summaryrefslogtreecommitdiff
path: root/tests/merlin-xmldsig-twenty-three/Readme.txt
blob: 37e9d88f63ce4b3c6e02c9b8d3ebbf90d9078363 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63

Sample XML Signatures[1][2]

[1] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/
[2] http://www.w3.org/TR/2001/REC-xml-c14n-20010315

1. A large and complex signature:

This includes internal and external base 64, references of the forms
"", "#xpointer(/)", "#foo" and "#xpointer(id('foo'))" (with and
without comments), manifests, signature properties, simple xpath
with here(), xslt, retrieval method and odd interreferential
dependencies.

  signature.xml - A signature
  signature.tmpl - The template from which the signature was created
  signature-c14n-*.txt - All intermediate c14n output

2. Some basic signatures:

The key for the HMAC-SHA1 signatures is "secret".getBytes("ASCII")
which is, in hex, (73 65 63 72 65 74). No key info is provided for
these signatures.

  signature-enveloped-dsa.xml
  signature-enveloping-b64-dsa.xml
  signature-enveloping-dsa.xml
  signature-enveloping-hmac-sha1-40.xml
  signature-enveloping-hmac-sha1.xml
  signature-enveloping-rsa.xml
  signature-external-b64-dsa.xml
  signature-external-dsa.xml - The signatures
  signature-*-c14n-*.txt - The intermediate c14n output

3. Varying key information:

To resolve the key associated with the KeyName in `signature-keyname.xml'
you must perform a cunning transformation from the name `Xxx' to the
certificate that resides in the directory `certs/' that has a subject name
containing the common name `Xxx', which happens to be in the file
`certs/xxx.crt'.

To resolve the key associated with the X509Data in `signature-x509-is.xml',
`signature-x509-ski.xml' and `signature-x509-sn.xml' you need to resolve
the identified certificate from those in the `certs' directory.

In `signature-x509-crt-crl.xml' an X.509 CRL is present which has revoked
the X.509 certificate used for signing. So verification should be
qualified.

  signature-keyname.xml
  signature-retrievalmethod-rawx509crt.xml
  signature-x509-crt-crl.xml
  signature-x509-crt.xml
  signature-x509-is.xml
  signature-x509-ski.xml
  signature-x509-sn.xml - The signatures
  certs/*.crt - The certificates

Merlin Hughes <merlin@baltimore.ie>
Baltimore Technologies, Ltd.
http://www.baltimore.com/

Thursday, April 4, 2002
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-04 04:14:58 +0000