[xmlsec] unable to dereference URI
Aleksey Sanin
aleksey at aleksey.com
Wed Jul 31 18:59:43 PDT 2013
Well, it means that I failed to explain what needs to be done in my
first email and I don't have any other ides how to do it.
Aleksey
On 7/31/13 6:57 PM, Jeffrey Jin (jefjin) wrote:
> You mean xmlsec can't work in URI case?
>
> On 8/1/13 9:43 AM, "Aleksey Sanin" <aleksey at aleksey.com> wrote:
>
>> I am sorry but you need to read XML DTD spec and XMLDsig spec as well.
>> Unfortunately, this is required reading if you want to use xmlsec
>> library.
>>
>>
>>
>> Aleksey
>>
>> On 7/31/13 6:40 PM, Jeffrey Jin (jefjin) wrote:
>>> Hi Aleksey,
>>>
>>> Thanks for your quick replay. You mean I need to change attribute URI to
>>> ID? Like this:
>>> "<ds:Reference ID="#s29c0153b613859ac1c788536d2a924d65e643b308"
>>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">"
>>>
>>> If my understanding is correct, there has two issues coming:
>>> 1) it's saml response from ci, I need to change the URI to ID when I
>>> receive the response
>>> 2) when I change URI to ID, yes, below error is gone, but I got error:
>>>
>>> func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=u
>>> nk
>>> nown:error=12:invalid data:data and digest do not match
>>> RESULT: Signature is INVALID
>>>
>>> I can make sure I use the correct public key to verify, it should be
>>> VALID. I'm worry about changing URI to ID whether has problem. I check
>>> the
>>> URI type in anyURI on http://www.w3.org/2000/09/xmldsig# and
>>> URI="#s29c0153b613859ac1c788536d2a924d65e643b308"identifies a node-set
>>> containing the element with ID attribute value
>>> 's29c0153b613859ac1c788536d2a924d65e643b308' of the XML resource
>>> containing the signature. XML Signature (and its applications) modify
>>> this
>>> node-set to include the element plus all descendants including
>>> namespaces
>>> and attributes -- but not comments.
>>>
>>> -Jeffrey
>>>
>>> On 8/1/13 2:00 AM, "Aleksey Sanin" <aleksey at aleksey.com> wrote:
>>>
>>>> You need to define ID attribute to the element where it is specified,
>>>> not to the Reference element where it is used
>>>>
>>>> Aleksey
>>>>
>>>> On 7/31/13 12:25 AM, Jeffrey Jin (jefjin) wrote:
>>>>> Hi xmlsec team,
>>>>>
>>>>> I use xmlsec library to verify signature whether correct. But when
>>>>> saml
>>>>> response include "<ds:Reference
>>>>> URI="#s29c0153b613859ac1c788536d2a924d65e643b308"
>>>>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">"
>>>>> I got the error:
>>>>>
>>>>>
>>>>>
>>>>> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlX
>>>>> Pt
>>>>> rEval:error=5:libxml2 library function
>>>>> failed:expr=xpointer(id('s29c0153b613859ac1c788536d2a924d65e643b308'))
>>>>>
>>>>>
>>>>> func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=
>>>>> xm
>>>>> lSecXPathDataExecute:error=1:xmlsec library function failed:
>>>>>
>>>>>
>>>>> func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:sub
>>>>> j=
>>>>> xmlSecXPathDataExecute:error=1:xmlsec library function failed:
>>>>>
>>>>>
>>>>> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2405:obj=xpoi
>>>>> nt
>>>>> er:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:
>>>>>
>>>>>
>>>>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1236:obj=unkno
>>>>> wn
>>>>> :subj=xmlSecTransformPushXml:error=1:xmlsec library function
>>>>> failed:transform=xpointer
>>>>>
>>>>>
>>>>> func=xmlSecTransformCtxExecute:file=transforms.c:line=1296:obj=unknown:
>>>>> su
>>>>> bj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function
>>>>> failed:
>>>>>
>>>>>
>>>>> func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unk
>>>>> no
>>>>> wn:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function
>>>>> failed:
>>>>>
>>>>>
>>>>> func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unk
>>>>> no
>>>>> wn:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library
>>>>> function failed:node=Reference
>>>>>
>>>>>
>>>>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unkn
>>>>> ow
>>>>> n:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library
>>>>> function failed:
>>>>>
>>>>>
>>>>> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSe
>>>>> cD
>>>>> SigCtxSigantureProcessNode:error=1:xmlsec library function failed:
>>>>> Error: signature verification failed
>>>>>
>>>>>
>>>>> I found the answer of similar issue from
>>>>> http://www.aleksey.com/xmlsec/faq.html
>>>>>
>>>>> So I add the DTD:
>>>>>
>>>>> <!DOCTYPE test [
>>>>> <!ATTLIST ds:Reference URI ID #IMPLIED>
>>>>> ]>
>>>>>
>>>>> But it doesn't work. Someone can help me out.
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>>>
>>>>> -Jeffrey
>>>>>
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> xmlsec mailing list
>>>>> xmlsec at aleksey.com
>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec
>>>>>
>>>
>
More information about the xmlsec
mailing list