is XML well signed with xades-bes signature -


i've got xml file should signed certificate enerated openssl. 

<?xml version="1.0" encoding="utf-8"?><ds:signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" id="pemi-signature-id-1"><ds:signedinfo id="pemi-signedinfo-id-1"><ds:canonicalizationmethod algorithm="http://www.w3.org/tr/2001/rec-xml-c14n-20010315"></ds:canonicalizationmethod><ds:signaturemethod algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:signaturemethod><ds:reference id="pemi-reference-id-1" uri="#pemi-object-id-2"><ds:digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:digestmethod><ds:digestvalue>rq307h+y/mfzlpfuzuchjxmhj/8=</ds:digestvalue></ds:reference><ds:reference id="pemi-reference-id-2" type="http://uri.etsi.org/01903#signedproperties" uri="#pemi-signedproperties-id-1"><ds:digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:digestmethod><ds:digestvalue>lhsgsg21vkezqhkysxukhxo3npi=</ds:digestvalue></ds:reference></ds:signedinfo><ds:signaturevalue id="pemi-signaturevalue-id-1">fzvu6dz3zeuvj5yrdh8+x3c4qzkwq4t1d4zj7g4gabh4pifhjkdvpgufym37mnsja/lka6xokr2q r9k+p8lhfa==</ds:signaturevalue><ds:keyinfo id="pemi-keyinfo-id-1"><ds:x509data><ds:x509certificate>miicfdccaiagawibagijamoeglkffg3dma0gcsqgsib3dqebbauamf8xczajbgnvbaytalbmmrqw egydvqqiewttyxpvd2lly2tpzterma8ga1uebxmiv2fyc3phd2exedaobgnvbaotb1rfu1rpv0ex ftatbgnvbamtdephbiblb3dhbhnrataefw0xnta0mtqxndm4mjnafw0xoda0mtmxndm4mjnamf8x czajbgnvbaytalbmmrqwegydvqqiewttyxpvd2lly2tpzterma8ga1uebxmiv2fyc3phd2exedao bgnvbaotb1rfu1rpv0exftatbgnvbamtdephbiblb3dhbhnratbcma0gcsqgsib3dqebaquaa0sa megcqqc8a4puzmx+ni1xltip+owtz70jhnubrzs/+dwry0hpwxxft6c4vsob4rk3flazbszyg3i/ u9d4qok16yteo6hdagmbaagjgcqwgcewhqydvr0obbyefc4cmmnl8zt+fjcsooi7prpt+ee+migr bgnvhsmegykwgyaafc4cmmnl8zt+fjcsooi7prpt+ee+owokytbfmqswcqydvqqgewjqtdeumbig a1uecbmlbwf6b3dpzwnrawuxetapbgnvbactcfdhcnn6yxdhmrawdgydvqqkewdurvnut1dbmruw ewydvqqdewxkyw4gs293ywxza2mccqdkhhpzhxynwzambgnvhrmebtadaqh/ma0gcsqgsib3dqeb bauaa0earfizmsaqgpgrlh/xb2wr9bhasehtkorbze5xha9ad5l7sy14loh7gcvjlrpuu8chbxr9 xecvnvhhim1ymaszvq==</ds:x509certificate></ds:x509data></ds:keyinfo><ds:object id="pemi-object-id-1"><xades:qualifyingproperties xmlns:xades="http://uri.etsi.org/01903/v1.3.2#" id="pemi-qualifyingproperties-id-1" target="#pemi-signature-id-1"><xades:signedproperties id="pemi-signedproperties-id-1"><xades:signedsignatureproperties id="pemi-signedsignatureproperties-id-1"><xades:signingtime>2015-04-14t14:45:56z</xades:signingtime><xades:signingcertificate><xades:cert><xades:certdigest><ds:digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:digestmethod><ds:digestvalue></ds:digestvalue></xades:certdigest><xades:issuerserial><ds:x509issuername>c=pl, s=mazowieckie, l=warszawa, o=testowa, cn=jan kowalski</ds:x509issuername><ds:x509serialnumber>14564107215038713283</ds:x509serialnumber></xades:issuerserial></xades:cert></xades:signingcertificate></xades:signedsignatureproperties></xades:signedproperties></xades:qualifyingproperties></ds:object><ds:object id="pemi-object-id-2" mimetype="text/xml"><a>     <b>some data</b> </a></ds:object></ds:signature>

whe try check if signed 1 software ok(http://www.pemi.org.pl/index.php/do-pobrania/31-aplikacja-protektor), , when try verify in other it's says signature not valid(http://sigillum.pl/pliki_do_pobrania.html). can verify signature? or maybe me how 100% certainty.

i tried validation using serenity (http://www.cryptolog.com/fr/produits/produits-serveurs/serenity-validation-de-signature-electronique). gives following report:

  • the cryptographic value (the signature value) valid
  • your signature has 2 references (two signed objects):
  • 1) uri="#pemi-signedproperties-id-1" valid
  • 2) uri="#pemi-object-id-2" is invalid.

for last reference, expected input hashing 

<ds:object xmlns:ds="http://www.w3.org/2000/09/xmldsig#" id="pemi-object-id-2" mimetype="text/xml"><a> <b>some data</b> </a></ds:object>

-

Comments

Post a Comment

Popular posts from this blog

css - SVG using textPath a symbol not rendering in Firefox -

using textpath within symbol doesn't render in firefox. renders fine in latest chrome , ie, when try reference symbol, svg text doesn't render in firefox (37.0.1) - first box appears empty. code below (no external dependencies), there should 2 boxes word test flowing vertically in centre of each. edit: thought issue somehow involved flexbox layout, until paul pointed out issue exists without flexbox layout. the html is: <div> <svg id="not_working" viewbox="0 0 250 1200" preserveaspectratio="xmidymid meet"> <symbol id="test_symbol1" preserveaspectratio="xmidymid meet" viewbox="0 0 250 1200"> <path id="test_symbol_path" d="m 100 1200 l 100 0" /> <text font-size="100" fill="red"> <textpath text-anchor="middle" startoffset="50%" xlink:href="#test_symbol_path&q
Read more

Java 8 + Maven Javadoc plugin: Error fetching URL -

i attempting generate javadoc links javadoc dependencies. have tried various means generate javadoc not produce qualified class names references classes dependencies. wanted links java doc simplified class names. however, java api classnames, no links , have qualified class names. working java 8. have following configuration: <plugin> <groupid>org.apache.maven.plugins</groupid> <artifactid>maven-javadoc-plugin</artifactid> <version>2.10.2</version> <configuration> <reportoutputdirectory>${project.basedir}/target</reportoutputdirectory> <destdir>javadoc</destdir> <windowtitle>epiphany</windowtitle> <doctitle>epiphany</doctitle> <show>private</show> <detectlinks>false</detectlinks> <detectoffline
Read more

node.js - How to abort query on demand using Neo4j drivers -

i making search engine application using node.js , neo4j allows users submit graph traversal query via web-based user interface. want give users option cancel query after has been submitted (i.e. if user decides change query parameters). thus, need way abort query using either command node.js-to-neo4j driver or via cypher query. after few hours of searching, haven't been able find way using of node.js-to-neo4j drivers. can't seem find cypher query allows killing of query. overlooking something, or not possible neo4j? using neo4j 2.0.4, willing upgrade newer version of neo4j if has query killing capabilities. starting neo4j version 2.2.0, it's possible kill queries ui , via rest interface. don't know if existing nodejs drivers support feature, if not can still achieve same functionality making http request rest interface. if run query in browser in version 2.2.x or later, notice there (x) close link @ top-right corner of area queries executed , displayed
Read more