[xmlsec] Signature in different namespace
Aleksey Sanin
aleksey at aleksey.com
Mon Oct 15 13:00:34 PDT 2012
I don't see example but "ds:SignatureType" defines Signature node in
the DS namespace.
Aleksey
On 10/15/12 12:56 PM, Simon Josefsson wrote:
> Hi. I want to implement support for signing/verifying PSKC data (RFC
> 6030) which uses xmldsig. The XML schema is here:
>
> http://tools.ietf.org/html/rfc6030#section-11
>
> In particular it refer to xmldsig like this:
>
> <xs:element name="Signature"
> type="ds:SignatureType" minOccurs="0"/>
>
> As far as I can tell (and this is reinforced by the example in section 7
> of RFC 6030), this means the XML will have a Signature element in the
> PSKC namespace but with children from the xmldsig namespace. For
> example:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <KeyContainer
> xmlns="urn:ietf:params:xml:ns:keyprov:pskc"
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
> Version="1.0">
> <KeyPackage>
> ...
> </KeyPackage>
> <Signature>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> ...
>
> I'm having trouble making XMLSec cope with this. xmlSecDSigCtxSign
> calls xmlSecDSigCtxProcessSignatureNode which starts with:
>
> if(!xmlSecCheckNodeName(node, xmlSecNodeSignature, xmlSecDSigNs)) {
> xmlSecError(XMLSEC_ERRORS_HERE,
>
> So I get a hard error when trying to sign with a Signature node that
> isn't in the xmldsig namespace. Any ideas on what could be done here?
>
> (Sorry if you get a similar email later on, I recently subscribed to
> re-send this e-mail.)
>
> Thanks,
> /Simon
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>
More information about the xmlsec
mailing list