[xmlsec] Duplicated X509Certificate
Marcos Bontempo
marcosbontempo at hotmail.com
Sun Jan 3 13:15:22 PST 2016
Hello,
I'm signing a XML file with this command:
xmlsec1 --sign --output signed.xml --pkcs12 ia.p12 --pwd password --trusted-pem ca.crt to-sign.xml
And here is my signature info:
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> <SignedInfo> <Canonical tizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" /> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> <DigestValue></DigestValue> </Reference> </SignedInfo> <SignatureValue></SignatureValue> <KeyInfo> <X509Data></X509Data> </KeyInfo> </Signature>
It's working but I get two X509Certificate tags:
<X509Data><X509Certificate>MIIEBzCCAu+gAwIBAgIJANN+QDNqjUZHMA0GCSqGSIb3DQEBCwUAMIGZMQswCQYDVQQGEwJCUjEVMBMGA1UECAwMTWluYXMgR2VyYWlzMR4wHAYDVQQHDBVTYW50YSBSaXRhIGRvIFNhcHVjYWkxGjAYBgNVBAoMEXd3dy5uaXRlcmUuY29tLmJyMQ8wDQYDVQQLDAZOaXRlcmUxDzANBgNVBAMMBm5pdGVyZTEVMBMGCSqGSIb3DQEJARYGbml0ZXJlMB4XDTE2MDEwMzE5MzgwNloXDTE2MTIyNDE5MzgwNlowgZkxCzAJBgNVBAYTAkJSMRUwEwYDVQQIDAxNaW5hcyBHZXJhaXMxHjAcBgNVBAcMFVNhbnRhIFJpdGEgZG8gU2FwdWNhaTEaMBgGA1UECgwRd3d3Lm5pdGVyZS5jb20uYnIxDzANBgNVBAsMBk5pdGVyZTEPMA0GA1UEAwwGbml0ZXJlMRUwEwYJKoZIhvcNAQkBFgZuaXRlcmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCamYGpTT06/+UTNX4KqRw32rhi2vzfCXadBu4sfPKX/UrkX8zzm/MLKblJdI0x7S2Cwe+uI/mj863Xwvu3A13BMpuUmZ8JAxeSyB9N64I1Dq2eT2M0zNoNWC9siiVZsscaNOrZMb2aReyb3P/i5JQcU0K/326dtVDA2rK2Loh5bXrMz2MDk0IXOaMprTDllOPtVma8uIutfJkmjt/6eE3PDa/J4oRjB20HYyDdI78XbXFBH8YxTpg8xTpRyLuT6/hlBi00gSLU62t7vpgo9o02bz2jrw8njP8prZjJ1oP+42YdHa4RQ+ecCjUYzQxhkODOBo7H2Ls8MTWNwOfab/UTAgMBAAGjUDBOMB0GA1UdDgQWBBS6V/pC6Zl8yqDebDbrp2M1dvuUtTAfBgNVHSMEGDAWgBS6V/pC6Zl8yqDebDbrp2M1dvuUtTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAfAPQmG2ger41eMlM39mz0x6gSPITOYsi19WoSaXhT/3tLIS2lZo8GrYg8ENi7w20dJ0LkCRcDqPpNdM8rMpkoL8dsFGmx+33E7Wl9YrtHNK59BwyUTpQJtPOe1mJGtauY4k4BhFUVK9TU6zXlaLzXzPOYEKeOkCR26NsV/o3qcu8vPs5/Ghu3/I1TTyUAeAArMjg24gmoJogUo9bD188AI1fIegRRC549KIOjTIouJyrvTyvb/oj6Ur8n4yBxW6sVTkFF5XFSGuC9iqZ4ZLb3vXXK0zQR9LsKx5GOxolQ8uT+QYqVXh7GnsnabeU2n47L93uW2VMpjDEp75JuAC1/</X509Certificate>
<X509Certificate>MIIDpDCCAowCAQEwDQYJKoZIhvcNAQELBQAwgZkxCzAJBgNVBAYTAkJSMRUwEwYDVQQIDAxNaW5hcyBHZXJhaXMxHjAcBgNVBAcMFVNhbnRhIFJpdGEgZG8gU2FwdWNhaTEaMBgGA1UECgwRd3d3Lm5pdGVyZS5jb20uYnIxDzANBgNVBAsMBk5pdGVyZTEPMA0GA1UEAwwGbml0ZXJlMRUwEwYJKoZIhvcNAQkBFgZuaXRlcmUwHhcNMTYwMTAzMTkzODM5WhcNMTYxMjI0MTkzODM5WjCBlTELMAkGA1UEBhMCQlIxFTATBgNVBAgMDE1pbmFzIEdlcmFpczEeMBwGA1UEBwwVU2FudGEgUml0YSBkbyBTYXB1Y2FpMRYwFAYDVQQKDA1uaXRlcmUuY29tLmJyMQ8wDQYDVQQLDAZOaXRlcmUxDzANBgNVBAMMBm5pdGVyZTEVMBMGCSqGSIb3DQEJARYGbml0ZXJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw4AysesK3+UfLc9fRrGzxmZ/eGwgKS+DygkV+LNRl2eKZkvLi7rM/5jl2cCVS5gBHGoH2FX/Lv7BkcQMD/AHnk2bYA33S6cnrU5U3cYrAUTeVb0nf8joivlK1dCFBoLX/L1xByMyW3/ZGXOK7W2qBQyS50uk0PKDruU5pu2Uaf0v9EmKru3ReAIakj4HmTYlSl6ZdF2NZvReEvEx8VrAyoiyXApa6uXsaRkL+nYNqWhORNEhqMgSAK+vW4ywSNC3saW/Gwep9LXMpN1klRseJSkcCe0JsUspai9/OsVESPQxCdH/o0xmoeysUtVNF3ujX8jD1HaOmsJLSrMnX6EA/wIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQBG6PyNlC/YmEnfzmjXOKRubUIqaCkf4PO2YS23p+6kVUmKB0w+AbO/mK3m6Aq/BABqcfDwtFY1kCOl1tcRtF3HD5Kwpoq8xveIwnRHyOeBjeSKgPVnRQmIsXWjQ48jl8lFbs+LbEAumIGI4eIfIb0wzhyKRZSFjXjZijDi9LktzuHjNftHxGtiTHc4dzXpSHKgBFWr6OjQvbCMa+jRIraSWk4fknGF9mCxez7BGAZnQmhfJAnMSYLwKIRWd7JsYMjzt9x/hcQjcRsdyrRXUX29kfuL7ic2CyoitVTjzJSldajf/quxiymxQDSNSCy+B65llKZnoNx5gpeV0Q/ZFzqe</X509Certificate></X509Data>
Does anybody know why it's happening? I'm expecting only one X509Certificate tag.
Any tip will be very helpful,Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20160103/2d075c29/attachment.html>
More information about the xmlsec
mailing list