Hi, I created a small test project that generates a signature with an XPath transformation I did some tests and found 1) the result of the transformation is the same hen using Santuario 3.0.4 and when using Santurio 4.0.2 (based on the result of org.apache.xml.security.signature.Reference.getContentsAfterTransformation) 2) The digest in the signature created by Santuario 3.0.4 is different than the digest created by Santuario 4.0.2 3) When using a different XPath expression, Santuario 3.0.4 generates a different digest (as expected because the result of the transformation is different). But Santurio 4.0.2 generates the same digest as the first XPath expression.
<ds:DigestValue>47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=</ds:DigestValue> Enclosed also the results of the signature generation and the contentsAfterGeneration and a hash of the contentAfterGeneration. Any help will be appreciated. kind regards, Micha Wensveen Solution Architect Visma Connect B.V. Lange Kleiweg 6 2288 GK Rijswijk, The Netherlands Mobile +31658872337 www.suresync.nl This communication is intended for the person(s) named above only. It contains information that is confidential and legally privileged. If received in error, please delete this e-mail and notify the sender. On Mon, 2 Sept 2024 at 12:52, Colm O hEigeartaigh <[email protected]> wrote: > Hi, > > I don't see anything obvious as to why it doesn't work, maybe a bug. > Can you create a testcase please that reproduces the problem? > > Colm. > > On Mon, Sep 2, 2024 at 7:49 AM Micha Wensveen <[email protected]> > wrote: > > > > Good Morning, > > > > I hope somebody can help me. > > > > I upgraded my application from using xmlsec 3.0.4 to 4.0.2. > > However when I validate a digital signature that has been created with > version 3.0.4 it fails validation with these logmessages > > > > 2024-09-02 06:32:17,581 [main] WARN o.a.xml.security.signature.Reference > - Verification failed for URI "myfile.xml" > > 2024-09-02 06:32:17,582 [main] WARN o.a.xml.security.signature.Reference > - Expected Digest: dsslKYCcuSb+MHq9e36/JbugIuP7LdkLlUqiScdqgXs= > > 2024-09-02 06:32:17,582 [main] WARN o.a.xml.security.signature.Reference > - Actual Digest: 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= > > > > This only happens when using xpath transformation > > > > <ds:Reference Id="xmldsig-ref1" URI="myfile.xml"> > > <ds:Transforms> > > <ds:Transform Algorithm=" > http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> > > <ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2";> > > <dsig-xpath:XPath xmlns:dsig-xpath=" > http://www.w3.org/2002/06/xmldsig-filter2"; xmlns:xbrli=" > http://www.xbrl.org/2003/instance"; > Filter="intersect">xbrli:xbrl//*[@id!='' and not(starts-with(@id, > 'kvk-i_DocumentAdoption'))]</dsig-xpath:XPath> > > </ds:Transform> > > </ds:Transforms> > > <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> > > > <ds:DigestValue>dsslKYCcuSb+MHq9e36/JbugIuP7LdkLlUqiScdqgXs=</ds:DigestValue> > > </ds:Reference> > > > > Is there a migration document to migrate to version 4? > > Is there something that I need to change in my code? > > > > Any help will be appreciated. > > > > > > kind regards, > > > > > > Micha Wensveen > > > > > > > > This communication is intended for the person(s) named above only. It > contains information that is confidential and legally privileged. If > received in error, please delete this e-mail and notify the sender. > > > > >
<<attachment: Results.zip>>
<<attachment: test-signature_project.zip>>
