Re: [ubl-dev] Mini UBL-Dev digital signature plugtest [with attachment]

["G. Ken Holman" <gkholman@CraneSoftwrights.com>]

(trying again with an attachment)

At 2010-10-22 17:42 -0400, I wrote:
>Hi folks!
>
>I've been scrambling this week trying to prepare my 
>freely-downloadable Windows-based environment for digitally signing 
>UBL documents in time for the ETSI plug test on Monday:
>
>   http://www.etsi.org/plugtests/XAdES-2010/About.htm
>
>Only today did I realize that it costs EUR700 (!!!!) to 
>participate.  I can't participate in that for something that will be 
>downloaded for free from my web site.
>
>So this is an appeal to UBL-Dev members to hold a mini plugtest by 
>running your XAdES software on the attached digitally signed UBL 
>documents.  I've ZIPped it and attached it with a ".zzz" extension.
>
>Below is a transcript showing publicly-available XML Digital 
>Signature software verifying (or not!) the signed content of each 
>document.  If I hack a single byte outside of the 
><sig:UBLDocumentSignatures> element ("Hacked1"), the verification 
>fails.  If I add anything under <sig:UBLDocumentSignatures> such as 
>another signature ("Hacked2"), the verification succeeds.  So I 
>think that proves our XPath transform we are using is correct.
>
>But ... and here's the mini plugtest ... in my environment I'm 
>testing my stuff with my own stuff.  Can someone else out there in 
>UBL-Dev land please validate the attached signed UBL documents?
>
>The XMLDSIG software I found checks the digital signature but not 
>the XAdES aspect of the signature.
>
>I still have a lot of work to do to package this for download from 
>my web site, but I think everything is working.  If someone else can 
>tell me it is working for them, then I'll post what I've got and 
>then anyone can sign a UBL document.  I'm no longer trying to finish 
>for Monday morning, but the faster someone can test this with their 
>own stuff, the faster I'll be more comfortable about posting the free package.
>
>Thank you for any help you can be!
>
>. . . . . . . . . . . Ken
>
>T:\gkholman-UBL-signatures-20101022-2140z>w3cschema 
>u:\ubl\UBL-2.1-PRD1-20100925\xsd\maindoc\UBL-Invoice-2.1.xsd 
>UBL-Invoice-2.1-Signed.xml
>Xerces...
>No validation errors.
>Saxon...
>No validation errors.
>Altova...
>The XML data is valid.
>
>T:\gkholman-UBL-signatures-20101022-2140z>w3cschema 
>u:\ubl\UBL-2.1-PRD1-20100925\xsd\maindoc\UBL-Order-2.1.xsd 
>UBL-Order-2.1-Signed.xml
>Xerces...
>No validation errors.
>Saxon...
>No validation errors.
>Altova...
>The XML data is valid.
>
>T:\gkholman-UBL-signatures-20101022-2140z>w3cschema 
>u:\ubl\UBL-2.1-PRD1-20100925\xsd\maindoc\UBL-Invoice-2.1.xsd 
>UBL-Invoice-2.1-Hacked1.xml
>Xerces...
>No validation errors.
>Saxon...
>No validation errors.
>Altova...
>The XML data is valid.
>
>T:\gkholman-UBL-signatures-20101022-2140z>w3cschema 
>u:\ubl\UBL-2.1-PRD1-20100925\xsd\maindoc\UBL-Invoice-2.1.xsd 
>UBL-Invoice-2.1-Hacked2.xml
>Xerces...
>No validation errors.
>Saxon...
>No validation errors.
>Altova...
>The XML data is valid.
>
>T:\gkholman-UBL-signatures-20101022-2140z>\xmlsec\bin\xmlsec.exe 
>--verify UBL-Invoice-2.1-Signed.xml
>OK
>SignedInfo References (ok/all): 1/1
>Manifests References (ok/all): 0/0
>
>T:\gkholman-UBL-signatures-20101022-2140z>\xmlsec\bin\xmlsec.exe 
>--verify UBL-Order-2.1-Signed.xml
>OK
>SignedInfo References (ok/all): 1/1
>Manifests References (ok/all): 0/0
>
>T:\gkholman-UBL-signatures-20101022-2140z>\xmlsec\bin\xmlsec.exe 
>--verify UBL-Invoice-2.1-Hacked1.xml
>func=xmlSecOpenSSLEvpDigestVerify:file=..\src\openssl\digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid 
>data:data and digest do not match
>FAIL
>SignedInfo References (ok/all): 0/1
>Manifests References (ok/all): 0/0
>Error: failed to verify file "UBL-Invoice-2.1-Hacked1.xml"
>
>T:\gkholman-UBL-signatures-20101022-2140z>\xmlsec\bin\xmlsec.exe 
>--verify UBL-Invoice-2.1-Hacked2.xml
>OK
>SignedInfo References (ok/all): 1/1
>Manifests References (ok/all): 0/0
>
>T:\gkholman-UBL-signatures-20101022-2140z>

gkholman-UBL-signatures-20101022-2140z.zzz

--
XSLT/XQuery training:   after http://XMLPrague.cz 2011-03-28/04-01
Vote for your XML training:   http://www.CraneSoftwrights.com/u/i/
Crane Softwrights Ltd.          http://www.CraneSoftwrights.com/u/
G. Ken Holman                 mailto:gkholman@CraneSoftwrights.com
Male Cancer Awareness Nov'07  http://www.CraneSoftwrights.com/u/bc
Legal business disclaimers:  http://www.CraneSoftwrights.com/legal