<?xml version="1.0" encoding="UTF-8"?> <!-- edited with XML Spy v4.4 U (http://www.xmlspy.com) by Stephan Grill (Anecon) --> <!--the given XML Data shows a simple request w/ SignatureManifestCheckParams (but w/o Supplement) which must return a valid return codes--> <VerifyXMLSignatureRequest xmlns="http://reference.e-government.gv.at/namespace/moa/20020822#" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"> <DateTime>2002-12-01T09:30:47-05:00</DateTime> <VerifySignatureInfo> <VerifySignatureEnvironment> <XMLContent> <dsig:Signature> <dsig:SignedInfo> <dsig:CanonicalizationMethod Algorithm="aValidURI"/> <dsig:SignatureMethod Algorithm="anValidURI"/> <dsig:Reference> <dsig:DigestMethod Algorithm="aValidURI"/> <dsig:DigestValue>U3Zlbg==</dsig:DigestValue> </dsig:Reference> </dsig:SignedInfo> <dsig:SignatureValue>U3Zlbg==</dsig:SignatureValue> </dsig:Signature> </XMLContent> </VerifySignatureEnvironment> <VerifySignatureLocation>anValidXPathExpression</VerifySignatureLocation> </VerifySignatureInfo> <SignatureManifestCheckParams ReturnReferenceInputData="true"> <ReferenceInfo> <VerifyTransformsInfoProfile> <dsig:Transforms> <dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116"> <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform"/> </dsig:Transform> </dsig:Transforms> <TransformParameter URI="validURI"> <Base64Content>PD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8dGVzdD48L3Rlc3Q+</Base64Content> </TransformParameter> </VerifyTransformsInfoProfile> <VerifyTransformsInfoProfileID>validID</VerifyTransformsInfoProfileID> </ReferenceInfo> </SignatureManifestCheckParams> <TrustProfileID>aValidTrustProfileID</TrustProfileID> </VerifyXMLSignatureRequest> <!--the following modifications (individually and in combination) must return a valid response * no SignatureManifestCheckParams/@ReturnReferenceInputData * SignatureManifestCheckParams/@ReturnReferenceInputData = false * no content of dsig:Transform * 2 dsig:Transform elements * TransformParameter/Hash statt TransformParameter/Base64Content * TransformParameter/@URI und TranformParameter/Base64Content liefern unterschiedliche Werte - es wird der Wert aus Base64Content verwendet * weder Base64Content noch Hash wird verwendet * 0 TransformParameter * 2 TransformParameter * 2 VerifyTransformsInfoID * 2 ReferenceInfo (for 2 dsig:Reference) Total: 11 Testcases--> <!--each of the following modifications (individually) must return an error code * VerifyTransformsInfoID: invalidID * number of ReferenceInfo is different from number of dsig:Reference in the signature * mismatching dsig:Transform/@Algorithm and dsig:Transform content * TransformParameter/@URI resolves but Hash does not match - which hashing algorithm? * kein TransformParameter element obwohl in Transforms URIs referenziert werden (Referenz-Eingangsdaten sind KEIN impliziter Transformationsparameter) Total: 5 Testcases-->