Code development platform for open source projects from the European Union institutions 🔵 EU Login authentication by SMS has been phased out. To see alternatives please check here

Skip to content

Strange issue with SMP queries (verifying XML signature)

We also have a strange issue with SMP queries (8.2.0, PPT):

INFO  e.e.e.d.s.i.DynamicDiscoveryService.getFetcherResponseForServiceMetadata(67) - Get service metadata for URI: https://smp-test.publisher.ehealth.testa.eu/ehealth-participantid-qns%3A%3Aurn%3Aehealth%3Acz%3Ancp-idp/services/ehealth-resid-qns%3A%3Aurn%3Aehealth%3ARequestOfData%3A%3AXCA%3A%3ACrossGatewayQuery%23%23ITI-38

ERROR e.e.e.d.c.s.i.DefaultSMPCertificateValidator.isSignedBy(152) - Error occurred while verifying signature of the certificate [1.2.840.113549.1.9.1=#161e53414e54452d454845414c54482d4453494065632e6575726f70612e6575,CN=GRP:EHEALTH_SMP_ACC_BE_001,OU=SMP_ACC- GTC_OID-1.3.130.0.2018.996911,O=European Commission,L=Brussels,ST=Brussels-Capital Region,C=BE] with certificate from truststore with alias [globalsign r6].
openncp-client                     | java.security.SignatureException: Signature does not match.

It looks like the DefaultSMPCertificateValidator "wants" to verify the XML signature using "globalsign r6", but the certificate clearly shows, that it is issued by "globalsign r45"

---

The SMP Certificate "GRP:EHEALTH_SMP_ACC_BE_001"
is issued by "CN=GlobalSign GCC R45 Client Authentication CA 2024,O=GlobalSign nv-sa,C=BE"
which is in our truststore (and also the corresponding root cert)

The "GRP:EHEALTH_SMP_ACC_BE_001" cert can be verified using e.g. KeyStoreExplorer and our truststore.

Edited by Christian Baumann

For further information about the platform and support, please see https://code.europa.eu/info/about