[xmlsec] Signing a batch of signed elements
Marcus Pereira
marcus at task.com.br
Mon Nov 16 09:27:37 PST 2009
I think xmlsec1 is trying to use the wrong signature template to "fill".
<Reference URI="#1">
Is my command line arguments wrong or its a limitation of the program?
Marcus
Aleksey Sanin wrote:
>
> This sounds wrong:
>
> expr=xpointer(id('1'))
>
> Aleksey
>
>
>
> Marcus Pereira wrote:
>> I need to feed a government system that requires a signed xml that
>> contains a batch of signed xml elements.
>>
>> After signing the elements and building the final batch file xmlsec1
>> fails to sign it.
>>
>> It seems xmlsec1 is getting confused about the many "<Signature>"
>> elements in the xml. Although I think I am telling it what is the
>> right chain to sign the error shows a xpointer to the first signature
>> element and not the last one (the one the node-id refers).
>>
>> How can I solve this?
>>
>> Thanks for any help.
>> Marcus Pereira
>>
>> My command:
>> ---------------------------------------
>> $ xmlsec1 sign --pwd "xxxxxx" --id-attr:Id BatchObjects --node-id
>> "batch1" --privkey-pem mykey.pem batch_obj_tmpl.xml
>> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
>> library function failed:expr=xpointer(id('1'))
>> func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec
>> library function failed:
>> func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec
>> library function failed:
>> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec
>> library function failed:
>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec
>> library function failed:transform=xpointer
>> func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
>> library function failed:
>> func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec
>> library function failed:
>> func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
>> library function failed:node=Reference
>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
>> library function failed:
>> func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
>> library function failed:
>> Error: signature failed
>> Error: failed to sign file "batch_obj_tmpl.xml"
>> ---------------------------------------
>>
>> My Template:
>> ---------------------------------------
>> <?xml version="1.0"?>
>> <SendBatch xmlns="http://www.somelink.org/xsdlink.xsd">
>> <BatchObjects Id="batch1" version="1.00">
>> <BatchNumber>1</BatchNumber>
>> <SenderId>09812</SenderId>
>> <ObjectsCount>2</ObjectsCount>
>> <ObjectsList>
>> <Object>
>> <InfObject Id="1">
>> <Name>Object Example 1</Name>
>> <Status>1</Status>
>> <ObjectData>
>> <ObjDat1>
>> <MoreData>Test 1 Test 1 Test 1</MoreData>
>> </ObjDat1>
>> </ObjectData>
>> </InfObject>
>> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
>> Id="Sig_Object:1">
>> <SignedInfo>
>> <CanonicalizationMethod
>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
>>
>> <SignatureMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>> <Reference URI="#1">
>> <Transforms>
>> <Transform
>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>> </Transforms>
>> <DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>> <DigestValue>/xxx...DigestData2...xxx</DigestValue>
>> </Reference>
>> </SignedInfo>
>> <SignatureValue>/xxx...SignatureData2...xxx</SignatureValue>
>> <KeyInfo>
>> <X509Data>
>> <X509Certificate>MIIX509CertificateData</X509Certificate>
>> </X509Data>
>> </KeyInfo>
>> </Signature>
>> </Object>
>> <Object>
>> <InfObject Id="2">
>> <Name>Object Example 2</Name>
>> <ObjectData>
>> <ObjDat1>
>> <MoreData>Test 2 Test 2 Test 2</MoreData>
>> </ObjDat1>
>> </ObjectData>
>> </InfObject>
>> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
>> Id="Sig_Object:2">
>> <SignedInfo>
>> <CanonicalizationMethod
>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
>>
>> <SignatureMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>> <Reference URI="#2">
>> <Transforms>
>> <Transform
>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>> </Transforms>
>> <DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>> <DigestValue>/xxx...DigestData2...xxx</DigestValue>
>> </Reference>
>> </SignedInfo>
>> <SignatureValue>/xxx...SignatureData2...xxx</SignatureValue>
>> <KeyInfo>
>> <X509Data>
>> <X509Certificate>MIIX509CertificateData</X509Certificate>
>> </X509Data>
>> </KeyInfo>
>> </Signature>
>> </Object>
>> </ObjectsList>
>> </BatchObjects>
>> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="Sig_Batch1">
>> <SignedInfo>
>> <CanonicalizationMethod
>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
>>
>> <SignatureMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>> <Reference URI="#batch1">
>> <Transforms>
>> <Transform
>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>> </Transforms>
>> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>> <DigestValue/>
>> </Reference>
>> </SignedInfo>
>> <SignatureValue/>
>> <KeyInfo>
>> <X509Data>
>> <X509Certificate>MIIX509CertificateData</X509Certificate>
>> </X509Data>
>> </KeyInfo>
>> </Signature>
>> </SendBatch>
>> ---------------------------------------
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>
>
More information about the xmlsec
mailing list