[xmlsec] Missing namespace in keyinfo from xmlSecTmplSignatureEnsureKeyInfo ?

Sylvain MEILARD sylvain at meduse.homelinux.net
Tue Jul 12 08:16:05 PDT 2005 

Hello !

While trying to validate with an xml schema an xmldsig/xades document i am
building, i get the following error :

element KeyInfo: Schemas validity error : Element 'KeyInfo': This element is
not expected. Expected is one of (
{http://www.w3.org/2000/09/xmldsig#}KeyInfo,
{http://www.w3.org/2000/09/xmldsig#}Object ).

My KeyInfo tag is generated with xmlSecTmplSignatureEnsureKeyInfo(), and when
i look at the corresponding code from xmlsec, it seems the dsig namespace is
added to the tag, but the error i get don't say so :-/

So i re-used a sample from the following page :
http://www.aleksey.com/xmlsec/api/xmlsec-examples-sign-template-file.html
with a few modifications :
- removed the lines :
     <KeyInfo>
	<KeyName/>
    </KeyInfo>
at the end of sign1-tmpl.xml to generate the keyinfo tag with the function i
want to use ( still xmlSecTmplSignatureEnsureKeyInfo() )

- added the following bloc in the code of sign1.c
////////////////////////////////////////////////////////////////
   {
    xmlNodePtr keyInfo = NULL;
    keyInfo = xmlSecTmplSignatureEnsureKeyInfo(node, NULL);
    if(keyInfo == NULL) {
        fprintf(stderr,"Error: keyInfo generation failed\n");
        goto done;
    }
    xmlSecTmplKeyInfoAddX509Data(keyInfo );
    if (keyInfo->ns)
        printf("Ns of the KeyInfo tag : %x\n", keyInfo->ns->href);
    else
        fprintf(stderr,"Error: no namespace for keyInfo !!:\n");
    if (keyInfo->nsDef)
        printf("Ns of the KeyInfo tag : %s\n", keyInfo->nsDef->href);
    else
        fprintf(stderr,"Error: Still no namespace for keyInfo !!:\n");
    }
////////////////////////////////////////////////////////////////

just before the 2 lines :
    /* print signed document to stdout */
    xmlDocDump(stdout, doc);


When i run sign1, i got the following result :
Error: no namespace for keyInfo !!:
Error: Still no namespace for keyInfo !!:
<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library example: Simple signature template file for sign1 example.
-->
....
....   
<SignatureValue>JJ/qZpTE+Tx9Yq1qYhPvYN9jFhGdQstDTZ7BPa2D5xSgxH8+Yx2JxGBL5iL/9Ycf
VM9meZrHt6MyHv/cEUnDOkO6qBW5+r0jXQJSN7dkABrnQRdepAKHsAFx+lXE96lJ
cu5chSQ3Kiv+IArUuPKSLo8YUckQG89IbyIPSJgYiII=</SignatureValue>
<KeyInfo>
<X509Data/>
</KeyInfo>
  </Signature>
</Envelope>

So i see that :
my keyinfo tag as been added to the xml, but without any namespace :-(
If the namespace is not set, validation of my document with xml schema won't
work. Of course, i could set it manually, but i sure i missed something,
because namespace is set in all the othe tag, and what i see in the code let
me think it should be set even for keyinfo...

Could someone help me on this problem ?

thanks !!!

sylvain

More information about the xmlsec mailing list