search

Ahmet-Kaplan / xades4j

Automatically exported from code.google.com/p/xades4j
GNU Lesser General Public License v3.0
0 stars 0 forks source link

Verification Problem #11

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hi;
I use xades4j for signing and verifying xml docs. It works great. 
But some xml docs cause error.
I'm signing the test.xml(attached) with xades4j with Xades-BES Enveloped type 
and produce test_signed.xml (attached).
When i try to verify testt_signed.xml, i get the error below:

10.Ağu.2011 02:21:19 org.apache.xml.security.signature.XMLSignature 
checkSignatureValue

WARNING: Signature verification failed.

10.Ağu.2011 02:21:19 org.apache.xml.security.signature.Reference verify

WARNING: Verification failed for URI 
"#xmldsig-3e3d8af1-f574-41b9-b46c-2820b10e3a13-signedprops"

10.Ağu.2011 02:21:19 org.apache.xml.security.signature.Reference verify

WARNING: Expected Digest: gmqaoyTax5U/yIxoLl74S1Bx6NM=

10.Ağu.2011 02:21:19 org.apache.xml.security.signature.Reference verify

WARNING: Actual Digest: DIWtmTAn7DSUHFsB80erN0+C7mw=

10.Ağu.2011 02:21:19 org.apache.xml.security.signature.Reference verify

WARNING: Verification failed for URI 
"#xmldsig-3e3d8af1-f574-41b9-b46c-2820b10e3a13-signedprops"

10.Ağu.2011 02:21:19 org.apache.xml.security.signature.Reference verify

WARNING: Expected Digest: gmqaoyTax5U/yIxoLl74S1Bx6NM=

10.Ağu.2011 02:21:19 org.apache.xml.security.signature.Reference verify

WARNING: Actual Digest: DIWtmTAn7DSUHFsB80erN0+C7mw=

xades4j.verification.ReferenceValueException: Reference 
'#xmldsig-3e3d8af1-f574-41b9-b46c-2820b10e3a13-signedprops' cannot be validated

    at xades4j.verification.XadesVerifierImpl.doCoreVerification(XadesVerifierImpl.java:337)

    at xades4j.verification.XadesVerifierImpl.verify(XadesVerifierImpl.java:195)

Original issue reported on code.google.com by mustafa....@gmail.com on 9 Aug 2011 at 11:39

Attachments:

GoogleCodeExporter commented 9 years ago 
Hi,

At a first glance the signature looks ok. I'll try to reproduce the issue later.

Original comment by luis.fgoncalv on 10 Aug 2011 at 8:52

GoogleCodeExporter commented 9 years ago 
I'm waiting for your comments.
Thanks again.

Original comment by mustafa....@gmail.com on 11 Aug 2011 at 10:23

GoogleCodeExporter commented 9 years ago 
I was able to sign the document and produce a signature identical to yours with 
the following code (uses helper methods on the lib test classes):

    class TestAlgsProvider extends DefaultAlgorithmsProvider
    {
        @Override
        public String getDigestAlgorithmForDataObjsReferences()
        {
            return MessageDigestAlgorithm.ALGO_ID_DIGEST_SHA1;
        }

        @Override
        public String getSignatureAlgorithm(String keyAlgorithmName) throws UnsupportedAlgorithmException
        {
            return XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1;
        }
    }

    /***************************************************************************/

        XadesBesSigningProfile profile = new XadesBesSigningProfile(keyingProviderMy);
        profile.withSignaturePropertiesProvider(new SignaturePropertiesProvider()
        {
            @Override
            public void provideProperties(SignaturePropertiesCollector signedPropsCol)
            {
                signedPropsCol.setSigningTime(new SigningTimeProperty());
                signedPropsCol.setSignerRole(new SignerRoleProperty("Test Role"));
            }
        })
        .withAlgorithmsProvider(TestAlgsProvider.class);

        Enveloped env = new Enveloped(profile.newSigner());

        Document doc = getDocument("test.xml");
        env.sign(doc.getDocumentElement());
        outputDocument(doc, "test_signed.xml");

        /***********************************************************************/

        XadesVerificationProfile verifProfile = new XadesVerificationProfile(VerifierTestBase.validationProviderMySigs);
        XadesVerifier verifier = verifProfile.newVerifier();

        doc = getDocument("test_signed.xml");
        Element signatureNode = VerifierTestBase.getSigElement(doc);
        verifier.verify(signatureNode, null);

If, on your scenario, the reference's digest changed, something is probably 
changing the dom tree after signature production.. How are you writing the 
signed file to disk?

Original comment by luis.fgoncalv on 14 Aug 2011 at 9:50

Attachments:

GoogleCodeExporter commented 9 years ago 
I was using my own xml save method. When i changed to your outputDocument and 
getDocument methods the problem was solved.

Thanks a lot for your help :)

Original comment by mustafa....@gmail.com on 15 Aug 2011 at 4:14

GoogleCodeExporter commented 9 years ago

Original comment by luis.fgoncalv on 16 Aug 2011 at 8:46