[xmlsec] XML Enveloped signature: problem declaring Reference URI to root node
Carlos Gutiérrez
cagutier at gmail.com
Wed May 5 00:39:36 PDT 2010
Hello,
I'm trying to validate the belowd XML enveloping/envoped signature at
http://www.aleksey.com/xmlsec/xmldsig-verifier.html but I'm getting an
xpointer-related error
The error received is :
func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
library function
failed:expr=xpointer(id('RemesaMensajeLigeroFirmaGlobal'))
func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec
library function failed:transform=xpointer
func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
library function failed:
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1568:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
library function failed:node=Reference
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
Error: signature verification failed
the XML:
?xml version="1.0" encoding="UTF-8" ?>
<ape:RemesaMensajeLigeroFirmaGlobal xmlns:ape="urn:correos:ape:1.0"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
Id="RemesaMensajeLigeroFirmaGlobal" ape:idRef="20100429132756490000">
<ape:Mensaje ape:idUnico="0959000001180" tipo="NOTIFICACION">
<ape:Emisor>Q2826000H</ape:Emisor>
<ape:Buzon>05113189J</ape:Buzon>
<ape:Notificado obligado="true">05113189J</ape:Notificado>
<ape:Autorizado nif="A78999273" />
<ape:ActoNotificado>AEATPI20040504GECOEX</ape:ActoNotificado>
<ape:Asunto>MODIF.IMPORTE CREDITOS Nº020923300221Y</ape:Asunto>
<ape:Contenido>
<ape:HuellaDigital
algoritmo="SHA-1">9335d792cef1a2de3a61e6728188c3bc43a431fa</ape:HuellaDigital>
</ape:Contenido>
</ape:Mensaje>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="Firma">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="#RemesaMensajeLigeroFirmaGlobal">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>kOK2dhpXe/Qywad8hvAiFQiondo=</DigestValue>
</Reference>
<Reference URI="#CertificadoFirmante">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>/Q5DR3ceJgc+1NK2LI3MP3YTrtM=</DigestValue>
</Reference>
<Reference URI="#SignedProperties">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>EgQYPNGKuwTnzsjVS/AVgUYSEd4=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>AGsgkJ+UC73pekxf/13B6UI4otHKQV5PNXMEkxVb0grhdm9ozffnFok0988AB/I/6AbE0MNhrTbU
H5FIt12mGo8uwt2KGo0YJnJfDlNH9+I3MB1flskQMcYOnJg2T/haWTB5u3FjdM22Q7UZsrJ2ri5C
y2NNao6c5RJlJU3WVUk=</SignatureValue>
<KeyInfo Id="CertificadoFirmante">
<X509Data>
<X509Certificate>MIIFHjCCBIegAwIBAgIEPLueRTANBgkqhkiG9w0BAQUFADA2MQswCQYDVQQGEwJFUzENMAsGA1UE
ChMERk5NVDEYMBYGA1UECxMPRk5NVCBDbGFzZSAyIENBMB4XDTEwMDQxMjE4MDcyOFoXDTEzMDQx
MjE4MDcyOFowgYAxCzAJBgNVBAYTAkVTMQ0wCwYDVQQKEwRGTk1UMRgwFgYDVQQLEw9GTk1UIENs
YXNlIDIgQ0ExEjAQBgNVBAsTCTUwMDA1MzA3NTE0MDIGA1UEAxQrTk9NQlJFIEVTUEHxT0wgRVNQ
QfFPTCBKVUFOIC0gTklGIDk5OTk5OTk5UjCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtodl
IWnO/HEJig91PQBPy7F9WI/X6q4EeCipS+ZnMzlhiOzY8V5bUOCxr+JlULtOVlwhAMw/CLImyMfx
vCV1ECkXOCFkgUFssTBl9MqU9zSvZnIrZ1pkApsVpTWcQAhBt8m6mEiLKkwojPKosv64f7PWVtFz
8EdRQLhLwUvXoisCAwEAAaOCAuwwggLoMGwGA1UdEQRlMGOkYTBfMRgwFgYJKwYBBAGsZgEEEwk5
OTk5OTk5OVIxFjAUBgkrBgEEAaxmAQMUB0VTUEHRT0wxFjAUBgkrBgEEAaxmAQIUB0VTUEHRT0wx
EzARBgkrBgEEAaxmAQETBEpVQU4wCQYDVR0TBAIwADArBgNVHRAEJDAigA8yMDEwMDQxMjE4MDcy
OFqBDzIwMTMwNDEyMTgwNzI4WjALBgNVHQ8EBAMCBaAwEQYJYIZIAYb4QgEBBAQDAgWgMB0GA1Ud
DgQWBBSZi9FNqfHZcEL9Nx8gfEis9Lp1IDAfBgNVHSMEGDAWgBRAmnZEl3QHxKwUyx6NTzpFfDDX
YTCCATEGA1UdIASCASgwggEkMIIBIAYJKwYBBAGsZgMFMIIBETA0BggrBgEFBQcCARYoaHR0cDov
L3d3dy5jZXJ0LmZubXQuZXMvY29udmVuaW8vZHBjLnBkZjCB2AYIKwYBBQUHAgIwgcsagchDZXJ0
aWZpY2FkbyBSZWNvbm9jaWRvIGV4cGVkaWRvIHNlZ/puIGxlZ2lzbGFjafNuIHZpZ2VudGUuVXNv
IGxpbWl0YWRvIGEgbGEgQ29tdW5pZGFkIEVsZWN0cvNuaWNhIHBvciB2YWxvciBt4XhpbW8gZGUg
MTAwIGUgc2Fsdm8gZXhjZXBjaW9uZXMgZW4gRFBDLkNvbnRhY3RvIEZOTVQ6Qy9Kb3JnZSBKdWFu
IDEwNi0yODAwOS1NYWRyaWQtRXNwYfFhLjAdBgkrBgEEAaxmASEEEBYOUEVSU09OQSBGSVNJQ0Ew
LwYIKwYBBQUHAQMEIzAhMAgGBgQAjkYBATAVBgYEAI5GAQIwCxMDRVVSAgFkAgEAMFsGA1UdHwRU
MFIwUKBOoEykSjBIMQswCQYDVQQGEwJFUzENMAsGA1UEChMERk5NVDEYMBYGA1UECxMPRk5NVCBD
bGFzZSAyIENBMRAwDgYDVQQDEwdDUkw3MDE0MA0GCSqGSIb3DQEBBQUAA4GBABq/mfoMQaczp2jX
IeBygiLSpcRzwRa5K0PGMt0MtEyKacwdqy6bKMP28hz2qCwRTGeBhG9+rnwjkiZlXSMBnIb3x8Gb
VKX9Mehr4xPpHI4wIp0cNiG01ZILqAGk1GKCTbE/4FnZZzTMKSnFtBp3ZzpXkzTiwrrf615G7JwG
O6vu</X509Certificate>
</X509Data>
</KeyInfo>
<Object>
<etsi:QualifyingProperties
xmlns:etsi="http://uri.etsi.org/01903/v1.2.2#" Target="#Firma"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<etsi:SignedProperties Id="SignedProperties">
<etsi:SignedSignatureProperties>
<etsi:SigningTime>2010-04-29T13:27:58+01:00</etsi:SigningTime>
<etsi:SignaturePolicyIdentifier>
<etsi:SignaturePolicyId>
<etsi:SigPolicyId>
<etsi:Identifier>http://www.aeat.es/firma/SignaturePolicyV1.pdf</etsi:Identifier>
</etsi:SigPolicyId>
<etsi:SigPolicyHash>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<ds:DigestValue>Dmi29y1d6Np/ARK0xKGu/CyA4ZU=</ds:DigestValue>
</etsi:SigPolicyHash>
</etsi:SignaturePolicyId>
</etsi:SignaturePolicyIdentifier>
</etsi:SignedSignatureProperties>
<etsi:SignedDataObjectProperties>
<etsi:DataObjectFormat ObjectReference="#RemesaMensajeLigeroFirmaGlobal">
<etsi:Description>descripcion</etsi:Description>
<etsi:MimeType>mime</etsi:MimeType>
<etsi:Encoding>ulyimo</etsi:Encoding>
</etsi:DataObjectFormat>
</etsi:SignedDataObjectProperties>
</etsi:SignedProperties>
</etsi:QualifyingProperties>
</Object>
</Signature>
</ape:RemesaMensajeLigeroFirmaGlobal>
What we understand from the error message is that there's a problem when
resolving the first URI Reference. Is it mandatory that the Reference
element that contains the enveloped transformation declared its URI
attribute as "" ?
As fas as I know there shouldn't be any problem in including a URI value
within the Reference element that contains the enveloped transform, isn't
it?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.aleksey.com/pipermail/xmlsec/attachments/20100505/fc49b2de/attachment.html>
More information about the xmlsec
mailing list