<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<body link="#355491" alink="#4262a1" vlink="#355491" style="background: #e2e2e2; margin: 0; padding: 20px;">
<div>
        <table cellpadding="0" bgcolor="#FFFFFF" border="0" cellspacing="0" style="border: 1px solid #dadada; margin-bottom: 30px; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
                <tbody>
                        <tr>
                                <td>
                                        <table border="0" cellpadding="0" cellspacing="0" bgcolor="#FFFFFF" style="border: solid 2px #ccc; background: #dadada; width: 100%; -moz-border-radius: 6px; -webkit-border-radius: 6px;">
                                                <tbody>
                                                        <tr>
                                                                <td bgcolor="#000000" valign="middle" height="58px" style="border-bottom: 1px solid #ccc; padding: 20px; -moz-border-radius-topleft: 3px; -moz-border-radius-topright: 3px; -webkit-border-top-right-radius: 5px; -webkit-border-top-left-radius: 5px;">
                                                                        <h1 style="color: #333333; font: bold 22px Arial, Helvetica, sans-serif; margin: 0; display: block !important;">
                                                                        <!-- To have a header image/logo replace the name below with your img tag -->
                                                                        <!-- Email clients will render the images when the message is read so any image -->
                                                                        <!-- must be made available on a public server, so that all recipients can load the image. -->
                                                                        <a href="http://community.jboss.org/index.jspa" style="text-decoration: none; color: #E1E1E1">JBoss Community</a></h1>
                                                                </td>
                                                        </tr>
                                                        <tr>
                                                                <td bgcolor="#FFFFFF" style="font: normal 12px Arial, Helvetica, sans-serif; color:#333333; padding: 20px; -moz-border-radius-bottomleft: 4px; -moz-border-radius-bottomright: 4px; -webkit-border-bottom-right-radius: 5px; -webkit-border-bottom-left-radius: 5px;"><h3 style="margin: 10px 0 5px; font-size: 17px; font-weight: normal;">
Manual validation of SignatureValue
</h3>
<span style="margin-bottom: 10px;">
created by <a href="http://community.jboss.org/people/giogio">Giovanni Castellari</a> in <i>JBoss Web Services</i> - <a href="http://community.jboss.org/message/575559#575559">View the full discussion</a>
</span>
<hr style="margin: 20px 0; border: none; background-color: #dadada; height: 1px;">
<div class="jive-rendered-content"><p><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Hello, I'm trying to do a "manual" verification of a XML-Signed message. The message is the following, taken as is </div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">from the server.log:</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"> </div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span><env:Envelope xmlns:env='</span><a class="jive-link-external-small" href="http://schemas.xmlsoap.org/soap/envelope/" target="_blank">http://schemas.xmlsoap.org/soap/envelope/</a><span>'></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"> <env:Header></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>  <wsse:Security env:mustUnderstand='1' xmlns:wsse='</span><a class="jive-link-external-small" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd</a><span>' xmlns:wsu='</span><a class="jive-link-external-small" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd</a><span>'></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">   <wsu:Timestamp wsu:Id='timestamp'></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">    <wsu:Created>2010-12-07T16:37:40.038Z</wsu:Created></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">   </wsu:Timestamp></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>   <wsse:BinarySecurityToken EncodingType='</span><a class="jive-link-external-small" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary</a><span>' ValueType='</span><a class="jive-link-external-small" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</a><span>' wsu:Id='token-2-1291739860138-12935734'>MIIBnDCCAQUCBEz+E1kwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKbWlvY2xpZW50MTAeFw0x</span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">MDEyMDcxMDU4MzNaFw0xMTAzMDcxMDU4MzNaMBUxEzARBgNVBAMTCm1pb2NsaWVudDEwgZ8wDQYJ</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">KoZIhvcNAQEBBQADgY0AMIGJAoGBAJlzh8T0w+FG/uJ6oDzc6uVSJMgJhuL851BPjoAynW7wCeGV</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">1EEydEr2S9qOwsUEg32mLn6s9Mf19nkI3nGHjCuS9SmIil5WilWGWsHqfFSUFB7goKeLfqdGtP5i</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">WDZ4QFVZ0AjMjJZP9tAY8FYzkmJUEkcg5T2OcW/1019/Ttk5AgMBAAEwDQYJKoZIhvcNAQEEBQAD</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">gYEAP6De4XP3wSYDWqSUCgJZNqddZUJFIDxYp5cV6jH4yckV/xniD3IvVcTx8bCykbwWDEec3z95</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">BdYWNPuU2DPWtcab3dTtD7JXez1+Ywi2IYIexChQbthkziLXkvGoPofe9Z7BlaE3hiFzPMKWRjDF</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">qSOScxAyjSebLPvczWozAWQ=</wsse:BinarySecurityToken></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>   <ds:Signature xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>    <ds:SignedInfo xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>     <ds:CanonicalizationMethod Algorithm='</span><a class="jive-link-external-small" href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#</a><span>' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#'/" target="_blank">http://www.w3.org/2000/09/xmldsig#'/</a><span>></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>     <ds:SignatureMethod Algorithm='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a><span>' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#'/" target="_blank">http://www.w3.org/2000/09/xmldsig#'/</a><span>></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>     <ds:Reference URI='#element-1-1291739860070-11803898' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>      <ds:Transforms xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>       <ds:Transform Algorithm='</span><a class="jive-link-external-small" href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#</a><span>' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#'/" target="_blank">http://www.w3.org/2000/09/xmldsig#'/</a><span>></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">      </ds:Transforms></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>      <ds:DigestMethod Algorithm='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#sha1</a><span>' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#'/" target="_blank">http://www.w3.org/2000/09/xmldsig#'/</a><span>></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>      <ds:DigestValue xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'>d2cIarD4atw3HFADamfO9YTKkKs=</ds:DigestValue></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">     </ds:Reference></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>     <ds:Reference URI='#timestamp' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>      <ds:Transforms xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>       <ds:Transform Algorithm='</span><a class="jive-link-external-small" href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#</a><span>' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#'/" target="_blank">http://www.w3.org/2000/09/xmldsig#'/</a><span>></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">      </ds:Transforms></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>      <ds:DigestMethod Algorithm='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#sha1</a><span>' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#'/" target="_blank">http://www.w3.org/2000/09/xmldsig#'/</a><span>></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>      <ds:DigestValue xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'>YR/fZlwJdw+KbyP24UYiyDv8/Dc=</ds:DigestValue></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">     </ds:Reference></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">    </ds:SignedInfo></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>    <ds:SignatureValue xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">OZg96GMrGh0cEwbpHwv3KDhFtFcnzPxbwp9Xv0pgw8Mr9+NIjRlg/G1OyIZ3SdcOYqqzF4/TVLDi</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">5VclwnjBAFl3SEdkyUbbjXVAGkSsxPQcC4un9UYcecESETlAgV8UrHV3zTrjAWQvDg/YBKveoH90</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">FIhfAthslqeFu3h9U20=</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"></ds:SignatureValue></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>    <ds:KeyInfo xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">     <wsse:SecurityTokenReference wsu:Id='reference-3-1291739860138-11726490'></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>      <wsse:Reference URI='#token-2-1291739860138-12935734' ValueType='</span><a class="jive-link-external-small" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/</a><span>></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">     </wsse:SecurityTokenReference></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">    </ds:KeyInfo></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">   </ds:Signature></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">  </wsse:Security></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"> </env:Header></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span> <env:Body wsu:Id='element-1-1291739860070-11803898' xmlns:wsu='</span><a class="jive-link-external-small" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd</a><span>'></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>  <ns1:addizionami xmlns:ns1='</span><a class="jive-link-external-small" href="http://prova/ejb/to/ws/types" target="_blank">http://prova/ejb/to/ws/types</a><span>' xmlns:ns2='</span><a class="jive-link-external-small" href="http://prova/ejb/to/ws/types" target="_blank">http://prova/ejb/to/ws/types</a><span>'></span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">   <Integer_1>3</Integer_1></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">   <Integer_2>78</Integer_2></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">  </ns1:addizionami></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"> </env:Body></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"></env:Envelope></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"> </div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"> </div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">This message was sent from a servlet deployed on JBoss 4.2.3GA and received by a WS-Security configured Web Service</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">deployed locally (on the same JBoss instance). All the automatic JBoss verifications are successful, here's the</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">log:</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"> </div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">2010-12-07 17:37:40,404 INFO  [org.apache.xml.security.signature.Reference] Verification successful for URI "#element-1-1291739860070-11803898"</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">2010-12-07 17:37:40,405 INFO  [org.apache.xml.security.signature.Reference] Verification successful for URI "#timestamp"</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">2010-12-07 17:37:40,417 DEBUG [org.jboss.ws.extensions.security.WSSecurityDispatcher] Verification is successful</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"> </div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">Now I want to verify this manually, so I decrypt the SignatureValue content with the public key and I obtain:</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"> </div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">3021300906052b0e03021a05000414dccdb8570286d36c94bba8e5107faee91e0df088</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"> </div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">I think I did this manual decryption well, because you can recognize the "ASN.1 BER SHA1 algorithm designator </div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"><span>prefix" (</span><a class="jive-link-external-small" href="http://www.w3.org/TR/xmldsig-core/" target="_blank">http://www.w3.org/TR/xmldsig-core/</a><span>) in the first part of this hex string (3021300906052b0e03021a05000414).</span></div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">So the second part (dccdb8570286d36c94bba8e5107faee91e0df088) is my hash value, i.e. the SHA1 computation of the</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">canonicalized SignedInfo element, and in fact it's exactly 20 bytes long. But I can't get this hash value from the </div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">SignedInfo element. I'm using org.apache.xml.security.c14n.Canonicalizer for the canonicalization. Is there someone</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;">that can obtain this hash value and tell me the exact steps/tools/code used? Thank you in advance.</div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"> </div><div id="_mcePaste" style="position: absolute; left: -10000px; top: 0px; width: 1px; height: 1px; overflow-x: hidden; overflow-y: hidden;"> </div><p>Hello, I'm trying to do a "manual" verification of a XML-Signed message. The message is the following, taken as is </p><p>from the server.log:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><pre class="jive-pre"><code class="jive-code jive-xml"><span class="jive-xml-tag"><span><env:Envelope xmlns:env='</span><a class="jive-link-external-small" href="http://schemas.xmlsoap.org/soap/envelope/" target="_blank">http://schemas.xmlsoap.org/soap/envelope/</a><span>'></span></span>
<span class="jive-xml-tag"><env:Header></span>
  <span class="jive-xml-tag"><span><wsse:Security env:mustUnderstand='1' xmlns:wsse='</span><a class="jive-link-external-small" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd</a><span>' xmlns:wsu='</span><a class="jive-link-external-small" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd</a><span>'></span></span>
   <span class="jive-xml-tag"><wsu:Timestamp wsu:Id='timestamp'></span>
    <span class="jive-xml-tag"><wsu:Created></span>2010-12-07T16:37:40.038Z<span class="jive-xml-tag"></wsu:Created></span>
   <span class="jive-xml-tag"></wsu:Timestamp></span>
   <span class="jive-xml-tag"><span><wsse:BinarySecurityToken EncodingType='</span><a class="jive-link-external-small" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary</a><span>' ValueType='</span><a class="jive-link-external-small" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3</a><span>' wsu:Id='token-2-1291739860138-12935734'></span></span>MIIBnDCCAQUCBEz+E1kwDQYJKoZIhvcNAQEEBQAwFTETMBEGA1UEAxMKbWlvY2xpZW50MTAeFw0x
MDEyMDcxMDU4MzNaFw0xMTAzMDcxMDU4MzNaMBUxEzARBgNVBAMTCm1pb2NsaWVudDEwgZ8wDQYJ
KoZIhvcNAQEBBQADgY0AMIGJAoGBAJlzh8T0w+FG/uJ6oDzc6uVSJMgJhuL851BPjoAynW7wCeGV
1EEydEr2S9qOwsUEg32mLn6s9Mf19nkI3nGHjCuS9SmIil5WilWGWsHqfFSUFB7goKeLfqdGtP5i
WDZ4QFVZ0AjMjJZP9tAY8FYzkmJUEkcg5T2OcW/1019/Ttk5AgMBAAEwDQYJKoZIhvcNAQEEBQAD
gYEAP6De4XP3wSYDWqSUCgJZNqddZUJFIDxYp5cV6jH4yckV/xniD3IvVcTx8bCykbwWDEec3z95
BdYWNPuU2DPWtcab3dTtD7JXez1+Ywi2IYIexChQbthkziLXkvGoPofe9Z7BlaE3hiFzPMKWRjDF
qSOScxAyjSebLPvczWozAWQ=<span class="jive-xml-tag"></wsse:BinarySecurityToken></span>
   <span class="jive-xml-tag"><span><ds:Signature xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></span>
    <span class="jive-xml-tag"><span><ds:SignedInfo xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></span>
     <span class="jive-xml-tag"><span><ds:CanonicalizationMethod Algorithm='</span><a class="jive-link-external-small" href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#</a><span>' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#'/" target="_blank">http://www.w3.org/2000/09/xmldsig#'/</a><span>></span></span>
     <span class="jive-xml-tag"><span><ds:SignatureMethod Algorithm='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a><span>' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#'/" target="_blank">http://www.w3.org/2000/09/xmldsig#'/</a><span>></span></span>
     <span class="jive-xml-tag"><span><ds:Reference URI='#element-1-1291739860070-11803898' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></span>
      <span class="jive-xml-tag"><span><ds:Transforms xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></span>
       <span class="jive-xml-tag"><span><ds:Transform Algorithm='</span><a class="jive-link-external-small" href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#</a><span>' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#'/" target="_blank">http://www.w3.org/2000/09/xmldsig#'/</a><span>></span></span>
      <span class="jive-xml-tag"></ds:Transforms></span>
      <span class="jive-xml-tag"><span><ds:DigestMethod Algorithm='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#sha1</a><span>' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#'/" target="_blank">http://www.w3.org/2000/09/xmldsig#'/</a><span>></span></span>
      <span class="jive-xml-tag"><span><ds:DigestValue xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></span>d2cIarD4atw3HFADamfO9YTKkKs=<span class="jive-xml-tag"></ds:DigestValue></span>
     <span class="jive-xml-tag"></ds:Reference></span>
     <span class="jive-xml-tag"><span><ds:Reference URI='#timestamp' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></span>
      <span class="jive-xml-tag"><span><ds:Transforms xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></span>
       <span class="jive-xml-tag"><span><ds:Transform Algorithm='</span><a class="jive-link-external-small" href="http://www.w3.org/2001/10/xml-exc-c14n#" target="_blank">http://www.w3.org/2001/10/xml-exc-c14n#</a><span>' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#'/" target="_blank">http://www.w3.org/2000/09/xmldsig#'/</a><span>></span></span>
      <span class="jive-xml-tag"></ds:Transforms></span>
      <span class="jive-xml-tag"><span><ds:DigestMethod Algorithm='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#sha1" target="_blank">http://www.w3.org/2000/09/xmldsig#sha1</a><span>' xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#'/" target="_blank">http://www.w3.org/2000/09/xmldsig#'/</a><span>></span></span>
      <span class="jive-xml-tag"><span><ds:DigestValue xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></span>YR/fZlwJdw+KbyP24UYiyDv8/Dc=<span class="jive-xml-tag"></ds:DigestValue></span>
     <span class="jive-xml-tag"></ds:Reference></span>
    <span class="jive-xml-tag"></ds:SignedInfo></span>
    <span class="jive-xml-tag"><span><ds:SignatureValue xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></span>
OZg96GMrGh0cEwbpHwv3KDhFtFcnzPxbwp9Xv0pgw8Mr9+NIjRlg/G1OyIZ3SdcOYqqzF4/TVLDi
5VclwnjBAFl3SEdkyUbbjXVAGkSsxPQcC4un9UYcecESETlAgV8UrHV3zTrjAWQvDg/YBKveoH90
FIhfAthslqeFu3h9U20=
<span class="jive-xml-tag"></ds:SignatureValue></span>
    <span class="jive-xml-tag"><span><ds:KeyInfo xmlns:ds='</span><a class="jive-link-external-small" href="http://www.w3.org/2000/09/xmldsig#" target="_blank">http://www.w3.org/2000/09/xmldsig#</a><span>'></span></span>
     <span class="jive-xml-tag"><wsse:SecurityTokenReference wsu:Id='reference-3-1291739860138-11726490'></span>
      <span class="jive-xml-tag"><span><wsse:Reference URI='#token-2-1291739860138-12935734' ValueType='</span><a class="jive-link-external-small" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3'/</a><span>></span></span>
     <span class="jive-xml-tag"></wsse:SecurityTokenReference></span>
    <span class="jive-xml-tag"></ds:KeyInfo></span>
   <span class="jive-xml-tag"></ds:Signature></span>
  <span class="jive-xml-tag"></wsse:Security></span>
<span class="jive-xml-tag"></env:Header></span>
<span class="jive-xml-tag"><span><env:Body wsu:Id='element-1-1291739860070-11803898' xmlns:wsu='</span><a class="jive-link-external-small" href="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" target="_blank">http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd</a><span>'></span></span>
  <span class="jive-xml-tag"><span><ns1:addizionami xmlns:ns1='</span><a class="jive-link-external-small" href="http://prova/ejb/to/ws/types" target="_blank">http://prova/ejb/to/ws/types</a><span>' xmlns:ns2='</span><a class="jive-link-external-small" href="http://prova/ejb/to/ws/types" target="_blank">http://prova/ejb/to/ws/types</a><span>'></span></span>
   <span class="jive-xml-tag"><Integer_1></span>3<span class="jive-xml-tag"></Integer_1></span>
   <span class="jive-xml-tag"><Integer_2></span>78<span class="jive-xml-tag"></Integer_2></span>
  <span class="jive-xml-tag"></ns1:addizionami></span>
<span class="jive-xml-tag"></env:Body></span>
<span class="jive-xml-tag"></env:Envelope></span>
</code></pre><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>This message was sent from a servlet deployed on JBoss 4.2.3GA and received by a WS-Security configured Web Service</p><p>deployed locally (on the same JBoss instance). All the automatic JBoss verifications are successful, here's the</p><p>log:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>2010-12-07 17:37:40,404 INFO  [org.apache.xml.security.signature.Reference] Verification successful for URI "#element-1-1291739860070-11803898"</p><p>2010-12-07 17:37:40,405 INFO  [org.apache.xml.security.signature.Reference] Verification successful for URI "#timestamp"</p><p>2010-12-07 17:37:40,417 DEBUG [org.jboss.ws.extensions.security.WSSecurityDispatcher] Verification is successful</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>Now I want to verify this manually, so I decrypt the SignatureValue content with the public key and I obtain:</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>3021300906052b0e03021a05000414dccdb8570286d36c94bba8e5107faee91e0df088</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p>I think I did this manual decryption well, because you can recognize the "ASN.1 BER SHA1 algorithm designator </p><p><span>prefix" (</span><a class="jive-link-external-small" href="http://www.w3.org/TR/xmldsig-core/" target="_blank">http://www.w3.org/TR/xmldsig-core/</a><span>) in the first part of this hex string (3021300906052b0e03021a05000414).</span></p><p>So the second part (dccdb8570286d36c94bba8e5107faee91e0df088) should be my hash value, i.e. the SHA1 computation of the</p><p>canonicalized SignedInfo element, and in fact it's exactly 20 bytes long. But I can't get this hash value from the </p><p>SignedInfo element. I'm using org.apache.xml.security.c14n.Canonicalizer for the canonicalization. Is there someone</p><p>that can obtain this hash value and tell me the exact steps/tools/code used? Thank you in advance.</p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p><p style="min-height: 8pt; height: 8pt; padding: 0px;"> </p></p></div>
<div style="background-color: #f4f4f4; padding: 10px; margin-top: 20px;">
<p style="margin: 0;">Reply to this message by <a href="http://community.jboss.org/message/575559#575559">going to Community</a></p>
        <p style="margin: 0;">Start a new discussion in JBoss Web Services at <a href="http://community.jboss.org/choose-container!input.jspa?contentType=1&containerType=14&container=2044">Community</a></p>
</div></td>
</tr>
</tbody>
</table>
</td>
</tr>
</tbody>
</table>
</div>
</body>
</html>