[xmlsec] URI Question

[Andy Paumann]

Hi there,

Well I am not a specialist on Digital Signatures…and I am having a problem ☺

Everything is running fine except for one thing:

I want to sign the following:
-----------------------------------------------------------------------------
<enum-token:token xmlns:enum-token="http://www.enum.at/rxsd/enum-token-1.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-inst
ance" xsi:schemaLocation="http://www.enum.at/rxsd/enum-token-1.0 enum-token-1.0.xsd" Id="Signed">
<enum-token:validation serial="23454">
<enum-token:e164number>+4312345</enum-token:e164number>
<enum-token:validator>9999</enum-token:validator>
<enum-token:registrarid>9999</enum-token:registrarid>
<enum-token:method>1</enum-token:method>
<enum-token:createdate>2005-01-01</enum-token:createdate>
<enum-token:expiredate>2007-01-01</enum-token:expiredate>
</enum-token:validation>
<enum-tokendata:tokendata xmlns:enum-tokendata="http://www.enum.at/rxsd/enum-tokendata-1.0" xsi:SchemaLocation="http://www.e
num.at/rxsd/enum-tokendata-1.0 enum-tokendata-1.0.xsd">
<enum-tokendata:contact>
<enum-tokendata:firstname>Andy</enum-tokendata:firstname>
<enum-tokendata:lastname>Tester</enum-tokendata:lastname>
</enum-tokendata:contact>
</enum-tokendata:tokendata>
</enum-token:token>
----------------------------------------------------------------------------

The signing works fine and results in something like that:
----------------------------------------------------------------------------
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
<InclusiveNamespaces xmlns="http://www.w3.org/2001/10/xml-exc-c14n#" PrefixList="enum-token enum-tokendata"/>
</Transform>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Gq0RcGz+zCY05hrrTn78zT+e9O4=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>shFXHWp5YwxmsvopDeuzvh5Fq2WuAtdBoPTHy6rjb4R4rLyeqefkr4zvSDJsSuFg
Rt7SkYFMxD6FQJaIwC9NSdnaKYGi2TM+P4aNjjssqvhH4gw8WP7q7Y+T/P+a4C1+
juJ0jwZM3TG/F8q0qhnEr4E6OCvqUG91ieDD11f3rPo=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIDmTCCAwKgAwIBAgIJAIJFR2sppMaOMA0GCSqGSIb3DQEBBAUAMIGQMQswCQYD
VQQGEwJBVDEPMA0GA1UECBMGVmllbm5hMQ8wDQYDVQQHEwZWaWVubmExKzApBgNV
BAoTImludGVybmljIERhdGVua29tbXVuaWthdGlvbnMgR21iSC4xETAPBgNVBAsT
CEVOVU1URVNUMR8wHQYJKoZIhvcNAQkBFhBlbnVtQGludGVybmljLmF0MB4XDTA1
MDMyMjEwMDQyNVoXDTMyMDgxNjEwMDQyNVowgZAxCzAJBgNVBAYTAkFUMQ8wDQYD
VQQIEwZWaWVubmExDzANBgNVBAcTBlZpZW5uYTErMCkGA1UEChMiaW50ZXJuaWMg
RGF0ZW5rb21tdW5pa2F0aW9ucyBHbWJILjERMA8GA1UECxMIRU5VTVRFU1QxHzAd
BgkqhkiG9w0BCQEWEGVudW1AaW50ZXJuaWMuYXQwgZ8wDQYJKoZIhvcNAQEBBQAD
gY0AMIGJAoGBAMRv+6tQs6g4JHndP5la0PZMqCyzYVzlYQmxC3ryFc5cmopxx9Dq
sm3Gpx7EFi45BQcmx84JS96qvJ6FWrBawRyGCEGnzhAbi1XMIuwjobb2UkpDeSAd
qgu4p24lAhEGZiJenUYYvB8nRmA+AgpGuaa7AZWa88tfEGl3G2Ah7abnAgMBAAGj
gfgwgfUwHQYDVR0OBBYEFNpOD/6lAlSw5K9vERBt3CLd14N4MIHFBgNVHSMEgb0w
gbqAFNpOD/6lAlSw5K9vERBt3CLd14N4oYGWpIGTMIGQMQswCQYDVQQGEwJBVDEP
MA0GA1UECBMGVmllbm5hMQ8wDQYDVQQHEwZWaWVubmExKzApBgNVBAoTImludGVy
bmljIERhdGVua29tbXVuaWthdGlvbnMgR21iSC4xETAPBgNVBAsTCEVOVU1URVNU
MR8wHQYJKoZIhvcNAQkBFhBlbnVtQGludGVybmljLmF0ggkAgkVHaymkxo4wDAYD
VR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQBTkt4kSmgjFH6QpakOh5rTYzld
xErXNeEbH5NsmPz3mJee5T7rOP6X4RcYyOdTbRUKX1DwtsTWyiboollj0CdSDQTU
mh3zO53RpGWfcPdCFKBW1Qez0rjFc7X0RRAVkfBEOLgB1gVkIdH1y6/HYc0A/D67
OEBtgDpdUN9s2VQEeQ==</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
--------------------------------------------------------------------------

Looks fine and is everything what I want (Your example verifier verify3 is also happy), 
only one thing does not work (And the receiver of this XML needs it):

In the above example I get the line

<Reference URI=””>

But I would need: 

<Reference URI=”#Signed”> (The Id of the above element, set in the Id=”Signed” attribute).

When I use the Function 

xmlSetProp(refNode,”URI”,”#Signed”)

or when I give it as argument to 

xmlSecTmplSignatureAddReference() 

the signing function xmlSecDSigCtxSign() complains:

func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 library function failed:expr=xpointer(id('Signed'))
func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed:
func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed:
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec library
 function failed:transform=xpointer
func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed:
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1568:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:node=Reference
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed:
func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:
Error: signature failed

What am I doing wrong and what is the correct way to specify the correct URI value?

Many thanks in advance and happy easter!

Andy Paumann
 
CEO internic Datenkommunikations GmbH.
CEO globedom Datenkommunikations GmbH.
Donaucitystr. 1, A-1220 Vienna, Austria
Web: http://www.internic.at/ and http://www.globedom.com/
 
Why driving a 4WD? 'Cause the earth ain't flat!