search

luisgoncalves / xades4j

A Java library for XAdES signature services
GNU Lesser General Public License v3.0
109 stars 65 forks source link

Verification Problem #10

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
Hi,

First of all thanks for such a great project. In my project, I am trying to 
verify XAdES-BES signed XML content. Signing has done by the another party. But 
I am not able to verify this sign with Xades4j. 

Interestingly, they are able to verify my signed XML that is signed by Xades4j. 

What can be the problem? Below is the some part of unverified signing?

        <ds:Signature Id="Signature_GIB2011000000049">
          <ds:SignedInfo Id="SignedInfo_GIB2011000000049">
            <ds:CanonicalizationMethod
              Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
            <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
            <ds:Reference URI="">
              <ds:Transforms>
                <ds:Transform
                  Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
              </ds:Transforms>
              <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
              <ds:DigestValue>8VLNpeLl7DraDZ2ZNBArOG7TVvaoEQGeU3CNsLi3j48=</ds:DigestValue>
            </ds:Reference>
            <ds:Reference Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties"
              URI="#SignedProperties_GIB2011000000049" Id="SignedProperties-Reference_GIB2011000000049">
              <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
              <ds:DigestValue>rwbtEhXiqsyp8qxng3MY0NAJ/bMuPgGdZBXkkNNo2Ek=</ds:DigestValue>
            </ds:Reference>
          </ds:SignedInfo>
          <ds:SignatureValue Id="id2011000000049">FEdlROTTlvDtu2Ou/Uv2bjQF95n0TbBD6HSd3ryuY5FQGncZikL35+mMNb6gQgzbJGvnipaGApCbal4nhVhaGA/tafKUfDQ3q9bdBgdU4ma+vF802IqSTTthmNDAgA80OoBMMv99rCsaNZwYHa5+wzcKzm/rxB829hClFHWYG6iHeERpqz9/cy1Q6K/h2xF8QxFC14/E4QewSD3X/uWOe9GZuO6cQdSWf2XekcFrECq/CQFgc6Nl5J120Z+Uoz7xaM9b6h/XfD5jCsehCsR5KCG0zh3vypoq8yu9QTPjDFhTOYC3JD2gzGLVN8N2QJzcZqTzXbzD2TBZJLrsIFKfsw==</ds:SignatureValue>
          <ds:KeyInfo>
            <ds:KeyValue>
              <ds:RSAKeyValue>
                <ds:Modulus>g4fWV5+GRbNQTnVpG5naG/4xC167blIngQJdOJVss7LSBjFkOOitvJtpV0Qvsld1HzW9A+P8aR17KdgZzqsc5+akR0+volN2ZH9M+q0Xza7zSQjgBzovv2R6VQWLnEyFb4i3PzEqQMDbF8n30oNWj0BjBvNn+eTkxmk8ifhLDAwrrDasje5CudTNo9pIv73VcJqA3F+pKwW7MGIZeDJpLnbbqz+ELOIR3ev51Ewb889QQyqlMiu2LKaDVmpsFzAlFo25ayLTJ896/cL0Lff+/W+CKeOo3f/SrAcZWp0RWmiKZDET9LqCodeH+2x3M8+KK2IwjABk378e8/TipjfENQ==</ds:Modulus>
                <ds:Exponent>AQAB</ds:Exponent>
              </ds:RSAKeyValue>
            </ds:KeyValue>
            <ds:X509Data>
              <ds:X509SubjectName>CN=e-Fatura Deneme
                A.Ş.,2.5.4.5=#130a39393939393939393939,OU=e-Fatura Deneme A.Ş.</ds:X509SubjectName>
              <ds:X509Certificate>......</ds:X509Certificate>
            </ds:X509Data>
          </ds:KeyInfo>
          <ds:Object>
            <xades:QualifyingProperties Target="Signature_GIB2011000000049">
              <xades:SignedProperties Id="SignedProperties_GIB2011000000049">
                <xades:SignedSignatureProperties>
                  <xades:SigningTime>2011-08-03T02:51:56+03:00</xades:SigningTime>
                  <xades:SigningCertificate>
                    <xades:Cert>
                      <xades:CertDigest>
                        <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
                        <ds:DigestValue>4pCQHzUOwVViUIbtc2C5LQkMH/4nS2aTFSx93qp5x8Y=</ds:DigestValue>
                      </xades:CertDigest>
                      <xades:IssuerSerial>
                        <ds:X509IssuerName>CN=Mali Mühür Elektronik Sertifika Hizmet
                          Sağlayıcısı - Sürüm 1, C=TR</ds:X509IssuerName>
                        <ds:X509SerialNumber>662936601706</ds:X509SerialNumber>
                      </xades:IssuerSerial>
                    </xades:Cert>
                  </xades:SigningCertificate>
                  <xades:SignerRole>
                    <xades:ClaimedRoles>
                      <xades:ClaimedRole>Tedarikçi</xades:ClaimedRole>
                    </xades:ClaimedRoles>
                  </xades:SignerRole>
                </xades:SignedSignatureProperties>
              </xades:SignedProperties>
            </xades:QualifyingProperties>
          </ds:Object>
        </ds:Signature>

Thanks.

Original issue reported on code.google.com by cgurkane...@gmail.com on 3 Aug 2011 at 12:37

GoogleCodeExporter commented 9 years ago 
Hi,

Can you write down the exception and stack trace that you get when verifying?
How did you set up the verification profile?

Original comment by luis.fgoncalv on 4 Aug 2011 at 8:49

GoogleCodeExporter commented 9 years ago 
Hi,

Thanks for the answer. There were formatting problems that XML Signature does 
not validate correctly! Problem has been solved.

Thanks for such a great project again!

Gurkan

Original comment by cgurkane...@gmail.com on 4 Aug 2011 at 2:01

GoogleCodeExporter commented 9 years ago 
Np. Thanks!

Original comment by luis.fgoncalv on 4 Aug 2011 at 2:37

GoogleCodeExporter commented 9 years ago 
Hi Gurkan and Luis,

I had an e-invoice that includes a signature. But this e-invoice has a 
signature verification problem. I used XAdES-BES .You can see the invoice in 
attachement. Can you help me ? Thanks.

Original comment by ereny...@gmail.com on 2 Jan 2014 at 3:48

Attachments:

GoogleCodeExporter commented 9 years ago 
Hi,

Commenting on a closed issue is not the best way to track problems. 

Can you write down the exception and stack trace that you get when verifying?
How did you set up the verification profile?

Original comment by luis.fgoncalv on 2 Jan 2014 at 8:02

GoogleCodeExporter commented 9 years ago 
Hi Luis,

There is no cleanly exception. When i sent the e-invoice, I got a response like 
a "invalid signature", but i have a sample that is valid signature in an 
invoice, can you compare with it? The valid signature is in attachement. Thank 
you!

Original comment by ereny...@gmail.com on 3 Jan 2014 at 8:13

Attachments:

GoogleCodeExporter commented 9 years ago 
When you "sent" the invoice? Are verifying with xades4j? Or was the signature 
created with xades4j?

The first signature seemed correct.. There are many possible problems for 
verification failure. Without further information is hard to know.

Original comment by luis.fgoncalv on 3 Jan 2014 at 10:20

GoogleCodeExporter commented 9 years ago 
I'm not verifiying with xades4j. I created the signature with xades4j.

There is an another question? Can i set "Id" attribute to "ds:SignedInfo" tag ? 
If it is possible, how can i do this?

Thank you!

Original comment by ereny...@gmail.com on 3 Jan 2014 at 10:26

GoogleCodeExporter commented 9 years ago 
The signatures look very similar, apart from some element id's. Are you sure 
there were no changes to the document after signing? Is the signing certificate 
valid on the verifier?

Currently there's no way to set the id of ds:SignedInfo.

Original comment by luis.fgoncalv on 3 Jan 2014 at 11:06