Signature Validation Failure
I'm having a problem getting signature validation to work, and have
realized that even the example programs fail.
I have installed the provider and mail jars onto a JDK1.6.0_06
install and compiled the examples from the command line, and
chapter9/SignedMailExample produces the following output:
verification failed
Content: Hello world!
I'm developing under Eclipse but did the test above to eliminate
eclipse related issues.
Running the same program under the debugger I can see that the wrong
private key seems to be being returned by the path builder. In
SignedDataProcessor.isValid() after the call to Utils.buildPath I
can see that the result contains three certificates including the
anchor:
SubjectDN: CN=Test End Certificate
Public Key: RSA Public Key
modulus: b343ffb44b7fa313da2820a79ba730b39fedaec168ecdcfed5 147b5641608a390f2a95004f636d16576257e2400ecfbbd03c 68215254b40e27842d4b1bab63e3d09501a7e8453cea268b08 64ef08c6e117ff99f8b3690bb51e8428c84dfa26233f6d4782 947b58408e910691a876d42b28acc9fe0479764f581b1c194f 08e299
SubjectDN: CN=Test Intermediate Certificate
Public Key: RSA Public Key
modulus: 8ddcf0a8e16bd1391bab9a7f3f2c36b22b281b2f40747b25d5 be41ae67ff156b6faf3c770678594ff58372259f18f1015e20 59597092c755f17500941e8c3cfe32ec9c23bd9e075e42e050 84a90719a51292caf890e8b76f3d01af2922bb5d6328b87d4e 4ac0064337ec98b89599ba9a70dcb74779a65eaca5de6e0de6 6c01c1
SubjectDN: CN=Test CA Certificate
Public Key: RSA Public Key
modulus: 98df9f0af99fe887925c40145e52abeb91f4984813bc606b84 0f6f8c3717337eaa7fc10df7393b5ad45a36e3a2006cf3bd24 9aa94e3dc7f0fa05c124a5f66136fb6f421ca44d3ca083578b 50bfb30bf5444cb6e51b63b631df8c28b73ce55a3556debb24 2775e7e6d338b4b292e50c2668246ec046376862ed21613f62 819215
BUT a call to result.getPublicKey() returns
RSA Public Key
modulus: 8ddcf0a8e16bd1391bab9a7f3f2c36b22b281b2f40747b25d5 be41ae67ff156b6faf3c770678594ff58372259f18f1015e20 59597092c755f17500941e8c3cfe32ec9c23bd9e075e42e050 84a90719a51292caf890e8b76f3d01af2922bb5d6328b87d4e 4ac0064337ec98b89599ba9a70dcb74779a65eaca5de6e0de6 6c01c1
public exponent: 10001
This is, as you can see, the public key from the intermediate cert.
I cannot step into the code in the debugger because it goes through
the provider API, but I am assuming that if the cert list includes
the correct end entity certificate that the selector is correct, is
that fair?
Either way, I can't see why the wrong key results.
Any clues would be most appreciated.
Thanks,
Bruce.
|
