdhRueJWcGkqiM48X1/TjOTk=</dsig:DigestValue></dsig:Reference></dsig:SignedI
n!
 fo>
2007-2-1 17:36:05 org.jcp.xml.dsig.internal.dom.DOMSignedInfo canonicalize
FINE: Data to be signed/verified:PGRzaWc6U2lnbmVkSW5mbyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3ht
bGRzaWcjIj48ZHNpZzpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3
dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIj48L2Rz
aWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZD48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGht
PSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvZHNpZzpTaWdu
YXR1cmVNZXRob2Q+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0RPQzEiPjxkc2lnOkRpZ2VzdE1ldGhv
ZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIj48L2Rz
aWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPjVMOUt1RFpJLzZ6ajJrYjlvUDhSaXBr
Y1l3Yz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48ZHNpZzpSZWZlcmVuY2Ug
VHlwZT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMyNTaWduZWRQcm9wZXJ0aWVzIiBVUkk9IiNM
MS5TMS1TaWduZWRQcm9wZXJ0aWVzIj48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRw
Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9kc2lnOkRpZ2VzdE1ldGhvZD48
ZHNpZzpEaWdlc3RWYWx1ZT5oV3p3clA3U2NXYTRyaTJZZU9OQWdqSTlaR0k9PC9kc2lnOkRpZ2Vz
dFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0wxLlMxLUtleUlu
Zm8iPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv
MDkveG1sZHNpZyNzaGExIj48L2RzaWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPmcr
TFZkaFJ1ZUpXY0drcWlNNDhYMS9Uak9Uaz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVy
ZW5jZT48L2RzaWc6U2lnbmVkSW5mbz4=
2007-2-1 17:36:06 org.jcp.xml.dsig.internal.dom.DOMXMLSignature sign
FINE: SignatureValue = [B@1efbbb1
2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve
FINE: quick fail for empty URIs and local ones
2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineCanResolve
FINE: State I can resolve reference: "#DOC1"
2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdType
FINE: getElementByIdType() Search for ID DOC1
2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdUsingDOM
FINE: getElementByIdUsingDOM() Search for ID DOC1
2007-2-1 17:36:18 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineResolve
FINE: Try to catch an Element with ID DOC1 and Element was [DataFile: null]
2007-2-1 17:36:18 org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
2007-2-1 17:36:18 org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
2007-2-1 17:36:18 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: Pre-digested input:
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <DataFile Id="DOC1"><FileAttributtes ContentType="compressed_base64" LastModified="2004-05-25T12:34:04+0300" Size="43"><FileName>AUTOEXEC.BAT</FileName></FileAttributtes><Content Id="CONT1">H4sIAAAAAAAAAAt2DVHw8Y338XR29Qt2jXfz9HG1dbaKcctJrfDxjfHJTE7NK07VS0ks4eUCAKAs
3rgrAAAA</Content></DataFile>
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Expected digest: 5L9KuDZI/6zj2kb9oP8RipkcYwc=
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Actual digest: 5L9KuDZI/6zj2kb9oP8RipkcYwc=
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
FINE: Reference[#DOC1] is valid: true
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve
FINE: quick fail for empty URIs and local ones
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineCanResolve
FINE: State I can resolve reference: "#L1.S1-SignedProperties"
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdType
FINE: getElementByIdType() Search for ID L1.S1-SignedProperties
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdUsingDOM
FINE: getElementByIdUsingDOM() Search for ID L1.S1-SignedProperties
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineResolve
FINE: Try to catch an Element with ID L1.S1-SignedProperties and Element was [xsd:SignedProperties: null]
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: Pre-digested input:
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <xsd:SignedProperties xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:xsd="http://uri.etsi.org/01903/v1.3.2#" Id="L1.S1-SignedProperties"><xsd:SignedSignatureProperties><xsd:SigningTime>2007-02-01T17:36:05+0200</xsd:SigningTime><xsd:SignerDetails Id="2" Username="miro">Miroslav Nachev</xsd:SignerDetails></xsd:SignedSignatureProperties></xsd:SignedProperties>
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Expected digest: hWzwrP7ScWa4ri2YeONAgjI9ZGI=
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Actual digest: TlwlgnfCzrjdI0MhaBROwgTHvSI=
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
FINE: Reference[#L1.S1-SignedProperties] is valid: false
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMXMLSignature validate
FINE: Couldn't validate the References
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod verify
FINE: Signature provider:SunRsaSign version 1.5
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMRSASignatureMethod verify
FINE: verifying with key: Sun RSA public key, 1024 bits
  modulus: 168164527555608136888830022857056132023036777656418518049464251253737723792048985548139271763061864520875701968328564748366237424723155092944235075765817478111725643802025622853273984978027240469613154811874843038396779307309442362407952606871051501808113074993835124868184526839845834261024714072735447928201
  public exponent: 65537
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.transforms.Transform <init>
FINE: Create URI "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" class "class com.sun.org.apache.xml.internal.security.transforms.implementations.TransformC14NWithComments"
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.transforms.Transform <init>
FINE: The NodeList is [dsig:CanonicalizationMethod: null]
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.ElementProxy setElement
FINE: setElement(dsig:CanonicalizationMethod, "null"
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform
FINE: Created transform for algorithm: http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.ApacheCanonicalizer transform
FINE: isNodeSet() = true
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMSignedInfo canonicalize
FINE: Canonicalized SignedInfo:
<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></dsig:CanonicalizationMethod><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></dsig:SignatureMethod><dsig:Reference URI="#DOC1"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>5L9KuDZI/6zj2kb9oP8RipkcYwc=</dsig:DigestValue></dsig:Reference><dsig:Reference Type="http://uri.etsi.org/01903#SignedProperties" URI="#L1.S1-SignedProperties"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>hWzwrP7ScWa4ri2YeONAgjI9ZGI=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#L1.S1-KeyInfo"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>g+LVdhRueJWcGkqiM48X1/TjOTk=</dsig:DigestValue></dsig:Reference></dsig:SignedI
n!
 fo>
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMSignedInfo canonicalize
FINE: Data to be signed/verified:PGRzaWc6U2lnbmVkSW5mbyB4bWxuczpkc2lnPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3ht
bGRzaWcjIj48ZHNpZzpDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3
dy53My5vcmcvVFIvMjAwMS9SRUMteG1sLWMxNG4tMjAwMTAzMTUjV2l0aENvbW1lbnRzIj48L2Rz
aWc6Q2Fub25pY2FsaXphdGlvbk1ldGhvZD48ZHNpZzpTaWduYXR1cmVNZXRob2QgQWxnb3JpdGht
PSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjcnNhLXNoYTEiPjwvZHNpZzpTaWdu
YXR1cmVNZXRob2Q+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0RPQzEiPjxkc2lnOkRpZ2VzdE1ldGhv
ZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNzaGExIj48L2Rz
aWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPjVMOUt1RFpJLzZ6ajJrYjlvUDhSaXBr
Y1l3Yz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVyZW5jZT48ZHNpZzpSZWZlcmVuY2Ug
VHlwZT0iaHR0cDovL3VyaS5ldHNpLm9yZy8wMTkwMyNTaWduZWRQcm9wZXJ0aWVzIiBVUkk9IiNM
MS5TMS1TaWduZWRQcm9wZXJ0aWVzIj48ZHNpZzpEaWdlc3RNZXRob2QgQWxnb3JpdGhtPSJodHRw
Oi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjc2hhMSI+PC9kc2lnOkRpZ2VzdE1ldGhvZD48
ZHNpZzpEaWdlc3RWYWx1ZT5oV3p3clA3U2NXYTRyaTJZZU9OQWdqSTlaR0k9PC9kc2lnOkRpZ2Vz
dFZhbHVlPjwvZHNpZzpSZWZlcmVuY2U+PGRzaWc6UmVmZXJlbmNlIFVSST0iI0wxLlMxLUtleUlu
Zm8iPjxkc2lnOkRpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAv
MDkveG1sZHNpZyNzaGExIj48L2RzaWc6RGlnZXN0TWV0aG9kPjxkc2lnOkRpZ2VzdFZhbHVlPmcr
TFZkaFJ1ZUpXY0drcWlNNDhYMS9Uak9Uaz08L2RzaWc6RGlnZXN0VmFsdWU+PC9kc2lnOlJlZmVy
ZW5jZT48L2RzaWc6U2lnbmVkSW5mbz4=
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverDirectHTTP engineCanResolve
FINE: quick fail for empty URIs and local ones
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver getInstance
FINE: check resolvability by class com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolver
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineCanResolve
FINE: State I can resolve reference: "#L1.S1-KeyInfo"
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdType
FINE: getElementByIdType() Search for ID L1.S1-KeyInfo
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.IdResolver getElementByIdUsingDOM
FINE: getElementByIdUsingDOM() Search for ID L1.S1-KeyInfo
2007-2-1 17:36:19 com.sun.org.apache.xml.internal.security.utils.resolver.implementations.ResolverFragment engineResolve
FINE: Try to catch an Element with ID L1.S1-KeyInfo and Element was [dsig:KeyInfo: null]
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: URIDereferencer class name: org.jcp.xml.dsig.internal.dom.DOMURIDereferencer
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference dereference
FINE: Data class name: org.jcp.xml.dsig.internal.dom.ApacheNodeSetData
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: Pre-digested input:
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.DigesterOutputStream write
FINER: <dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="L1.S1-KeyInfo"><dsig:X509Data><dsig:X509Certificate>MIIDNTCCAp6gAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmjELMAkGA1UEBhMCQkcxEzARBgNVBAgT
ClNvZmlhIGNpdHkxKDAmBgNVBAoTH0NPU01PUyBTb2Z0d2FyZSBFbnRlcnByaXNlcyBMdGQxDDAK
BgNVBAsUA1ImRDEYMBYGA1UEAxMPTWlyb3NsYXYgTmFjaGV2MSQwIgYJKoZIhvcNAQkBFhVjb3Nt
b3NAc3BhY2UtY29tbS5jb20wHhcNMDYxMDI2MTQxNjA0WhcNMDcxMDI2MTQxNjA0WjCBqDELMAkG
A1UEBhMCQkcxEzARBgNVBAgTClNvZmlhIGNpdHkxDjAMBgNVBAcTBVNvZmlhMSgwJgYDVQQKEx9D
T1NNT1MgU29mdHdhcmUgRW50ZXJwcmlzZXMgTHRkMQwwCgYDVQQLFANSJkQxGDAWBgNVBAMTD01p
cm9zbGF2IE5hY2hldjEiMCAGCSqGSIb3DQEJARYTbWlyb0BzcGFjZS1jb21tLmNvbTCBnzANBgkq
hkiG9w0BAQEFAAOBjQAwgYkCgYEA73lnjI4W3kv3ZkdoJhQPe4Vm18Ngad6QaDEyQHBlPPOR0mlP
iLxLBChEX/bs4xnHP4PcrC8ZFJ0gw+3uRJ323dcJzMo6BOmTWAUvkxigVOMCTuu3ZDLaMzi5QZiI
oQazA4cv87uQfIftQtlqCcrTJcAvEQdLrRXhrubO5lCqTYkCAwEAAaN7MHkwCQYDVR0TBAIwADAs
BglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFJ0S
ik14AEvA+rNYpNza4zeQDe4WMB8GA1UdIwQYMBaAFMENbK6a7aOPlnS6tQEG1a/z2mQzMA0GCSqG
SIb3DQEBBQUAA4GBAJsvALenpOOvnJ/1q4z76KT3xZotesbNn9OWbeDzYCoQhAlm1EILCi/o2u6Q
hrWskEwfRKkm/DfhsbSj15roAq24967DYKP/yzAqrLs7XrkxAghOgRtK/mzzhIfEoycbapaoIZjE
oGLfdXzU8LkpJr5lvhOjCAJxC/O59UP/sXE5</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo>
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Expected digest: g+LVdhRueJWcGkqiM48X1/TjOTk=
2007-2-1 17:36:19 org.jcp.xml.dsig.internal.dom.DOMReference validate
FINE: Actual digest: g+LVdhRueJWcGkqiM48X1/TjOTk=
BUILD SUCCESSFUL (total time: 1 minute 34 seconds)




--------------050901010603070009030304-- --------------010809030403070709050702 Content-Type: text/x-vcard; charset=utf-8; name="miro.vcf" Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename="miro.vcf" begin:vcard fn:Miroslav Nachev n:Nachev;Miroslav org:COSMOS Software Enterprises, Ltd. adr:"Preki pat" str., No. 16, kv. Pavlovo;;ap. 3, fl. 1, entr. A,;Sofia;;1618;Bulgaria email;internet:miro@space-comm.com tel;work:(+359-2) 856-19-43 tel;cell:(+359-88) 897-31-95 url:http://www.space-comm.com version:2.1 end:vcard --------------010809030403070709050702--