[xmlsec] Re: help is needed please. Thanks in advance.
Aleksey Sanin
aleksey at aleksey.com
Sun Sep 28 21:49:01 PDT 2003
Well, it's a known issue and it was discussed on xmlsec mailing list
many times.
The last time was last week :)
http://www.aleksey.com/pipermail/xmlsec/2003/001527.html
(read on this is a long thread).
Breifly: Visa protocol breaks several XML specifications because
"939..." could not
be an ID attribute. You may hack libxml2 and make it work. But I have no
idea what
else woud you break and what kind of other security issues may show up.
Aleksey
Jason Coon wrote:
>ok,
> I know I should not do this but I am desperate. I am trying to verify this
>xml message with the root cert. Yes this is VISA. Anyway. I get this
>message. I have tried xmlsec1 and the examples and your online tool and
>everything I do I get this error also attaching DTD to declare node. I
>think it is a bug though I can verify other types of xml signatures. lo
>
>Sun solaris
>xmlsec1 1.1.1 (openssl)
>libxml2 20511
>OpenSSL 0.9.7b 10 Apr 2003
>
>Any Help would be appreciated.
>
>sincerally Jason Coon
>
>func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEv
>al:error=5:libxml2 library function failed:expr=xpointer(id('939123509'))
>func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSe
>cXPathDataExecute:error=1:xmlsec library function failed:
>func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xml
>SecXPathDataExecute:error=1:xmlsec library function failed:
>func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2332:obj=xpointer:
>subj=xmlSecTransformExecute:error=1:xmlsec library function failed:
>func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1168:obj=unknown:su
>bj=xmlSecTransformPushXml:error=1:xmlsec library function
>failed:transform=xpointer
>func=xmlSecTransformCtxExecute:file=transforms.c:line=1228:obj=unknown:subj=
>xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed:
>func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1564:obj=unknown:
>subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed:
>func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:
>subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function
>failed:node=Reference
>func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:s
>ubj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function
>failed:
>func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSig
>CtxSigantureProcessNode:error=1:xmlsec library function failed:
>Error: signature verification failed
>
>
>
><ThreeDSecure><Message id="PAReq20030928111313"><PARes
>id="939123509"><version>1.0.2</version><Merchant
>
>
>><acqBIN>11111111111</acqBIN><merID>12AB,cd/34-EF -g,5/H-67</merID></Mercha
>>
>>
>nt><Purchase><xid>MDAwMDAwM
>jAwMzA5MjgxMTEzMTM=</xid><date>20030928
>11:13:13</date><purchAmount>123456</purchAmount><currency>840</
>currency><exponent>2</exponent></Purchase><pan>0000000001000</pan><TX><time>
>20030928 16:12:46</time><st
>atus>Y</status><cavv>AAABBJg0VhI0VniQEjRWAAAAAAA=</cavv><eci>03</eci><cavvAl
>gorithm>1</cavvAlgorithm></
>TX></PARes><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo
>xmlns="http://www.w3.org/2
>000/09/xmldsig#"><CanonicalizationMethod
>Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></
>CanonicalizationMethod><SignatureMethod
>Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></Signat
>ureMethod><Reference URI="#939123509"><DigestMethod
>Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">
></DigestMethod><DigestValue>qbtokjyh7AaUwsfV3NdOtYraVVY=</DigestValue></Refe
>rence></SignedInfo><Signatu
>reValue>kGlOMSgqHlKo2mU5dcrVz2XJgl+fyyAxEQ61pD8XPOmNBH0C80PbmvBnrKD6UkpfoUhc
>lCxL/zW/3RT1hTNY2pgf9FqSYAv
>xthEDpmKyaQT6y77Eo3WTpSBOyV3XrH3xD4Mu76K8ZHNSuf1FRBvoDjO0CGEMW4VgupziCjgIeag
>=</SignatureValue><KeyInfo>
><X509Data><X509Certificate>MIICJTCCAY6gAwIBAgIVANr+5nC2js/XYLb4IjL9N32xM8AGM
>A0GCSqGSIb3DQEBBQUAMEcxCzAJ
>BgNVBAYTAlVTMRAwDgYDVQQKEwdDYXJhZGFzMRUwEwYDVQQLEwxDYXJhZGFzIExhYnMxDzANBgNV
>BAMTBkNUSCBDQTAeFw0wMzA4MTk
>xNDIyNTVaFw0wNTA4MTgxNDIyNTVaMEQxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDYXJhZGFzMRU
>wEwYDVQQLEwxDYXJhZGFzIExhYn
>MxDDAKBgNVBAMTA0NUSDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnwMTpPBfeChZ/q+nT+
>4pHsX1JQXHCPTzoAO1CBfvtgmqh
>lRmKNhB9k+/tvKZMF5K/FQ879lW6MDEjq+2Sezz2FjUF9GZDjqJC/VzbeINji0kj8tYdjkqDAcu3
>6Q/n4A7LmZqtY+7FAbN53rLWaSv
>1Nx4Gk/JdLdOmHuwtp8E+xcCAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOB
>gQAq7k89O6UZCAcPY074dluCQAa
>6ditQmX32g2Lzda8n3uBU5pD0JQqpxWCWriD3m2zcZHLjjXpMJSzd2CRl1HsGrTkLFGLs27iG/fR
>Nv+9RLkPWV/GulBKWk+WGTiHAoI
>umIoYZYvz7L8lWJRw0bKvBXj3W42uxyacGr3HyWa1HDQ==</X509Certificate><X509Certifi
>cate>MIICLzCCAZigAwIBAgIUDP
>wVD8SyBkFHsDnddWtKGyIqUxEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEDAOBgNVBA
>oTB0NhcmFkYXMxFTATBgNVBAsTD
>ENhcmFkYXMgTGFiczERMA8GA1UEAxMIQ1RIIFJPT1QwHhcNMDMwODE5MTQyMjUzWhcNMDcwODE4M
>TQyMjUzWjBHMQswCQYDVQQGEwJV
>UzEQMA4GA1UEChMHQ2FyYWRhczEVMBMGA1UECxMMQ2FyYWRhcyBMYWJzMQ8wDQYDVQQDEwZDVEgg
>Q0EwgZ8wDQYJKoZIhvcNAQEBBQA
>DgY0AMIGJAoGBAJRiE7jros/yRb7tmenId3UeArIKyQ9/g4926zYYPkVx8k/iNIEimsRvjWOyv5V
>ca6fOtRBO6zsMmgUVziRnNGDIXi
>Vlp7zDlqJR/4o3gFBjfKfHYfe1RJLZfl2yHF6A8xJGYZNhGD/rQb1I6qy1S/ayluY5x2oftL8xsn
>il2oCFAgMBAAGjFjAUMBIGA1UdE
>wEB/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQEFBQADgYEAL5qy3xM/LGrzE0WghCGwzWSYOWzMAOfek
>3pL5At9hQuL7/UCh5u9vRTFCgLs
>R6EveIzuqrHb7dfnLpXIyoOyL5eVG7YBn5xtR1WSUdxWdIsm1Yuxbrw8IlQXSgCc3KVQAIoT9zlc
>HUzGzf3PUVrm578tfRjKP1ya+tL
>NoDoGXvg=</X509Certificate><X509Certificate>MIICMjCCAZugAwIBAgIVAJoV+yURqXHF
>8zXECfEhRqpwzCMwMA0GCSqGSIb
>3DQEBBQUAMEkxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDYXJhZGFzMRUwEwYDVQQLEwxDYXJhZGF
>zIExhYnMxETAPBgNVBAMTCENUSC
>BST09UMB4XDTAzMDgxOTE0MjI1MVoXDTExMDgxNzE0MjI1MVowSTELMAkGA1UEBhMCVVMxEDAOBg
>NVBAoTB0NhcmFkYXMxFTATBgNVB
>AsTDENhcmFkYXMgTGFiczERMA8GA1UEAxMIQ1RIIFJPT1QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AM
>IGJAoGBAIrpC9h6fesI1FnpSHH+
>dP+JaY3FitHMW9LHBLpdCSEzAVe6VJOZO7Ycw49iDKkhPCrSZk/59RXD+3+vYqukFL0FLfG2GFTA
>1c9YU94dqBovrmwbMP7HYN82PmQ
>tifzGMeS9d7znDx+AqlDU1eXCZMVdHSsz/qneP8LSydrMaU/RAgMBAAGjFjAUMBIGA1UdEwEB/wQ
>IMAYBAf8CAQEwDQYJKoZIhvcNAQ
>EFBQADgYEAZdRIyN/SSPQ3bLunDVKxanOLDiXfczxGMnQZWK47fQfWdbqqEINrcObagSw44Ba9pF
>Z796DXn5XPZOkLuhrgLSwVVVqkU
>WLeUaRPEFGDXQMk9XqrbCpivQix1Hr+9DgWWiqg0snC7JkD6rieQ8NIuj+bD83vnuhOW/nLEuLSf
>xk=</X509Certificate></X509
>Data></KeyInfo></Signature></Message></ThreeDSecure>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20030928/1a65f4d9/attachment.htm
More information about the xmlsec
mailing list