<div dir="ltr">hello,<br>When I verify the signature I got the following error:<br>func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match<br><br>The point is I can use the same code to verify some other xml signature except this one which I got response from other's Web Service.<br>
Could you check the following xml piece to see whether there is something which cause this error? Could it possible caused by "<ec:InclusiveNamespaces xmlns:ec="<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>" PrefixList="ds saml xs"/>" which seems not exist in my own generating response.<br>
<br>Thanks<br>Weizhong Qiang<br><br><br>**********************<br><br><saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" ID="_4f357ca2-ad38-4611-8dfd-f5e4d193d95c" IssueInstant="2008-10-09T15:48:59.621Z" Version="2.0"><saml:Issuer>CN=Weizhong Qiang,OU=<a href="http://fys.uio.no">fys.uio.no</a>,O=NorduGrid,O=Grid</saml:Issuer><ds:Signature xmlns:ds="<a href="http://www.w3.org/2000/09/xmldsig#">http://www.w3.org/2000/09/xmldsig#</a>"><br>
<ds:SignedInfo><br><ds:CanonicalizationMethod Algorithm="<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>"/><br><ds:SignatureMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>"/><br>
<ds:Reference URI="#_4f357ca2-ad38-4611-8dfd-f5e4d193d95c"><br><ds:Transforms><br><ds:Transform Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>"/><br>
<ds:Transform Algorithm="<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>"><ec:InclusiveNamespaces xmlns:ec="<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>" PrefixList="ds saml xs"/></ds:Transform><br>
</ds:Transforms><br><ds:DigestMethod Algorithm="<a href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>"/><br><ds:DigestValue>6GUoFLrpxDGrP3b8nYToGuTGDkQ=</ds:DigestValue><br>
</ds:Reference><br></ds:SignedInfo><br><ds:SignatureValue><br>Tv8kUkw0Lvplsa5WY/GfT5TW2ggxsKCFp9p+VEBLIcHQATy/kCUDQiPLeBT8ZcgOB6YFR/xo3848<br>GWBX4GwtREGAhIznm6GSic67lnfvpwzb/GQhxVZf+YnIvPfpytAutmM2dSm03ZTO8tPXBfG4Tcyu<br>
kqHPcwnZs34BaWKss2I=<br></ds:SignatureValue><br><ds:KeyInfo><ds:X509Data><ds:X509Certificate>MIIDMjCCApugAwIBAgICC3kwDQYJKoZIhvcNAQEFBQAwTzENMAsGA1UEChMER3JpZDESMBAGA1UE<br>ChMJTm9yZHVHcmlkMSowKAYDVQQDEyFOb3JkdUdyaWQgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkw<br>
HhcNMDgwNDE2MDk1NzUxWhcNMDkwNDE2MDk1NzUxWjBRMQ0wCwYDVQQKEwRHcmlkMRIwEAYDVQQK<br>EwlOb3JkdUdyaWQxEzARBgNVBAsTCmZ5cy51aW8ubm8xFzAVBgNVBAMTDldlaXpob25nIFFpYW5n<br>MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCwVJsM8PUkeBVSRXWbmlwSvIxwOMvDnw0CbM4k<br>
d9EBZBjjaW/TTwBfKiTuLyONSQ3BV9APndWXPoqNy3F7cZbsA9IeIalOi0KtVtNVktybspEGJZRy<br>FN+kprbLJKoEViOB8q1DG0rv09zWA7n6qRFJcKqzePzsKy8Zo/bL3bI85QIDAQABo4IBGTCCARUw<br>CQYDVR0TBAIwADARBglghkgBhvhCAQEEBAMCBaAwCwYDVR0PBAQDAgXgMCwGCWCGSAGG+EIBDQQf<br>
Fh1PcGVuU1NMIEdlbmVyYXRlZCBDZXJ0aWZpY2F0ZTAdBgNVHQ4EFgQUfkmW6yooaz8IDx6cd2BK<br>7RUrDjcwdwYDVR0jBHAwboAUGAXA/AvRtzr0ZZIJ+1mhX8eIxPChU6RRME8xDTALBgNVBAoTBEdy<br>aWQxEjAQBgNVBAoTCU5vcmR1R3JpZDEqMCgGA1UEAxMhTm9yZHVHcmlkIENlcnRpZmljYXRpb24g<br>
QXV0aG9yaXR5ggEAMCIGA1UdEQQbMBmBF3dlaXpob25ncWlhbmdAZ21haWwuY29tMA0GCSqGSIb3<br>DQEBBQUAA4GBABgih1dwIS2FDdMlzO/pucYju87s8V1xcVxxjh7jYeSbOgmc3rWfohKkkvomtmnJ<br>22Ae0mfN/sNaZVwxO82XNej5lob8xp+iroYM+Rrt6ZnhWDNaMuIKTbFA/HgfnTcZjrPm5ttNYorb<br>
qDCr7j/ab0xkaTwQYVjnJc0lyjaWGsdL</ds:X509Certificate></ds:X509Data></ds:KeyInfo></ds:Signature><saml:Subject><saml:NameID Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">CN=test,O=UiO,ST=Oslo,C=NO</saml:NameID><saml:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"><saml:SubjectConfirmationData><ds:KeyInfo xmlns:ds="<a href="http://www.w3.org/2000/09/xmldsig#">http://www.w3.org/2000/09/xmldsig#</a>"><ds:X509Data><ds:X509Certificate>MIICozCCAgygAwIBAgIBATANBgkqhkiG9w0BAQQFADA3MQswCQYDVQQGEwJOTzENMAsGA1UECBME<br>
T3NsbzEMMAoGA1UEChMDVWlPMQswCQYDVQQDEwJDQTAeFw0wNzExMDYxNTE4NDlaFw0wODExMDUx<br>NTE4NDlaMDkxCzAJBgNVBAYTAk5PMQ0wCwYDVQQIEwRPc2xvMQwwCgYDVQQKEwNVaU8xDTALBgNV<br>BAMTBHRlc3QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMUZpDYNYNuoqohEkP4w/MnGAiXV<br>
sZUSPuFChL2HT2sE7VQ2/RsFKRyAFXNaBIPcpoJF2uTv6Llc0G9F5v4G5ZyZiiexgl3HtnmiMcgW<br>ie/d5XfYf0o+2xhofdsgxb5d2DRFyUVxkKnBRYSSebR9wsdlwtlduSDxsN22CFITqL3FAgMBAAGj<br>gbwwgbkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0EHxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlm<br>
aWNhdGUwHQYDVR0OBBYEFGtX2cUVfSVs1xLKLwwscpNon2duMF8GA1UdIwRYMFaAFLg5jUhGbh+u<br>jBIx6kabFY+E5JrWoTukOTA3MQswCQYDVQQGEwJOTzENMAsGA1UECBMET3NsbzEMMAoGA1UEChMD<br>VWlPMQswCQYDVQQDEwJDQYIBADANBgkqhkiG9w0BAQQFAAOBgQAIrqV+I9YbXvpsRvwJLOFIVIuX<br>
Cy8l5RjfSrd4UG3oX3c0nmr5oe93XomAJ525ULOGSh5w8kmfGA96yUi2LRmdM9ZQyyVWLDagU0dt<br>mdcJm2CedeRxI+ShtIE3PRc/OTEjz/dvY6gD/jiHDUr/IcooHMSApIuDZXWvSNWSql0Swg==</ds:X509Certificate></ds:X509Data></ds:KeyInfo></saml:SubjectConfirmationData></saml:SubjectConfirmation></saml:Subject><saml:Conditions NotBefore="2008-10-09T15:48:59.621Z" NotOnOrAfter="2008-10-10T02:48:59.621Z"/><saml:AttributeStatement><saml:Attribute Name="Degree" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xs:string">PhD</saml:AttributeValue></saml:Attribute><saml:Attribute Name="<a href="http://voms.forge.cnaf.infn.it/group">http://voms.forge.cnaf.infn.it/group</a>" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:unspecified"><saml:AttributeValue xsi:type="xs:string">/knowarc</saml:AttributeValue><saml:AttributeValue xsi:type="xs:string">/knowarc/UiO</saml:AttributeValue></saml:Attribute></saml:AttributeStatement></saml:Assertion><br>
</div>