[xmlsec] Visa ThreeDSecure
colin lee
colinl888@hotmail.com
Sat, 04 Oct 2003 00:22:04 +0000
This is a multi-part message in MIME format.
------=_NextPart_000_7e7c_76a6_1ee2
Content-Type: text/plain; format=flowed
Hi there,
I've been following the Visa 3D-secure thread with great interest and
concern.
But my "problem" is we are able to pass certification for the MPI component
using libxml2 and xmlsec without changing any source code. However I think
people on this list are much more knowlegable than I on this subject, I just
want to confirm I didn't miss anything. I am using libxml2 ver 2.5.1 and
xmlsec 1.0.2
(I've tested xmlsec 1.2.0 also, same result). Can someone please explain
why this works, or doesn't work ? Thanks.
Below is what I used for signature verification, the attachment contains the
PaRes.xml
./xmlsec1 --verify --trusted-pem certs/cthRoot.pem --dtd-file pares.dtd
PaRes.xml
pares.dtd:
<!ATTLIST PARes id ID #IMPLIED>
_________________________________________________________________
MSN 8 helps eliminate e-mail viruses. Get 2 months FREE*.
http://join.msn.com/?page=features/virus
------=_NextPart_000_7e7c_76a6_1ee2
Content-Type: text/xml; name="t.xml"
Content-Transfer-Encoding: 8bit
Content-Disposition: attachment; filename="t.xml"
<ThreeDSecure><Message id="Req.19575.1057466811"><PARes id="827638898"><version>1.0.2</version><Merchant><acqBIN>11111111111</acqBIN><merID>12AB,cd/34-EF -g,5/H-67</merID></Merchant><Purchase><xid>UmVxLjE5NTc1LjEwNTc0NjY4MTE=</xid><date>20030705 21:46:51</date><purchAmount>123456</purchAmount><currency>840</currency><exponent>2</exponent></Purchase><pan>0000000001000</pan><TX><time>20030706 04:46:55</time><status>Y</status><cavv>AAABBJg0VhI0VniQEjRWAAAAAAA=</cavv><eci>03</eci><cavvAlgorithm>1</cavvAlgorithm></TX></PARes><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod><Reference URI="#827638898"><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod><DigestValue>dMPnv+WbteJrNEIrEmeKgHxAPf0=</DigestValue></Reference></SignedInfo><SignatureValue>HDtpv1A98/XHJW0bfafZite8xd4GXHVGaQOdpca5Oc5t9p0ZUeogtQMYQpblGkA5DilCgoNuJseD0sKseJgDOBYWZaNBPi2Wlp8h+OKy2vNfNpH/HirLs9qpVJiHbuTRN+vjkgrplx5yjNNUNhcPw+WbjELbzEwG85vZDdZSes4=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIICUjCCAbugAwIBAgIVAMCkxlCRAs/WKbXf2jTnUXMsAdF4MA0GCSqGSIb3DQEBBQUAMFoxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDYXJhZGFzMSswKQYDVQQLEyIzLUQgU2VjdXJlIENvbXBsaWFuY2UgVGVzdEZhY2lsaXR5MQwwCgYDVQQDEwNDVEgwHhcNMDMwMjI2MTk0NjU3WhcNMDQwMjI1MTk0NjU3WjBeMQswCQYDVQQGEwJVUzEQMA4GA1UEChMHQ2FyYWRhczEsMCoGA1UECxMjMy1EIFNlY3VyZSBDb21wbGlhbmNlIFRlc3QgRmFjaWxpdHkxDzANBgNVBAMTBkNUSEFDUzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEArYhMfh99wKifLBUdstQsPpq44mhsQizlSP/1Mu2+LibQUFtYR+l61aP1GHin94AkCMgiZTZ1gvIhS+sR3G+dhmB5bed88rAxAxLcUn85QpkRPqYmfiGamUpyW3QNINlgjofP+ZwmIvKmw9d2j8BTlbvxwGhSEoo+LdDTA8OX73MCAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOBgQCgk3cZSLMYuFgo5OHeRYUVbC6K66QjuuGPeFBU4q+4foUJDqNk7rj0eVF1kQwNMEsnFTT8MJg+ITmt8Uly4d47pQ5QDhBmOGe3o7wWFHOLD7Z7nWFerZgVI2MgEGe6xZOZYJ2uQBxlwAVmA4gl78PyEVQFIon9syEHbiTyF8DNRA==</X509Certificate><X509Certificate>MIICWTCCAcKgAwIBAgIUF25v+QeahR3/wUht5cWKiiCQKvkwDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0NhcmFkYXMxLDAqBgNVBAsTIzMtRCBTZWN1cmUgQ29tcGxpYW5jZSBUZXN0IEZhY2lsaXR5MREwDwYDVQQDEwhDVEhfUk9PVDAeFw0wMzAyMjYxOTM2NTdaFw0wNDAyMjYxOTM2NTdaMFoxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDYXJhZGFzMSswKQYDVQQLEyIzLUQgU2VjdXJlIENvbXBsaWFuY2UgVGVzdEZhY2lsaXR5MQwwCgYDVQQDEwNDVEgwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMZR/IIv2NM3K+n3EE1CZn5rnbcRrU29f4jDo3ix0QSTTQk0slC7AsoK3W1QqvCq4uXh6h4O8GMRZV7l79SuurvZ03QQC3xItMsgs/4t7wTw80KUFE7pcGgyseVp2WzBBFk5WkKRRa/JjboYPgXZ29PmS/zLRLA/cC11hX8GfeKfAgMBAAGjFjAUMBIGA1UdEwEB/wQIMAYBAf8CAQEwDQYJKoZIhvcNAQEFBQADgYEAFdlpx9BHXxzrLxj0eHLkmWVobsnbJfnIOtFhSunQrUR5N6yN+EKQTUTsNBieLoNOHXLChszT1m3cdF4J0v4c81/QzAAZb1VNXXpNDhhAs1JL7UQ/vGQ7IuEw4UjKavGUkRf+yMr9zlvlVHJMPVuGbFK3rsdyLgfuP3e6CPWZjWI=</X509Certificate><X509Certificate>MIICMjCCAZsCBDyQFZowDQYJKoZIhvcNAQEFBQAwYDELMAkGA1UEBhMCVVMxEDAOBgNVBAoTB0NhcmFkYXMxLDAqBgNVBAsTIzMtRCBTZWN1cmUgQ29tcGxpYW5jZSBUZXN0IEZhY2lsaXR5MREwDwYDVQQDEwhDVEhfUk9PVDAeFw0wMjAzMTQwMzE0MzRaFw0wNjAzMTUwMzE0MzRaMGAxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDYXJhZGFzMSwwKgYDVQQLEyMzLUQgU2VjdXJlIENvbXBsaWFuY2UgVGVzdCBGYWNpbGl0eTERMA8GA1UEAxMIQ1RIX1JPT1QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAMVvo8AIMuGtvtmBVOs7Oa/XDVqufBAR+1d/fVs8WgmaiobCMHarfORyZy81pjAHN2GDkMKjvmHdH7JsfzkUbW7gLJcMLk8YKw5l2/RkCHuk8OvMKBrskNf8nRjPCUWebpzJUq9DY6kP3g94RJNJUufNNRWfYUjGybcFot2Q0RD9AgMBAAEwDQYJKoZIhvcNAQEFBQADgYEAo4LTkdISkq5kNb7OsPwMdke7bCG7sD49J4oCwb221a3e3MCgxajCQMT3SsdWO+6cEgoq5qbITXBRcp3dv94edWUzgDkhUO+c16n5sY4oJGRTuUoY1vd14k+aAlsJq9P78Uww32E03WGLojwq7EfLjAKNIFgGlMcQv08ZxBzK4Fc=</X509Certificate></X509Data></KeyInfo></Signature></Message></ThreeDSecure>
------=_NextPart_000_7e7c_76a6_1ee2--