[xmlsec] Signing a batch of signed elements

Aleksey Sanin aleksey at aleksey.com
Mon Nov 16 09:45:25 PST 2009 

I am not aware of any limitations in xmlsec that will prevent you
from doing what you described :)

Take a look at FAQ at http://www.aleksey.com/xmlsec

Aleksey

Marcus Pereira wrote:
> I think xmlsec1 is trying to use the wrong signature template to "fill".
>       <Reference URI="#1">
> 
> Is my command line arguments wrong or its a limitation of the program?
> 
> Marcus
> 
> 
> 
> Aleksey Sanin wrote:
>>
>> This sounds wrong:
>>
>> expr=xpointer(id('1'))
>>
>> Aleksey
>>
>>
>>
>> Marcus Pereira wrote:
>>> I need to feed a government system that requires a signed xml that 
>>> contains a batch of signed xml elements.
>>>
>>> After signing the elements and building the final batch file xmlsec1 
>>> fails to sign it.
>>>
>>> It seems xmlsec1 is getting confused about the many "<Signature>" 
>>> elements in the xml. Although I think I am telling it what is the 
>>> right chain to sign the error shows a xpointer to the first signature 
>>> element and not the last one (the one the node-id refers).
>>>
>>> How can I solve this?
>>>
>>> Thanks for any help.
>>>  Marcus Pereira
>>>
>>> My command:
>>> ---------------------------------------
>>> $ xmlsec1 sign --pwd "xxxxxx" --id-attr:Id BatchObjects --node-id 
>>> "batch1" --privkey-pem mykey.pem batch_obj_tmpl.xml
>>> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 
>>> library function failed:expr=xpointer(id('1'))
>>> func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec 
>>> library function failed:
>>> func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec 
>>> library function failed:
>>> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec 
>>> library function failed:
>>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec 
>>> library function failed:transform=xpointer
>>> func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec 
>>> library function failed:
>>> func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec 
>>> library function failed:
>>> func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec 
>>> library function failed:node=Reference
>>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec 
>>> library function failed:
>>> func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec 
>>> library function failed:
>>> Error: signature failed
>>> Error: failed to sign file "batch_obj_tmpl.xml"
>>> ---------------------------------------
>>>
>>> My Template:
>>> ---------------------------------------
>>> <?xml version="1.0"?>
>>> <SendBatch xmlns="http://www.somelink.org/xsdlink.xsd">
>>> <BatchObjects Id="batch1" version="1.00">
>>>  <BatchNumber>1</BatchNumber>
>>>  <SenderId>09812</SenderId>
>>>  <ObjectsCount>2</ObjectsCount>
>>>  <ObjectsList>
>>>    <Object>
>>>     <InfObject Id="1">
>>>      <Name>Object Example 1</Name>
>>>      <Status>1</Status>
>>>      <ObjectData>
>>>       <ObjDat1>
>>>        <MoreData>Test 1 Test 1 Test 1</MoreData>
>>>       </ObjDat1>
>>>      </ObjectData>
>>>     </InfObject>
>>>     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" 
>>> Id="Sig_Object:1">
>>>      <SignedInfo>
>>>        <CanonicalizationMethod 
>>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> 
>>>
>>>        <SignatureMethod 
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>>>        <Reference URI="#1">
>>>          <Transforms>
>>>            <Transform 
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>>>          </Transforms>
>>>          <DigestMethod 
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>>          <DigestValue>/xxx...DigestData2...xxx</DigestValue>
>>>        </Reference>
>>>      </SignedInfo>
>>>      <SignatureValue>/xxx...SignatureData2...xxx</SignatureValue>
>>>      <KeyInfo>
>>>        <X509Data>
>>>          <X509Certificate>MIIX509CertificateData</X509Certificate>
>>>        </X509Data>
>>>      </KeyInfo>
>>>     </Signature>
>>>    </Object>
>>>    <Object>
>>>     <InfObject Id="2">
>>>      <Name>Object Example 2</Name>
>>>      <ObjectData>
>>>       <ObjDat1>
>>>        <MoreData>Test 2 Test 2 Test 2</MoreData>
>>>       </ObjDat1>
>>>      </ObjectData>
>>>     </InfObject>
>>>     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" 
>>> Id="Sig_Object:2">
>>>      <SignedInfo>
>>>        <CanonicalizationMethod 
>>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> 
>>>
>>>        <SignatureMethod 
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>>>        <Reference URI="#2">
>>>          <Transforms>
>>>            <Transform 
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>>>          </Transforms>
>>>          <DigestMethod 
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>>          <DigestValue>/xxx...DigestData2...xxx</DigestValue>
>>>        </Reference>
>>>       </SignedInfo>
>>>      <SignatureValue>/xxx...SignatureData2...xxx</SignatureValue>
>>>      <KeyInfo>
>>>        <X509Data>
>>>          <X509Certificate>MIIX509CertificateData</X509Certificate>
>>>        </X509Data>
>>>      </KeyInfo>
>>>     </Signature>
>>>    </Object>
>>>  </ObjectsList>
>>> </BatchObjects>
>>> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="Sig_Batch1">
>>>  <SignedInfo>
>>>    <CanonicalizationMethod 
>>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> 
>>>
>>>    <SignatureMethod 
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>>>    <Reference URI="#batch1">
>>>      <Transforms>
>>>        <Transform 
>>> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>>>      </Transforms>
>>>      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>>>      <DigestValue/>
>>>    </Reference>
>>>  </SignedInfo>
>>>  <SignatureValue/>
>>>  <KeyInfo>
>>>    <X509Data>
>>>      <X509Certificate>MIIX509CertificateData</X509Certificate>
>>>    </X509Data>
>>>  </KeyInfo>
>>> </Signature>
>>> </SendBatch>
>>> ---------------------------------------
>>>
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>>
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list