[xmlsec] digestvalue failure
Artur BUJDOSO
artur.bujdoso at saveas.hu
Wed Mar 3 07:05:07 PST 2004
Hi,
Sorry for a kind of off-topic question, but the whole thing is driving
me nuts.
Here's my problem:
I have to implement an XML digital signature checker, but unfortunately,
without using the xmlsec library. This environment has a specially
patched (and 0.9.6 only) libssl that renders xmlsec library unusable.
Here's the problem:
I read the xml file, parse it with libxml2, then I try to canonize it with:
xmlC14NDocDumpMemory(xmlDoc, NULL, 1, NULL, doc_txt_ptr);
where xmlDoc is an xmlDocPtr, and doc_txt_ptr is an **xmlChar.
When I dump the canonized content, it seems ok, at least it's readable,
has 0x0a at each line end, has no whitespace but 0x20, etc....
At the next step, I look for the referenced URI in the document, in my
case, it looks like this: <Reference URI="#Body">. It is a digitally
signed XML SOAP content, so it refers to the section, starts with
"<SOAP-ENV:Body". I check through the document, and cut the part
_starting_ with <SOAP-ENV:Body and _ending_ with: </SOAP-ENV:Body>. The
< is the first byte in my sha1 buffer and the last one is a > (of the
both SOAP-ENV:Body tags). I generate an sha1 hash, then do a base64
encoding. (I encode the bytes, not the UTF8 chars, of course) and it
produces a DigestValue for me.
Here's the catch: whatever I do, the DigestValue will not match the one
specified in the Reference section.
I simply don't know what to do next. I dumped the sha1 hash buffer and
ran across a manual OpenSSL dgst -sha1 and it produces the same hash
that my code does (I use mhash library, to replace openssl) _and_ when I
run this byte content across uudecode -m, it produces the _same_ base64
hash that my code produces! So it seems that sha1 and base64 hashing
works ok.
What do I miss?
Any answer will be appreticated, thanks in advance.
Artur Bujdoso
More information about the xmlsec
mailing list