[xmlsec] Trouble signing message with xmlSecTmplReferenceAddTransform type xmlSecTransformExclC14NId
Tim Tassonis
timtas at cubic.ch
Tue Nov 20 03:38:58 PST 2012
Hello List
I have to create a signed soap message to an application that expects a
reference with transport xmlSecTransformExclC14NId and not enveloped
transport.
I always get an error "invalid data:data and digest do not match".
What I did was:
signNode = xmlSecTmplSignatureCreateNsPref(doc, \
xmlSecTransformExclC14NId, \
xmlSecTransformRsaSha1Id, \
NULL, \
"ds");
xmlAddChild(xmlDocGetRootElement(doc), signNode);
refNode = xmlSecTmplSignatureAddReference(signNode, \
xmlSecTransformSha512Id, \
NULL, \
NULL, \
NULL);
xmlSecTmplReferenceAddTransform(refNode,xmlSecTransformExclC14NId);
/*
xmlSecTmplReferenceAddTransform(refNode,xmlSecTransformEnvelopedId);
*/
keyInfoNode = xmlSecTmplSignatureEnsureKeyInfo(signNode, NULL);
xmlSecTmplKeyInfoAddX509Data(keyInfoNode);
dsigCtx = xmlSecDSigCtxCreate(NULL);
dsigCtx->signKey = xmlSecCryptoAppKeyLoad(key_file, \
xmlSecKeyDataFormatPem, \
key_pass, \
NULL, \
NULL);
xmlSecCryptoAppKeyCertLoad(dsigCtx->signKey,crt_file,xmlSecKeyDataFormatPem);
xmlSecKeySetName(dsigCtx->signKey, "private.key");
xmlSecDSigCtxSign(dsigCtx, signNode);
(I do originally have all the checks for success of the operations in
place, I just removed them for brevity of this mail).
If I change xmlSecTransformExclC14NId to xmlSecTransformEnvelopedId in
xmlSecTmplReferenceAddTransform, verify3 reports success (but my
application doesn't accept it), but otherwise both verify3 and the
application report "invalid data:data and digest do not match".
What am I doing wrong here?
Kind regards
Tim
More information about the xmlsec
mailing list