santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Gurkan Erdogdu <gurkanerdo...@yahoo.com>
Subject Sign Verification Problem
Date Wed, 03 Aug 2011 14:55:04 GMT
Hello ,

This is my first message to the list and please warn me if this post is not the correct place.

My client has signed the XML document and sent it to our server. But, we are not able to verify
the signature. Below snippet shows some part of  non-signed XML:

<?xml version="1.0" encoding="UTF-8"?>
<Invoice
    xmlns:cac="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2"
    xmlns:cbc="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2"
    xmlns:udt="urn:un:unece:uncefact:data:specification:UnqualifiedDataTypesSchemaModule:2"
    xmlns:ccts="urn:un:unece:uncefact:documentation:2"
    xmlns:ext="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2"
    xmlns:qdt="urn:oasis:names:specification:ubl:schema:xsd:QualifiedDatatypes-2"
    xmlns:ubltr="urn:oasis:names:specification:ubl:schema:xsd:TurkishCustomizationExtensionComponents"
    xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
    xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" xmlns="urn:oasis:names:specification:ubl:schema:xsd:Invoice-2">
    <ext:UBLExtensions>
        <ext:UBLExtension>
            <ext:ExtensionContent/>
        </ext:UBLExtension>
    </ext:UBLExtensions>

  ... Other Parts    

</Invoice>


When above document is signed by the client system,  <ds:Signature Id="Signature_GIB2011000000049">
<ds:SignedInfo Id="SignedInfo_GIB2011000000049">.....<xades:SignedProperties>.....</.....> 
signature  information is put in to the <ExtensionContent> element.

When XML Signature try to get Canonicalize the XML with Canonicalizer20010315ExclWithComments,
it incorrectly writes "  <ext:ExtensionContent/>" as "  <ext:ExtensionContent><ext:ExtensionContent/>"
and adds <Invoice> element all namespaces into the <xades:SignedProperties>
element attributes. Therefore verification is failed because of having different digest values.

Is there any configuration to resolve this issue?

Thanks;

Gurkan
Mime
View raw message