[xmlsec] Re: Multiple Signatures
Aleksey Sanin
aleksey at aleksey.com
Thu Mar 18 16:49:23 PST 2004
"Signature" node in the document has a namespace.
"//Signature" xpath expression refers to a node without
namespace. Try to change the
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
Id="starthere">
...
</Signature>
to
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
Id="starthere">
...
</dsig:Signature>
and use a modified XPath expression
//dsig:Signature[@Id='starthere']
Best,
Aleksey
Wes Thomas wrote:
> I have two signature elements in my doc. The first is already signed.
> The 2nd is the one I want to sign.
>
> I'm using --node-xpath //Signature[@Id='starthere'] and all I get is
> "failed to find default node with name="Signature".
>
> What gives?
>
> Wes
>
>
> ------------------------------------------------------------------------
>
> <REQUEST_GROUP _ID="uuidd4350970-76ec-4f70-ba76-01f6e451e2a9">
> <SIGNATURES>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="Sig01">
> <SignedInfo>
> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="">
> <Transforms>
> <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
> <XPath>not(not(ancestor-or-self::HEADER | ancestor-or-self::DATA | ancestor-or-self::VIEW))</XPath>
> </Transform>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue>FxOs0kwERnP2OJqXvzq8FOTPfvg=</DigestValue>
> </Reference>
> <Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties" URI="#EncomiaTamperSealDateTime01">
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue>CjIppl9waS7qunS7L5LvRdokx4w=</DigestValue>
> </Reference>
> <Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties" URI="#uuidc5fb087b-f225-4516-aa9c-22e1276a63ab">
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue/>
> </Reference>
> </SignedInfo>
> <SignatureValue>bUNRBnnWwLgCQdxFfElNAbxI397cclGOTBnb81lg3D0kKwNWKt9ZvYPA3DH1lm9Z
> dzT5npcz8biqXMKhd4xAGUBxlwk3cAstBPLIOyj20phEWzEGIgpJuRuuvbL/0sVP
> 3lZIMnNT4LG5RjYkQYaJQg91JHF7N1Svb2/hK0zZYeM=</SignatureValue>
> <KeyInfo>
> <KeyValue>
> <RSAKeyValue>
> <Modulus>
> mreoR32OMyHnPvmsm9XMpbnwPjX3JvnkYuvgEVLcdEAIOU+sFy9XzbS0hw/LZG2m
> kM2Vvrjk6WptSYINOTK9LiMlH+ed/hS0CCzn05GZU/UqbMAb7ELeX04Bfuc7hl3M
> mofFKegACguCRFjkfVsE/e7CCIKXs93Nd23bu+SCiZU=
> </Modulus>
> <Exponent>
> AQAB
> </Exponent>
> </RSAKeyValue>
> </KeyValue>
> <X509Data>
> <X509Certificate>MIIFFjCCA/6gAwIBAgIQDK/FTOu4TTesIFQffg6mZTANBgkqhkiG9w0BAQUFADCB
> 2DELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL
> ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMT0wOwYDVQQLEzRUZXJtcyBvZiB1c2Ug
> YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EvMR8wHQYDVQQL
> ExZGb3IgVGVzdCBQdXJwb3NlcyBPbmx5MS8wLQYDVQQDEyZTSVNBQyBNZWRpdW0g
> QXNzdXJhbmNlIENsYXNzIDMgVEVTVCBDQTAeFw0wNDAzMDYwMDAwMDBaFw0wNTAz
> MDUyMzU5NTlaMIIBETELMAkGA1UEBhMCVVMxCzAJBgNVBAgUAlRYMRAwDgYDVQQH
> FAdIb3VzdG9uMRYwFAYDVQQKFA1TYW1wbGUgTGVuZGVyMTQwMgYDVQQLFCtNQkEg
> U0lTQUMgTWVkaXVtIEFzc3VyYW5jZSBURVNUIGNlcnRpZmljYXRlMT0wOwYDVQQL
> FDRUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90
> ZXN0Y2EvMR8wHQYDVQQLFBZGb3IgVGVzdCBQdXJwb3NlcyBPbmx5MRMwEQYDVQQD
> EwpXZXMgVGhvbWFzMSAwHgYJKoZIhvcNAQkBFhFhZ2VudEBlbmNvbWlhLmNvbTCB
> nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmreoR32OMyHnPvmsm9XMpbnwPjX3
> JvnkYuvgEVLcdEAIOU+sFy9XzbS0hw/LZG2mkM2Vvrjk6WptSYINOTK9LiMlH+ed
> /hS0CCzn05GZU/UqbMAb7ELeX04Bfuc7hl3MmofFKegACguCRFjkfVsE/e7CCIKX
> s93Nd23bu+SCiZUCAwEAAaOCASIwggEeMAwGA1UdEwEB/wQCMAAwSwYDVR0gBEQw
> QjBABgpghkgBhvhFAQcVMDIwMAYIKwYBBQUHAgEWJGh0dHBzOi8vd3d3LnZlcmlz
> aWduLmNvbS9jcHMvdGVzdGNhLzAOBgNVHQ8BAf8EBAMCBaAwNAYIKwYBBQUHAQEE
> KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wKAYDVR0f
> BCEwHzAdoBugGYYXaHR0cDovL2NybC52ZXJpc2lnbi5jb20wEQYJYIZIAYb4QgEB
> BAQDAgeAMB0GA1UdDgQWBBSy5hL8A9TnClJV7chrt362qOsFsDAfBgNVHSMEGDAW
> gBTMaYP4K2BCQUBgjagPXXAwvgrKszANBgkqhkiG9w0BAQUFAAOCAQEAQacgO3Du
> kPPmzabHOQ9VHoJlra6JGkGeaObLMY9YaKxF0/CruHlfbbkn/7h5UxEVzJjKivo5
> mzE9L5pARJRSTy4vS2lk5mQ0fQKRHiYWTI+OoOeXa+fnUfKNHDsnCX6P8DgyQ5uO
> 6h+cIDyCfmiJLeimmaCgXCqphrAyJGhZ3hPHSypJsikIgM4wI+afvKJ66IN/G7TH
> UuKjrDifyJqg8nzBNMNma1ParHPyqk2YZupHF6bE4T2JN46CBuTjW/3qpPPA2FBl
> OtJ+b3p32OogZJsfQn971RY9tIcmF5fRyZH37D4L8iUnwj8/MvqcJ1Bgpptc5DzN
> gkDAYxuP7hTPVw==</X509Certificate>
> <X509SubjectName>emailAddress=agent at encomia.com,CN=Wes Thomas,OU=For Test Purposes Only,OU=Terms of use at https://www.verisign.com/cps/testca/,OU=MBA SISAC Medium Assurance TEST certificate,O=Sample Lender,L=Houston,ST=TX,C=US</X509SubjectName>
> <X509IssuerSerial>
> <X509IssuerName>CN=SISAC Medium Assurance Class 3 TEST CA,OU=For Test Purposes Only,OU=Terms of use at https://www.verisign.com/cps/testca/,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US</X509IssuerName>
> <X509SerialNumber>16863389628646640081019990102011455077</X509SerialNumber>
> </X509IssuerSerial>
> </X509Data>
> </KeyInfo>
> <Object>
> <SignatureProperties>
> <SignatureProperty Id="EncomiaTamperSealDateTime01" Target="#Sig01">
> <DateTimeStamp DateTime="2004-03-18T23:20:42Z"/>
> </SignatureProperty>
> </SignatureProperties>
> </Object>
> <KeyInfo>
> <KeyValue>
> <RSAKeyValue>
> <Modulus/>
> <Exponent/>
> </RSAKeyValue>
> </KeyValue>
> <X509Data>
> <X509Certificate/>
> <X509SubjectName/>
> <X509IssuerSerial/>
> </X509Data>
> </KeyInfo>
> <Object>
> <SignatureProperties>
> <SignatureProperty Id="uuidc5fb087b-f225-4516-aa9c-22e1276a63ab" Target="#Sig01">
> <DateTimeStamp DateTime="2004-03-19T00:00:53Z"/>
> </SignatureProperty>
> </SignatureProperties>
> </Object>
> </Signature>
> </SIGNATURES>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="starthere">
> <SignedInfo>
> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="">
> <Transforms>
> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue/>
> </Reference>
> </SignedInfo>
> <SignatureValue/>
> </Signature>
> </REQUEST_GROUP>
More information about the xmlsec
mailing list