[xmlsec] XPath error when processing Reference URI

Ryan McGann rmcgann at mac.com
Tue Apr 20 17:25:07 PDT 2004 

Hello all,

Sorry for the long-ish first post, but I've been playing around with this for a while now and I haven't gotten anywhere. I'm trying to use xmlsec to verify the dig sig in a SOAP message with WS-Security headers attached. The server is running WSS4J to insert the WS-Security headers into the outgoing SOAP responses.

When I use XMLSec to verify the signature, I get several errors that look like they're coming from a failure to resolve the URI attribute. A simple ID is used to identify the data that is signed (which is the entire <Body> tag). Here's the SOAP message returned from the server (body shortened to remove extra info):

<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" soapenv:mustUnderstand="1"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:CanonicalizationMethod>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
<ds:Reference URI="#id-6516276">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
<ds:DigestValue>oZQ9qfWNN9o/+OVnx/as92UVHrw=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
VJ+R9D/bINCHYCCTVY0/K9IazqXRhFfDT1pj1sKACsg2uMofmW8NgxMMHRXQ7GHImYBoFbI4pfTN
yV3KOFvv9A==
</ds:SignatureValue>
<ds:KeyInfo Id="KeyId-15657535">
<wsse:SecurityTokenReference xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="STRId-1166261"><ds:X509IssuerSerial>
<ds:X509IssuerName>CN=dims</ds:X509IssuerName>

<ds:X509SerialNumber>44369778256217224370984914847992022613</ds:X509SerialNumber>
</ds:X509IssuerSerial></wsse:SecurityTokenReference>
</ds:KeyInfo>
</ds:Signature><wsu:Timestamp xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"><wsu:Created>2004-04-20T23:04:21Z</wsu:Created><wsu:Expires>2004-04-20T23:09:21Z</wsu:Expires></wsu:Timestamp></wsse:Security></soapenv:Header>
 <soapenv:Body xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd" wsu:Id="id-6516276">
  <!-- Extra stuff deleted from here -->
 </soapenv:Body>
</soapenv:Envelope> 

And here are the errors returned from XMLSec:
func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 library function failed:expr=xpointer(id('id-6516276'))
func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed: 
func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed: 
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec library function failed: 
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=xpointer
func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1568:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:node=Reference
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed: 
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: 

This is on Mac OS X 10.3 running XMLSec 1.2.5, but the online verifier also gets the same errors so I don't think it's my implementation.

Any help would be appreciated.

Thanks,
Ryan

-----------------------
Ryan McGann
rmcgann at mac.com

More information about the xmlsec mailing list