Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
C
C
created4dev2015-04-27 08:51:56
Java
created4dev, 2015-04-27 08:51:56

Why does the digital signature check in the first variant give true and in the second false?

//Option 1

String xml=readFileAsString("test.xml");
Document doc = parseDocument(xml);
Element nscontext = XMLUtils.createDSctx(doc, "ds", "http://www.w3.org/2000/09/xmldsig#");
NodeList list = XPathAPI.selectNodeList(doc, "//ds:Signature", nscontext);
Element sigElement = (Element) list.item(list.getLength() - 1);
XMLSignature signature = new XMLSignature(sigElement, "");
org.apache.xml.security.keys.KeyInfo ki = signature.getKeyInfo();
X509Certificate certKey = null;
certKey = ki.getX509Certificate();
System.out.println(signature.checkSignatureValue(certKey));

//Option 2
//Строки берутся из этого же файла "test.xml"
String cert="...";  //Строчка берется из <ds:X509Certificate>
String data="...";  //Строчка берется из <ds:DigestValue>
String sign="...";  //Строчка берется из <ds:SignatureValue>
Certificate certificate = CertificateFactory.getInstance("X509").generateCertificate(new ByteArrayInputStream(Base64.decode(cert)));
PublicKey publicKey=certificate.getPublicKey();
Signature signature2 = Signature.getInstance(publicKey.getAlgorithm());		
signature2.initVerify(publicKey);
signature2.update(Base64.decode(data));
System.out.println(signature2.verify(Base64.decode(sign)));

What's the catch? What is the fundamental difference between XMLSignature and Signature? One and the same file, but the results are different (in the first it gives - true, in the second - false).

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
V
Vladimir Smirnov, 2015-04-29
@bobzer

Well, firstly, the meaning of the experiment is not clear - you have a working EDS verification code, why the second option?
Second, to the core of the issue. It can be assumed that XMLSignature is made for a reason, and differs in some way from Signature. The difference is that XMLSignature takes into account the fact that XML documents have a structure, while Signature checks for an unstructured byte array. When using XMLSignature, canonicalization is applied, which brings the DOM structure read from the file to some general form. At the same time, XMLSignature checks exactly the canonicalized DOM structure, and not an array of bytes read from a file without any interpretation of it.

Similar questions
S
Sergey Pugovkin2018-11-29 21:28:33
Maximum number of folders in one folder (ext4)? 2Reply
S
Seldon2014-04-08 10:10:27
How to add Jboss AS 7 as dependency in Gradle? 1Reply
W
Who_Is_Who2018-10-26 15:31:03
In what cases is "delete rootProject.buildDir" used in gradle? 0Reply
B
bobrik_k2014-04-08 17:53:49
What is the first book on programming to choose? 11Reply
D
Drunya20182018-10-26 22:22:41
Is it correct to sort a thread-safe list? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question