Ahmet-Kaplan / xades4j

Automatically exported from code.google.com/p/xades4j
GNU Lesser General Public License v3.0
0 stars 0 forks source link

problem when validate timestamp encapsulation? #52

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago
Hi louis,
I using xades4j to sign XML with timestamp. 
When verify, I change some char in <EncapsulatedTimeStamp> (exam: A to a) , but 
signature  util valid. 
It not validate into timestamp?

Original issue reported on code.google.com by minh...@gmail.com on 12 Oct 2012 at 2:19

Attachments:

GoogleCodeExporter commented 9 years ago
I can't duplicate the problem. Changing case of letters or adding new letters 
to SignatureTimeStamp does cause verification failure.

You may be changing the part of the token that is not signed (is just 
structural) -- this will not make the verification fail. Try changing the token 
in different place.

Original comment by hubert.k...@gmail.com on 12 Oct 2012 at 11:31

GoogleCodeExporter commented 9 years ago
I change some part in the tab <EncapsulatedTimeStamp>, adding or delete some 
letter does cause verification failure. But some part, when i change case of 
letter, signature stil valid. 
It mean in the tab <EncapsulatedTimeStamp>, i can change some letter in some 
part but not make verification fail?

Original comment by minh...@gmail.com on 12 Oct 2012 at 6:27

GoogleCodeExporter commented 9 years ago
I couldn't reproduce the issue either. When a change the case of a letter on 
the tag, the JAXB unsmarshaling doesn't find any EncapsulatedTimeStamp 
elements, and the corresponding property verifier fails. Maybe your JAXB 
implementation is being case insensitive?

Original comment by luis.fgoncalv on 13 Oct 2012 at 1:17

GoogleCodeExporter commented 9 years ago
Try changing case of 140'th letter -- this makes verification fail every time 
on my side.

@luis: I don't think JAXB unmarshaling is at fault here. I'm quite sure Minh nq 
is referring to the base64 encoded token itself...

Original comment by hubert.k...@gmail.com on 15 Oct 2012 at 12:05

GoogleCodeExporter commented 9 years ago

Original comment by luis.fgoncalv on 4 Sep 2013 at 10:30