Your problem is (I think) your transforms. You have a c14n transform (Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";) and then an envelope transform (Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";).
The transforms are performed in sequence. So the first transform will serialise your document back into a byte stream, which is then passed into the envelope transform, which will throw an exception because it expects to be passed a set of DOM nodes. If you take the c14n transform out, you should be right.
Cheers,
BerinCsaba Vegso wrote:
Thanks for your quick answer Berin,
The signature is enveloped in the document. I can walk through its elements by using DOM methods. It seems to be well-formatted.
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMeth od Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /><Reference URI=""><Transforms><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; /><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; /></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; /><DigestValue>fc2sS60XFckCVc4CovfFrseazSI=</DigestValue></Reference></Signe dInfo><SignatureValue>FU4nWLgwmO6QqPBPIOyu7eSwI91xD9UjUxL/3GSMcK8rC9cWMot4ex /593KWzEGL/nZ5N2+6s47AeM2gUZzwIM+LZmuan5RQRREZMMKyOqiuV0zl6xs8cFnP8rvw1Jh48R nINN91uwV7zDk8g//W7iFWTELwYcHhbFjIEt1QADw=</SignatureValue><KeyInfo><KeyValu e xmlns="http://www.w3.org/2000/09/xmldsig#";><RSAKeyValue><Modulus>pipNNVlJMT0 2h5lFviz5xt+QJlmzxaaEmIm328+4G4k4fxuvKEtCN8+7/IGzu8VXm986Uil1/RhOW0msoelATKl oDR7FnftknvUfvKoiv0UxX6smG1Gmel3Vjj2/BGePI4K7cFMYIoUByQo6Dimyx0UTzPBqBjBMxMK A2098vqk=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyIn fo></Signature>
----- Original Message ----- From: "Berin Lautenbach" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 01, 2004 1:42 AM Subject: Re: validating enveloped XML signature
Csaba,
An Envelope transform has to operate on the document the signature is contained in, so it throws an exception if it finds that the input is not a node set of some kind.
Can you post a copy of the XML signature you are trying to validate?
Cheers, Berin
Csaba Vegso wrote:
Dear all,
I am trying to validate an enveloped XML signature by using XML Security v1.0. The verifyOnlySigniture() returns with true, but when I want to validate the signature over the whole document with the verify() method a TransformInputOutputFail <http://xml.apache.org/security/c/apiDocs/classXSECException.html#w43w6>
type
of XSECException exception is catched (desc.: "XPath requires DOM_NODES input type"). As I am checking the downloaded source code, I see that the only one position where such type of exception is thrown is the TXFMEnvelope::setInput() method.
I would be very grateful, if somebody could save me some time required by further debugging.
I am using Xerces 2.4.0, Xalan 1.7.0 and openssl-0.9.7. I doubt it is matter, but the signiture was created by choosing RSA on Win2000.
Thanks in advance,
------------------------------------------------------------------------
*Csaba Vegso*
Electrical Engineer
Phone: +36 1 476 8437
Mobile: +36 30 242 0862
Geomant Call Center Solutions
