Java XML Signature validation error


A

alan_sec

Hi.
I have created detached xml signature using java XML Signature
(javax.xml.crypto.dsig.* classes).
Signature is referenced using element id (#).
XML looks something like this:

<ThreeDSecure>
<Message id="a239396308">
<Msg1 id="#MSG24596608192729662548">
...
</Msg1>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#MSG24596608192729662548">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<DigestValue>Bn+mvxvJsNgSrS/66YZnoACFdHg=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>...</SignatureValue>
<KeyInfo>
<X509Data>
<X509SubjectName>...</X509SubjectName>
<X509Certificate>...</X509Certificate>
<X509Certificate>...</X509Certificate>
<X509Certificate>...</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Message>
</ThreeDSecure>

When I try to validate XML signature I get this exception:
javax.crypto.BadPaddingException: Encountered block type: 102 while
expecting 1

What is a block type 102 and what is block type 1?
Where can I find block type description?
Any help or suggestion would be nice.
Thanks.
Alan
 
Ad

Advertisements

A

Andrew Thompson

alan_sec wrote:
...
XML looks something like this:

'something like'? Note that posting anything
that is not a direct representation of your source
is a waste of your time, and our bandwidth.
You may not value your time, but please place
a higher value on our bandwidth.

Andrew T.
 
A

alan_sec

Here is exact xml document:

#######################################
<ThreeDSecure>
<Message id="a497179213">
<PARes id="PARes22908118939049785462">
<version>1.0.2</version>
<Merchant>
<acqBIN>11111111111</acqBIN>
<merID>12AB,cd/34-EF -g,5/H-67</merID>
</Merchant>
<Purchase>
<xid>OTMyMjMwMjU0MDEyMzQ1Njc4OTA=</xid>
<date>20070111 16:27:55</date>
<purchAmount>123456</purchAmount>
<currency>840</currency>
<exponent>2</exponent>
</Purchase>
<pan>0000000001000</pan>
<TX>
<time>20070111 16:27:37</time>
<status>Y</status>
<cavv>AAABBHYACAaCUVVAAAAIAAAAAAA=</cavv>
<eci>05</eci>
<cavvAlgorithm>2</cavvAlgorithm>
</TX>
</PARes>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#PARes22908118939049785462">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>

<DigestValue>4RkFL0fCHu7YRqj6+nhGModZ3oU=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>

M3SV3p0YhXf3pG4978X2ez3+mlwzuN6vwUydlz+sh0HHg3Ywt2sp4Xviwls3weYa

LvQsrIpeE0TYPn8Oj0YPvubFSabr75i3JKW8rzYi42l39Z8MtxkIXGm6b3Wpesof
HwgOcnJ2CkR9gsg3QYXqvfLDnTMrumzW0xb11kd76o0=
</SignatureValue>
<KeyInfo>
<X509Data>
<X509SubjectName>CN=TridesACS1.0, OU=ACS, O=Logos,
ST=Some-State, C=hr</X509SubjectName>
<X509Certificate>

MIICNzCCAaCgAwIBAgIUFJU/40Di8oxdY63QIi+hBPLUiw4wDQYJKoZIhvcNAQEF

BQAwRzELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0NhcmFkYXMxFTATBgNVBAsTDENh

cmFkYXMgTGFiczEPMA0GA1UEAxMGQ1RIIENBMB4XDTA3MDExMTE0NDEzN1oXDTA5

MDExMDE0NDEzN1owVzELMAkGA1UEBhMCaHIxEzARBgNVBAgTClNvbWUtU3RhdGUx

DjAMBgNVBAoTBUxvZ29zMQwwCgYDVQQLEwNBQ1MxFTATBgNVBAMTDFRyaWRlc0FD

UzEuMDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEApNJlwtEAJsggx5qNund+

KPJF3yeQ3qEyNRrtalWo/judkJPdW9OrurT4NUctrhWkzpl7A5j/buzoMuWdnLwF

fHhN4F+dXAKuKKuojiwKSzaUsgiHkaoh1Ztd8A7BcETZb/Gw7+sQN/jxPepAm6WK

eWZloWV2Ocq/tBAvb7q7CnsCAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG

9w0BAQUFAAOBgQA7qGe9TR5dHSXftO81UKoHnqZCEBjljXwTdbncFAn3qtZ/Qr1l

UwpYf5y9yKaZ3uq7YMtUj5Ce9pzadzQx48rWQOKqEflOH+5GW7JceBHOpRT4WiAt

nPmPqiAXRL69tPfw7c7KlovrXzBnz+ry2wudUzxCkzISeKhjQmSOzNGkCA=
=</X509Certificate>
<X509Certificate>

MIICLzCCAZigAwIBAgIUDCoCMPC4RFdRjyNgFsUrfBQO9OUwDQYJKoZIhvcNAQEF

BQAwSTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0NhcmFkYXMxFTATBgNVBAsTDENh

cmFkYXMgTGFiczERMA8GA1UEAxMIQ1RIIFJPT1QwHhcNMDUwOTI3MTc0NTQwWhcN

MDkwOTI2MTc0NTQwWjBHMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHQ2FyYWRhczEV

MBMGA1UECxMMQ2FyYWRhcyBMYWJzMQ8wDQYDVQQDEwZDVEggQ0EwgZ8wDQYJKoZI

hvcNAQEBBQADgY0AMIGJAoGBALBOKXF4jod6D/NNKWNKCHB1SMZ/CdxT+p+JXICE

loIGvrthQXtzs52H7C1xagSXpBXwRT4cwIJgNhz4oSQlGipwwJXDs3JPmiTE39t2

9vOgPJ7NHIdUNqVyR/ExedOCVt187vLqpUrRcY2xyt+Dcu0uXJAP6xv3QNkf2m2A

oAPXAgMBAAGjFjAUMBIGA1UdEwEB/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQEFBQAD

gYEAAN+yrscL1NQp04TTDRESIEnaQrpd2GJSMUiwWkEt7JEzySiQkXWWkbG+urlL

Zhp98mLM53W7FwR36fUxIeGO9xhxz76AVZjq+UyptZNhmI3uAFP1nMw+CbWQhG41

DmXmHBr79NWBvydRH4KwjeP7fpVBpfmA1L9CtyNSJj/eCNE=
</X509Certificate>
<X509Certificate>

MIICMjCCAZugAwIBAgIVAK1iTXuIUE+KiCbaxBC+tDQQVZAtMA0GCSqGSIb3DQEB

BQUAMEkxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDYXJhZGFzMRUwEwYDVQQLEwxD

YXJhZGFzIExhYnMxETAPBgNVBAMTCENUSCBST09UMB4XDTA1MDkyNzE3NDUzOFoX

DTEzMDkyNTE3NDUzOFowSTELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0NhcmFkYXMx

FTATBgNVBAsTDENhcmFkYXMgTGFiczERMA8GA1UEAxMIQ1RIIFJPT1QwgZ8wDQYJ

KoZIhvcNAQEBBQADgY0AMIGJAoGBAIryv2suotsobenJXl7cavzAZFncyxqZ88M4

omYQHDdP57MJYHwzCMlG7qtmGhJmmqEXcAaHdGAngFbYrgCBqxiIbv9lgvHbyDLd

6YMULPdyWC0cgaKnm+4YrqnxVr1u09l8ogxmV5EyHWp03/fk5m/d4YOkcS1r+7Ay

IJWVz/uHAgMBAAGjFjAUMBIGA1UdEwEB/wQIMAYBAf8CAQEwDQYJKoZIhvcNAQEF

BQADgYEAOYhqttSMZMNj36xGP5Kr4HB9QH+4On24inwkH/ROTb1AHMJd1dl4x7DZ

9vlO/XtQR8eH7f+WsNKQFxCWH/4FoizO7bUaAm1yACFDzloFPmviQqCO2fm7GSw8

o4tV0tg9oQaqmwOV/EDvJj/HLek0ONKjZghHwqWyredfDxGlnU8=
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Message>
</ThreeDSecure>
#########################################################

Andrew Thompson je napisao/la:
 
Ad

Advertisements

A

Andrew Thompson

alan_sec said:
Here is exact xml document:

That's the go. Hopefully the folks with the expertise
will have the necessary detail to help, but two quick notes
1) It is generally considered more logical, and easy to
read replies, when you reply *below* the comment that
you are replying to (like I am doing).
2) My bad. But while I stressed 'exact', I did not also
make clear that it did not necessarily need to be the
'complete'* file. When somebody claims code is
'something like', I get the impression of them 'quickly
retyping' a version of their code, and typos. tend to
be introduced.

* I am a big fan of *complete* examples, but some
folks do not like 'long' listings - though even your
complete file should not get their back's up.. maybe.

Hope you sort it.

Andrew T.
 

Top