[xmlsec] xmlsec Digest, Vol 88, Issue 7

Aleksey Sanin aleksey at aleksey.com
Wed Aug 31 09:07:57 PDT 2011 

That's an error in digest validation.

Aleksey


On 8/31/11 2:59 AM, cristian radu wrote:
> Thank you Luiz,
>
>
> It worked (sometimes I'm really blind - I missed that tag name)
>
>
> Anyway now I have in output:
>
> func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match
> FAIL
> SignedInfo References (ok/all): 0/1
> Manifests References (ok/all): 0/0
>
> Is this the standard output for a failed signature validation ?
>
> The XML is generated by a third app: Component Spaces .NET
>
>
> Best regards,
>
> Cristian Radu
>
>
>
>
>
> ----- Original Message -----
> From: "luiz at xharbour.com.br"<luiz at xharbour.com.br>
> To: cristian radu<kris_ro at yahoo.com>
> Cc: "xmlsec at aleksey.com"<xmlsec at aleksey.com>
> Sent: Tuesday, August 30, 2011 6:02 PM
> Subject: Re: [xmlsec] xmlsec Digest, Vol 88, Issue 7
>
> Hi cristian
>
> I got an similar problem  as yours due Id keyword
>
> i fixed by adding
>
>      '<!DOCTYPE test [<!ATTLIST infNFe Id ID #IMPLIED>]>'
>
> in my xml i have
>
> <?xml version="1.0" encoding="utf-8"?><envEvento
> xmlns="http://www.portalfiscal.inf.br/nfe"
> versao="1.01"><idLote>000000000000001</idLote><evento
> xmlns="http://www.portalfiscal.inf.br/nfe" versao="1.01"><infEvento
> Id="ID1101103511080233882300023855213000003122199996877301"><cOrgao>35</cOrgao><tpAmb>2</tpAmb><CNPJ>02338823000238</CNPJ><chNFe>35110802338823000238552130000031221999968773</chNFe><dhEvento>2011-08-15T08:44:15-03:00</dhEvento><tpEvento>110110</tpEvento><nSeqEvento>1</nSeqEvento><verEvento>1.01</verEvento></infEvento></evento></envEvento>
>
> Note the Id tag on infEvento
>
> i fixed to sign/verify this xml by adding !DOCTYPE after xml tag
>
> <?xml version="1.0" encoding="utf-8"?><!DOCTYPE test [<!ATTLIST infEvento
> Id ID #IMPLIED>]><envEvento xmlns="http://www.portalfiscal.inf.br/nfe"
> versao="1.01"><idLote>000000000000001</idLote><evento
> xmlns="http://www.portalfiscal.inf.br/nfe" versao="1.01"><infEvento
> Id="ID1101103511080233882300023855213000003122199996877301"><cOrgao>35</cOrgao><tpAmb>2</tpAmb><CNPJ>02338823000238</CNPJ><chNFe>35110802338823000238552130000031221999968773</chNFe><dhEvento>2011-08-15T08:44:15-03:00</dhEvento><tpEvento>110110</tpEvento><nSeqEvento>1</nSeqEvento><verEvento>1.01</verEvento></infEvento></evento></envEvento>
>
>
> Regards
> Luiz
>
>
>> Thank you for the quick reply
>>
>> Unfortunately I can't get it to work
>>
>> Here is what I tried (the first 3 lines are the commands I've tried, the
>> id-attr in the last one is the actual ID from the saml doc - I am that
>> desperate):
>>
>> ~/ xmlsec1 --verify --id-attr ID --enable-visa3d-hack --trusted-pem
>> FedExOffice_SSO_Base64.pem saml.xml
>>
>> ~/ xmlsec1 --verify --id-attr "ID" --enable-visa3d-hack --trusted-pem
>> FedExOffice_SSO_Base64.pem saml.xml
>>
>> ~/ xmlsec1 --verify --id-attr _3b47431b-02d2-44ca-bee9-b6a5a60c7c94
>> --enable-visa3d-hack --trusted-pem FedExOffice_SSO_Base64.pem saml.xml
>>
>> and this is the output:
>>
>>
>> func=xmlSecTransformVisa3DHackExecute:file=xpath.c:line=1114:obj=Visa3DHackTransform:subj=xmlGetID:error=5:libxml2
>> library function failed:id="_3b47431b-02d2-44ca-bee9-b6a5a60c7c94"
>> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2405:obj=Visa3DHackTransform:subj=xmlSecTransformExecute:error=1:xmlsec
>> library function failed:
>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1236:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec
>> library function failed:transform=Visa3DHackTransform
>> func=xmlSecTransformCtxExecute:file=transforms.c:line=1296:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
>> library function failed:
>> func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec
>> library function failed:
>> func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
>> library function failed:node=Reference
>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
>> library function failed:
>> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
>> library function failed:
>> Error: signature failed
>> ERROR
>> SignedInfo References (ok/all): 0/1
>> Manifests References (ok/all): 0/0
>> Error: failed to verify file "saml.xml"
>>
>>
>>
>> I really need the help on this one
>> Tank you
>>
>> Cristian Radu
>>
>>
>>
>>
>> ----- Original Message -----
>> From: "xmlsec-request at aleksey.com"<xmlsec-request at aleksey.com>
>> To: xmlsec at aleksey.com
>> Cc:
>> Sent: Monday, August 29, 2011 10:00 PM
>> Subject: xmlsec Digest, Vol 88, Issue 7
>>
>> Send xmlsec mailing list submissions to
>>      xmlsec at aleksey.com
>>
>> To subscribe or unsubscribe via the World Wide Web, visit
>>      http://www.aleksey.com/mailman/listinfo/xmlsec
>> or, via email, send a message with subject or body 'help' to
>>      xmlsec-request at aleksey.com
>>
>> You can reach the person managing the list at
>>      xmlsec-owner at aleksey.com
>>
>> When replying, please edit your Subject line so it is more specific
>> than "Re: Contents of xmlsec digest..."
>>
>>
>> Today's Topics:
>>
>>     1. ID tag related error (cristian radu)
>>     2. Re: ID tag related error (Aleksey Sanin)
>>
>>
>> ----------------------------------------------------------------------
>>
>> Message: 1
>> Date: Mon, 29 Aug 2011 02:28:12 -0700 (PDT)
>> From: cristian radu<kris_ro at yahoo.com>
>> To: "xmlsec at aleksey.com"<xmlsec at aleksey.com>
>> Subject: [xmlsec] ID tag related error
>> Message-ID:
>>      <1314610092.84239.YahooMailNeo at web30303.mail.mud.yahoo.com>
>> Content-Type: text/plain; charset="us-ascii"
>>
>> Hello,
>>
>> I've installed xmlsec library and run a xml doc through it to verify the
>> signature. You can find the xml doc attached. The problem is that I get a
>> list of errors and the first is:
>> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
>> library function
>> failed:expr=xpointer(id('_3b47431b-02d2-44ca-bee9-b6a5a60c7c94'))
>>
>> I looked on FAQ section and saw the fix there but it doesn't work on my
>> case (the ID tag is uppercase and its value is compliant - from what I
>> know).
>>
>> Any help would be greatly appreciated.
>>
>> Cristian Radu
>> -------------- next part --------------
>> A non-text attachment was scrubbed...
>> Name: saml.xml
>> Type: application/octet-stream
>> Size: 5470 bytes
>> Desc: not available
>> URL:
>> <http://www.aleksey.com/pipermail/xmlsec/attachments/20110829/1ac705f3/attachment-0001.obj>
>>
>> ------------------------------
>>
>> Message: 2
>> Date: Mon, 29 Aug 2011 06:23:23 -0700
>> From: Aleksey Sanin<aleksey at aleksey.com>
>> To: cristian radu<kris_ro at yahoo.com>
>> Cc: "xmlsec at aleksey.com"<xmlsec at aleksey.com>
>> Subject: Re: [xmlsec] ID tag related error
>> Message-ID:<4E5B92CB.10309 at aleksey.com>
>> Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
>>
>> Do what FAQ says, that's the error.
>>
>> Aleksey
>>
>>
>> On 8/29/11 2:28 AM, cristian radu wrote:
>>> Hello,
>>>
>>> I've installed xmlsec library and run a xml doc through it to verify the
>>> signature. You can find the xml doc attached. The problem is that I get
>>> a list of errors and the first is:
>>> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
>>> library function
>>> failed:expr=xpointer(id('_3b47431b-02d2-44ca-bee9-b6a5a60c7c94'))
>>>
>>> I looked on FAQ section and saw the fix there but it doesn't work on my
>>> case (the ID tag is uppercase and its value is compliant - from what I
>>> know).
>>>
>>> Any help would be greatly appreciated.
>>>
>>> Cristian Radu
>>>
>>>
>>> _______________________________________________
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>> -------------- next part --------------
>> An HTML attachment was scrubbed...
>> URL:
>> <http://www.aleksey.com/pipermail/xmlsec/attachments/20110829/b977ee1d/attachment-0001.html>
>>
>> ------------------------------
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
>>
>> End of xmlsec Digest, Vol 88, Issue 7
>> *************************************
>>
>> _______________________________________________
>> xmlsec mailing list
>> xmlsec at aleksey.com
>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec

More information about the xmlsec mailing list