[xmlsec] Missing namespace in keyinfo from xmlSecTmplSignatureEnsureKeyInfo ?

Sylvain MEILARD sylvain at meduse.homelinux.net
Tue Jul 12 10:30:50 PDT 2005 

Hello !

Here is your (modified) sample code, with the th (modified) template i used
(attached to this mail).
I cretaed quickly a private key with the following command :
openssl req -x509 -new
, removed th passphrase with :
openssl rsa -in privkey privatekey.pem -out key.pem

Here is the full output i get :

Error: no namespace for keyInfo !!:
Error: Still no namespace for keyInfo !!:
<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library example: Simple signature template file for sign1 example.
-->
<Envelope xmlns="urn:envelope">
  <Data>
        Hello, World!
  </Data>
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
      <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
      <Reference URI="">
        <Transforms>
          <Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
        <DigestValue>9H/rQr2Axe9hYTV2n/tCp+3UIQQ=</DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue>JJ/qZpTE+Tx9Yq1qYhPvYN9jFhGdQstDTZ7BPa2D5xSgxH8+Yx2JxGBL5iL/9Ycf
VM9meZrHt6MyHv/cEUnDOkO6qBW5+r0jXQJSN7dkABrnQRdepAKHsAFx+lXE96lJ
cu5chSQ3Kiv+IArUuPKSLo8YUckQG89IbyIPSJgYiII=</SignatureValue>
<KeyInfo>
<X509Data/>
</KeyInfo>
  </Signature>
</Envelope>


Of course, the "Signature" tag has a default namespace, so it should be ok,
but when i try to validate a similar document with xmlSchemaValidateDoc()
In my real code, i added something like that :
///////////////////////////////////////////////////////
    enfants = signature->xmlChildrenNode;
    while (enfants) {
        if ( enfants && enfants->name && enfants->ns )
            printf ( "TAG %s : namespace : %s\n", enfants->name  ,
enfants->ns->href);
        else
            printf ( "TAG %s : namespace : NONE !!!\n", enfants->name  );
        enfants = enfants->next;
    }
///////////////////////////////////////////////////////
and i get that on the output :
TAG text : namespace : NONE !!!
TAG SignedInfo : namespace : http://www.w3.org/2000/09/xmldsig#
TAG text : namespace : NONE !!!
TAG SignatureValue : namespace : http://www.w3.org/2000/09/xmldsig#
TAG text : namespace : NONE !!!
TAG KeyInfo : namespace : NONE !!!
TAG text : namespace : NONE !!!
element KeyInfo: Schemas validity error : Element 'KeyInfo': This element is
not expected. Expected is one of (
{http://www.w3.org/2000/09/xmldsig#}KeyInfo,
{http://www.w3.org/2000/09/xmldsig#}Object ).

So what i don't understand is why SignedInfo and SignatureValue tags have a
good namespace and not the KeyInfo tag ?

regards,

sylvain

>
>>
>> When i run sign1, i got the following result :
>> Error: no namespace for keyInfo !!:
>> Error: Still no namespace for keyInfo !!:
>> <?xml version="1.0" encoding="UTF-8"?>
>> <!--
>> XML Security Library example: Simple signature template file for sign1
>> example.
>> -->
>> ....
>> ....
>> <SignatureValue>JJ/qZpTE+Tx9Yq1qYhPvYN9jFhGdQstDTZ7BPa2D5xSgxH8+Yx2JxGBL5iL/9Ycf
>> VM9meZrHt6MyHv/cEUnDOkO6qBW5+r0jXQJSN7dkABrnQRdepAKHsAFx+lXE96lJ
>> cu5chSQ3Kiv+IArUuPKSLo8YUckQG89IbyIPSJgYiII=</SignatureValue>
>> <KeyInfo>
>> <X509Data/>
>> </KeyInfo>
>>   </Signature>
>> </Envelope>
>>
>> So i see that :
>> my keyinfo tag as been added to the xml, but without any namespace :-(
> Can you attach the *whole* document, please? Namespace might be
> declared in the parent and I would guess that in this case it
> was declared in the Signature node.
>
>
>> If the namespace is not set, validation of my document with xml schema won't
>> work. Of course, i could set it manually, but i sure i missed something,
>> because namespace is set in all the othe tag, and what i see in the code let
>> me think it should be set even for keyinfo...
>>
> Again, will you mind to attach the whole document, please?
>
>
> Aleksey
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sign1-tmpl.xml
Type: text/xml
Size: 799 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20050712/72282f9c/sign1-tmpl-0002.xml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sign1.c
Type: text/x-csrc
Size: 5771 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20050712/72282f9c/sign1-0002.bin

More information about the xmlsec mailing list