-
Bug
-
Resolution: Not an Issue
-
P2
-
None
-
6u1
-
None
-
sparc
-
solaris_10
JRE 1.6_1
BT Spine are using XML D-Sig to sign XML docs within IDM 8.0.0.2. However the test harness attached has reproduced the issue outside of IDM.
The problem the customer is having is that a digitally signed document cannot be verified because the certificate verification fails.
The DN seems to be the issue in the certificate that is the problem and it seems to be down in the DER stream decoding and may be part of a bigger issue. Some certificates when used to sign a document cause the validation to fail with an exception:
javax.xml.crypto.dsig.XMLSignatureException: java.security.SignatureException: Signature encoding error
at xmldsigutils.newpackage.SignedDataValidator.validateSignature(SignedDataValidator.java:460)
at xmldsigutils.newpackage.SignedDataValidator.validate(SignedDataValidator.java:310)
at xmldsigutils.TestValidator.main(TestValidator.java:68)
It seems that if there is an underscore in the issuer DN then the failure occurs every time.
Attached is a test harness that can be run standalone without IDM to reproduce the problem.
I have attached 3 xml signed documents:
GoodSignedXML - this validates fine
BadSignedXML - this fails with a signature encoding error
BadSignedXML_CC - this fails with Cannot validate signatures without a signing certificate
Testing this is not easy as its difficult to prise apart the transaction signing pieces and test independently.
3 files:
GoodSignedXML -----
<XMLSignedData signedContent="U2lnbiBUaGlz"><XMLSignature><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>WtyodfGvVs3KFyIkvFXrJVbGyvA=</DigestValue></Reference></SignedInfo><SignatureValue>Bix+qAVY02ymHUN3cz25dU9AfW0z1v1MhQPjIqMQw9I1eNUJ6CZxDJw4i3sK2xEdLF5VU4qeC8DC
8ThVR6HyC2OFKpo6RsyA7qwuK5ya6m0uudayX/8P6A6RzE9eHjyawu2lfHwdRFsEmmMXXToSAVbY
C7Nvujp9Ni91ubZUd4o=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDYjCCAkqgAwIBAgIESUKk5DANBgkqhkiG9w0BAQUFADArMQwwCgYDVQQKEwNuaHMxCzAJBgNV
BAsTAkNBMQ4wDAYDVQQDEwVTVUJDQTAeFw0wOTAyMTIwOTE5MDBaFw0xMjAyMTIwOTQ5MDBaMC4x
DDAKBgNVBAoTA25oczEPMA0GA1UECxMGUGVvcGxlMQ0wCwYDVQQDEwQxMDAyMIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQC786jRSeMW5Huej8A4o91HIq3/gkHCEuIWTG3qya9unLPkQkgg8Bmu
ChbCdiE6OIP1YQw+yf6f5f8I+ywh6Qz1eva1SDSl1PWYCNQ0VGmFeRKdOsCNPHZiT86R9uUPjZDC
j1RL2g8e0sHrvx/z3tpD+ayG4g2+29K29HAcCPWA8QIDAQABo4IBDTCCAQkwCwYDVR0PBAQDAgeA
MCsGA1UdEAQkMCKADzIwMDkwMjEyMDkxOTAwWoEPMjAxMDAzMTMxMzQ5MDBaMBgGA1UdIAQRMA8w
DQYLKoY6AIl7ZQADAQEwTQYDVR0fBEYwRDBCoECgPqQ8MDoxDDAKBgNVBAoTA25oczELMAkGA1UE
CxMCQ0ExDjAMBgNVBAMTBVNVQkNBMQ0wCwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFBDOcGtWu24j
54iVCO0szMBzo/8+MB0GA1UdDgQWBBSnXs+mfmQLHiOSX6okklWByh60ITAJBgNVHRMEAjAAMBkG
CSqGSIb2fQdBAAQMMAobBFY3LjEDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQCAdqt2pAPixjUottOf
C/MTuW29ycU/QUboXo99zTv0mMVerR/rBp75B49X0ukex77tw7Q4yyV9kzK83v9sfdmTNXdlqtCF
eDM3dDLWe5n39IstvtEseE61DJcfyuiIAbD/qmLpFKDFhwGV7HoLbtIcK8U9B8vpuoXUdShcG91z
5unOU7uTPw4FarYVOZPSSqP9M9ztcK9hYm8folkTKxpi4A5cIo/b1SHQKXe9uirEppFYQjDlQvsp
OnAD/Xb19PfYZNNuMxkWXUN/HWKy19nkMmTQE6FEH+k/33Qmbvf4DshvvNPjo8NEE/iols+OHiDo
cDQSG/k1HUfYLILNOdRG</X509Certificate></X509Data></KeyInfo></Signature></XMLSignature></XMLSignedData>
BadSignedXML -----
<XMLSignedData signedContent="U2lnbiBUaGlz"><XMLSignature><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>WtyodfGvVs3KFyIkvFXrJVbGyvA=</DigestValue></Reference></SignedInfo><SignatureValue>AN1p3xo9/8c6RoiuzbbCf16FhlUfpPsTJjb4oREqnkculLee0puPV2qrnENrf8oulHMUg6soJ0dV
6wUZy3FTvF3LmusoVU5OHRy8+mxL6nR5ahxhHsLZioB/W010CHoxwEqPF6KgxV9bhjI/rG0CsyJY
8GXrcenCIyuWDMTiqac=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDbzCCAlegAwIBAgIEQHkn6TANBgkqhkiG9w0BAQUFADAtMQwwCgYDVQQKEwNuaHMxCzAJBgNV
BAsTAkNBMRAwDgYDVQQDEwdTdWJDQTAyMB4XDTA4MTExNDA5NDMwNFoXDTEzMTExNDEwMTMwNFow
NjEMMAoGA1UECgwDbmhzMQ8wDQYDVQQLDAZQZW9wbGUxFTATBgNVBAMMDDk4ODc1MTIxNDU0MTCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmEYjHl19lEol+FwnHX+kfa0GLEeSwZ5fNJyTIjXu
QH80NNkjwXCfuo/9jQ+LhFtKlIReY4w8kzx7YXHVoPV5FZbJIVD6G0apuMasQfZhFIeSiwhG356s
9PjY7rwBJYqLhv0yntmx0QPkiWmM4PtkCfGbdkYDV9He01QSOJgAP20CAwEAAaOCARAwggEMMAsG
A1UdDwQEAwIHgDArBgNVHRAEJDAigA8yMDA4MTExNDA5NDMwNFqBDzIwMTMxMTE0MTAxMzA0WjAY
BgNVHSAEETAPMA0GCyqGOgCJe2UAAwEBMFAGA1UdHwRJMEcwRaBDoEGkPzA9MQwwCgYDVQQKEwNu
aHMxCzAJBgNVBAsTAkNBMRAwDgYDVQQDEwdTdWJDQTAyMQ4wDAYDVQQDEwVDUkwyMzAfBgNVHSME
GDAWgBS2iUARkWoyThKHTCG1PQk3x8tFejAdBgNVHQ4EFgQUSZbDG3AhjxRjIgrP0HVp8pH0cyww
CQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIEsDANBgkqhkiG9w0BAQUFAAOCAQEA
kTkQiz2qC1+S8oSpS4EZBhd9bXJkNhAppdD6yzabTCsLVLtorYO+uJdVKcO2DHGeJw80CfTb8Mlv
iWIP1HJItW0jZRoOTA8Zxkq84pdwrFd1aDuxN4c48yuj0sUd29e7QmHs/7fsjSeVOVrg1FGTJo1d
pmqPh/wRY8T20wZapq28GVd/irifO1eflcVK2WAiB+vmsfWqfWxmVI2wS0H41aL4tQsorWF3ZM7w
sVJPzK8yG79yEKZi30al0r8sE0COtE3MkxZU6ib8O9jQ1BHhr3xfxUT1Iq2h+SNWLuXs52ib7H+b
g8jOTe5D47ZkU+/kF+A9kal0elcfaGImrsuy2g==</X509Certificate></X509Data></KeyInfo></Signature></XMLSignature></XMLSignedData>
BadSignedXML_CC -----
<XMLSignedData signedContent="U2lnbiBUaGlz"><XMLSignature><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>WtyodfGvVs3KFyIkvFXrJVbGyvA=</DigestValue></Reference></SignedInfo><SignatureValue>HU2f6XRjKIeT4UndJC96INU5Ul90Y1e1F/kFmmz/1Xc2ZDoyKIcwfw+MyX/ozlCT4++D5fBxThSS
QANcWvzUksdQ6qYIf+MxyEVjuUrWtKbPlPrHWUEQ1D2dQX++3cXfi5pIV8i9zQFeP+M723yzOPGd
IgfeAVAxNa5DDIC3kUI=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIID8zCCAtugAwIBAgIEQh/TaDANBgkqhkiG9w0BAQUFADAyMQwwCgYDVQQKEwNuaHMxCzAJBgNV
BAsTAkNBMRUwEwYDVQQDFAxOSVMxX1NVQkNBQ0MwHhcNMDgxMTE0MDk0MzAzWhcNMTAxMTE0MTAx
MzAzWjBDMQwwCgYDVQQKDANuaHMxDzANBgNVBAsMBlBlb3BsZTEiMCAGA1UEAwwZOTg4NzUxMjE0
NTQxX0xheGFfTklTZm91cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxNyWlkKB72dSei6E
HZcrIDn0FKYll+Ib0zr6Gp+lVD/AmIhhCHqr7avL+iOuGRmq7lwibtWoQMQqI7BnqYflnlNJwIM/
VMBwLnxQG3fgirOy0yBwBRjGj3OCtm/m7mhmrxA0WtajM4qHE8pzSa6PK5inEaHBSnPrRbOwaedc
T0UCAwEAAaOCAYIwggF+MA4GA1UdDwEB/wQEAwIGQDArBgNVHRAEJDAigA8yMDA4MTExNDA5NDMw
M1qBDzIwMTAxMTE0MTAxMzAzWjCBgQYDVR0gAQH/BHcwdTBzBgsqhjoAiXtmAAMCADBkMGIGCCsG
AQUFBwIBFlZodHRwOi8vbnd3Lm5wZml0Lm5ocy51ay9pbmZvcm1hdGlvbl9nb3Zlcm5hbmNlL2Nl
cnRpZmljYXRlX3BvbGljaWVzL2NvbnRlbnRfY29tbWl0bWVudDBVBgNVHR8ETjBMMEqgSKBGpEQw
QjEMMAoGA1UEChMDbmhzMQswCQYDVQQLEwJDQTEVMBMGA1UEAxQMTklTMV9TVUJDQUNDMQ4wDAYD
VQQDEwVDUkwxMjAfBgNVHSMEGDAWgBSSVsLJwM5SgoA2T7F5LBxfEnbcGDAdBgNVHQ4EFgQU35K0
YdKCwuJOjPzcyedSZocCItgwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIEsDAN
BgkqhkiG9w0BAQUFAAOCAQEAj2XWN1JJKDUtJ7HY03UOkura4jBejeODWuJ+25FVza0NRqvNqM4J
D7HlTAt3mW0U5Fm7iek0B4Ll8EcoQ/wPUxreO+HOM+AmyUS8HFw/av0HvG/XsQVKY61ETtnOSMZQ
oKx1CAbC3JVSSkr5OM+/0hPsDxHXkPfa2jcz0YEyO+SRIJG+2hXNnvshUaXsqdI2yL/5yb5OSJxX
Ay8p6BnV5LpYFkdLCRzMQoSFj8FdzZjCo2yQyXt0M71xNJy4LzEWxFqsA8LcIKkTzo2GhsJjnhdo
S0qHpVc6jxsd08PyqGV/f9ftygrMgixaP5hlMRPNnT5x+OazSMKYWoa4U65WUg==</X509Certificate></X509Data></KeyInfo></Signature></XMLSignature></XMLSignedData>
BT Spine are using XML D-Sig to sign XML docs within IDM 8.0.0.2. However the test harness attached has reproduced the issue outside of IDM.
The problem the customer is having is that a digitally signed document cannot be verified because the certificate verification fails.
The DN seems to be the issue in the certificate that is the problem and it seems to be down in the DER stream decoding and may be part of a bigger issue. Some certificates when used to sign a document cause the validation to fail with an exception:
javax.xml.crypto.dsig.XMLSignatureException: java.security.SignatureException: Signature encoding error
at xmldsigutils.newpackage.SignedDataValidator.validateSignature(SignedDataValidator.java:460)
at xmldsigutils.newpackage.SignedDataValidator.validate(SignedDataValidator.java:310)
at xmldsigutils.TestValidator.main(TestValidator.java:68)
It seems that if there is an underscore in the issuer DN then the failure occurs every time.
Attached is a test harness that can be run standalone without IDM to reproduce the problem.
I have attached 3 xml signed documents:
GoodSignedXML - this validates fine
BadSignedXML - this fails with a signature encoding error
BadSignedXML_CC - this fails with Cannot validate signatures without a signing certificate
Testing this is not easy as its difficult to prise apart the transaction signing pieces and test independently.
3 files:
GoodSignedXML -----
<XMLSignedData signedContent="U2lnbiBUaGlz"><XMLSignature><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>WtyodfGvVs3KFyIkvFXrJVbGyvA=</DigestValue></Reference></SignedInfo><SignatureValue>Bix+qAVY02ymHUN3cz25dU9AfW0z1v1MhQPjIqMQw9I1eNUJ6CZxDJw4i3sK2xEdLF5VU4qeC8DC
8ThVR6HyC2OFKpo6RsyA7qwuK5ya6m0uudayX/8P6A6RzE9eHjyawu2lfHwdRFsEmmMXXToSAVbY
C7Nvujp9Ni91ubZUd4o=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDYjCCAkqgAwIBAgIESUKk5DANBgkqhkiG9w0BAQUFADArMQwwCgYDVQQKEwNuaHMxCzAJBgNV
BAsTAkNBMQ4wDAYDVQQDEwVTVUJDQTAeFw0wOTAyMTIwOTE5MDBaFw0xMjAyMTIwOTQ5MDBaMC4x
DDAKBgNVBAoTA25oczEPMA0GA1UECxMGUGVvcGxlMQ0wCwYDVQQDEwQxMDAyMIGfMA0GCSqGSIb3
DQEBAQUAA4GNADCBiQKBgQC786jRSeMW5Huej8A4o91HIq3/gkHCEuIWTG3qya9unLPkQkgg8Bmu
ChbCdiE6OIP1YQw+yf6f5f8I+ywh6Qz1eva1SDSl1PWYCNQ0VGmFeRKdOsCNPHZiT86R9uUPjZDC
j1RL2g8e0sHrvx/z3tpD+ayG4g2+29K29HAcCPWA8QIDAQABo4IBDTCCAQkwCwYDVR0PBAQDAgeA
MCsGA1UdEAQkMCKADzIwMDkwMjEyMDkxOTAwWoEPMjAxMDAzMTMxMzQ5MDBaMBgGA1UdIAQRMA8w
DQYLKoY6AIl7ZQADAQEwTQYDVR0fBEYwRDBCoECgPqQ8MDoxDDAKBgNVBAoTA25oczELMAkGA1UE
CxMCQ0ExDjAMBgNVBAMTBVNVQkNBMQ0wCwYDVQQDEwRDUkwxMB8GA1UdIwQYMBaAFBDOcGtWu24j
54iVCO0szMBzo/8+MB0GA1UdDgQWBBSnXs+mfmQLHiOSX6okklWByh60ITAJBgNVHRMEAjAAMBkG
CSqGSIb2fQdBAAQMMAobBFY3LjEDAgSwMA0GCSqGSIb3DQEBBQUAA4IBAQCAdqt2pAPixjUottOf
C/MTuW29ycU/QUboXo99zTv0mMVerR/rBp75B49X0ukex77tw7Q4yyV9kzK83v9sfdmTNXdlqtCF
eDM3dDLWe5n39IstvtEseE61DJcfyuiIAbD/qmLpFKDFhwGV7HoLbtIcK8U9B8vpuoXUdShcG91z
5unOU7uTPw4FarYVOZPSSqP9M9ztcK9hYm8folkTKxpi4A5cIo/b1SHQKXe9uirEppFYQjDlQvsp
OnAD/Xb19PfYZNNuMxkWXUN/HWKy19nkMmTQE6FEH+k/33Qmbvf4DshvvNPjo8NEE/iols+OHiDo
cDQSG/k1HUfYLILNOdRG</X509Certificate></X509Data></KeyInfo></Signature></XMLSignature></XMLSignedData>
BadSignedXML -----
<XMLSignedData signedContent="U2lnbiBUaGlz"><XMLSignature><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>WtyodfGvVs3KFyIkvFXrJVbGyvA=</DigestValue></Reference></SignedInfo><SignatureValue>AN1p3xo9/8c6RoiuzbbCf16FhlUfpPsTJjb4oREqnkculLee0puPV2qrnENrf8oulHMUg6soJ0dV
6wUZy3FTvF3LmusoVU5OHRy8+mxL6nR5ahxhHsLZioB/W010CHoxwEqPF6KgxV9bhjI/rG0CsyJY
8GXrcenCIyuWDMTiqac=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIIDbzCCAlegAwIBAgIEQHkn6TANBgkqhkiG9w0BAQUFADAtMQwwCgYDVQQKEwNuaHMxCzAJBgNV
BAsTAkNBMRAwDgYDVQQDEwdTdWJDQTAyMB4XDTA4MTExNDA5NDMwNFoXDTEzMTExNDEwMTMwNFow
NjEMMAoGA1UECgwDbmhzMQ8wDQYDVQQLDAZQZW9wbGUxFTATBgNVBAMMDDk4ODc1MTIxNDU0MTCB
nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmEYjHl19lEol+FwnHX+kfa0GLEeSwZ5fNJyTIjXu
QH80NNkjwXCfuo/9jQ+LhFtKlIReY4w8kzx7YXHVoPV5FZbJIVD6G0apuMasQfZhFIeSiwhG356s
9PjY7rwBJYqLhv0yntmx0QPkiWmM4PtkCfGbdkYDV9He01QSOJgAP20CAwEAAaOCARAwggEMMAsG
A1UdDwQEAwIHgDArBgNVHRAEJDAigA8yMDA4MTExNDA5NDMwNFqBDzIwMTMxMTE0MTAxMzA0WjAY
BgNVHSAEETAPMA0GCyqGOgCJe2UAAwEBMFAGA1UdHwRJMEcwRaBDoEGkPzA9MQwwCgYDVQQKEwNu
aHMxCzAJBgNVBAsTAkNBMRAwDgYDVQQDEwdTdWJDQTAyMQ4wDAYDVQQDEwVDUkwyMzAfBgNVHSME
GDAWgBS2iUARkWoyThKHTCG1PQk3x8tFejAdBgNVHQ4EFgQUSZbDG3AhjxRjIgrP0HVp8pH0cyww
CQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIEsDANBgkqhkiG9w0BAQUFAAOCAQEA
kTkQiz2qC1+S8oSpS4EZBhd9bXJkNhAppdD6yzabTCsLVLtorYO+uJdVKcO2DHGeJw80CfTb8Mlv
iWIP1HJItW0jZRoOTA8Zxkq84pdwrFd1aDuxN4c48yuj0sUd29e7QmHs/7fsjSeVOVrg1FGTJo1d
pmqPh/wRY8T20wZapq28GVd/irifO1eflcVK2WAiB+vmsfWqfWxmVI2wS0H41aL4tQsorWF3ZM7w
sVJPzK8yG79yEKZi30al0r8sE0COtE3MkxZU6ib8O9jQ1BHhr3xfxUT1Iq2h+SNWLuXs52ib7H+b
g8jOTe5D47ZkU+/kF+A9kal0elcfaGImrsuy2g==</X509Certificate></X509Data></KeyInfo></Signature></XMLSignature></XMLSignedData>
BadSignedXML_CC -----
<XMLSignedData signedContent="U2lnbiBUaGlz"><XMLSignature><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>WtyodfGvVs3KFyIkvFXrJVbGyvA=</DigestValue></Reference></SignedInfo><SignatureValue>HU2f6XRjKIeT4UndJC96INU5Ul90Y1e1F/kFmmz/1Xc2ZDoyKIcwfw+MyX/ozlCT4++D5fBxThSS
QANcWvzUksdQ6qYIf+MxyEVjuUrWtKbPlPrHWUEQ1D2dQX++3cXfi5pIV8i9zQFeP+M723yzOPGd
IgfeAVAxNa5DDIC3kUI=</SignatureValue><KeyInfo><X509Data><X509Certificate>MIID8zCCAtugAwIBAgIEQh/TaDANBgkqhkiG9w0BAQUFADAyMQwwCgYDVQQKEwNuaHMxCzAJBgNV
BAsTAkNBMRUwEwYDVQQDFAxOSVMxX1NVQkNBQ0MwHhcNMDgxMTE0MDk0MzAzWhcNMTAxMTE0MTAx
MzAzWjBDMQwwCgYDVQQKDANuaHMxDzANBgNVBAsMBlBlb3BsZTEiMCAGA1UEAwwZOTg4NzUxMjE0
NTQxX0xheGFfTklTZm91cjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxNyWlkKB72dSei6E
HZcrIDn0FKYll+Ib0zr6Gp+lVD/AmIhhCHqr7avL+iOuGRmq7lwibtWoQMQqI7BnqYflnlNJwIM/
VMBwLnxQG3fgirOy0yBwBRjGj3OCtm/m7mhmrxA0WtajM4qHE8pzSa6PK5inEaHBSnPrRbOwaedc
T0UCAwEAAaOCAYIwggF+MA4GA1UdDwEB/wQEAwIGQDArBgNVHRAEJDAigA8yMDA4MTExNDA5NDMw
M1qBDzIwMTAxMTE0MTAxMzAzWjCBgQYDVR0gAQH/BHcwdTBzBgsqhjoAiXtmAAMCADBkMGIGCCsG
AQUFBwIBFlZodHRwOi8vbnd3Lm5wZml0Lm5ocy51ay9pbmZvcm1hdGlvbl9nb3Zlcm5hbmNlL2Nl
cnRpZmljYXRlX3BvbGljaWVzL2NvbnRlbnRfY29tbWl0bWVudDBVBgNVHR8ETjBMMEqgSKBGpEQw
QjEMMAoGA1UEChMDbmhzMQswCQYDVQQLEwJDQTEVMBMGA1UEAxQMTklTMV9TVUJDQUNDMQ4wDAYD
VQQDEwVDUkwxMjAfBgNVHSMEGDAWgBSSVsLJwM5SgoA2T7F5LBxfEnbcGDAdBgNVHQ4EFgQU35K0
YdKCwuJOjPzcyedSZocCItgwCQYDVR0TBAIwADAZBgkqhkiG9n0HQQAEDDAKGwRWNy4xAwIEsDAN
BgkqhkiG9w0BAQUFAAOCAQEAj2XWN1JJKDUtJ7HY03UOkura4jBejeODWuJ+25FVza0NRqvNqM4J
D7HlTAt3mW0U5Fm7iek0B4Ll8EcoQ/wPUxreO+HOM+AmyUS8HFw/av0HvG/XsQVKY61ETtnOSMZQ
oKx1CAbC3JVSSkr5OM+/0hPsDxHXkPfa2jcz0YEyO+SRIJG+2hXNnvshUaXsqdI2yL/5yb5OSJxX
Ay8p6BnV5LpYFkdLCRzMQoSFj8FdzZjCo2yQyXt0M71xNJy4LzEWxFqsA8LcIKkTzo2GhsJjnhdo
S0qHpVc6jxsd08PyqGV/f9ftygrMgixaP5hlMRPNnT5x+OazSMKYWoa4U65WUg==</X509Certificate></X509Data></KeyInfo></Signature></XMLSignature></XMLSignedData>