Dear Berin, Thank you for your help. I removed the corresponding transformation metod from the list belonging to the reference. This have eliminated the problem.
However, I really do not understand why this problem was occured by simply using this canonicalization over the XML document before enveloping. By using the .NET implementation everything worked fine. The document was signed by using the above mentioned canonicalization method and the signature can be validated sucessfully. Regardless of the .NET implementation, do I know something wrong? ----- Original Message ----- From: "Berin Lautenbach" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, February 01, 2004 3:41 AM Subject: Re: validating enveloped XML signature > Csaba, > > Your problem is (I think) your transforms. You have a c14n transform > (Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";) and then > an envelope transform > (Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature";). > > The transforms are performed in sequence. So the first transform will > serialise your document back into a byte stream, which is then passed > into the envelope transform, which will throw an exception because it > expects to be passed a set of DOM nodes. If you take the c14n transform > out, you should be right. > > Cheers, > Berin > > Csaba Vegso wrote: > > > Thanks for your quick answer Berin, > > > > The signature is enveloped in the document. I can walk through its elements > > by using DOM methods. It seems to be well-formatted. > > > > <Signature > > xmlns="http://www.w3.org/2000/09/xmldsig#";><SignedInfo><CanonicalizationMeth > > od Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; > > /><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; > > /><Reference URI=""><Transforms><Transform > > Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; /><Transform > > Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; > > /></Transforms><DigestMethod > > Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; > > /><DigestValue>fc2sS60XFckCVc4CovfFrseazSI=</DigestValue></Reference></Signe > > dInfo><SignatureValue>FU4nWLgwmO6QqPBPIOyu7eSwI91xD9UjUxL/3GSMcK8rC9cWMot4ex > > /593KWzEGL/nZ5N2+6s47AeM2gUZzwIM+LZmuan5RQRREZMMKyOqiuV0zl6xs8cFnP8rvw1Jh48R > > nINN91uwV7zDk8g//W7iFWTELwYcHhbFjIEt1QADw=</SignatureValue><KeyInfo><KeyValu > > e > > xmlns="http://www.w3.org/2000/09/xmldsig#";><RSAKeyValue><Modulus>pipNNVlJMT0 > > 2h5lFviz5xt+QJlmzxaaEmIm328+4G4k4fxuvKEtCN8+7/IGzu8VXm986Uil1/RhOW0msoelATKl > > oDR7FnftknvUfvKoiv0UxX6smG1Gmel3Vjj2/BGePI4K7cFMYIoUByQo6Dimyx0UTzPBqBjBMxMK > > A2098vqk=</Modulus><Exponent>AQAB</Exponent></RSAKeyValue></KeyValue></KeyIn > > fo></Signature> > > > > > > ----- Original Message ----- > > From: "Berin Lautenbach" <[EMAIL PROTECTED]> > > To: <[EMAIL PROTECTED]> > > Sent: Sunday, February 01, 2004 1:42 AM > > Subject: Re: validating enveloped XML signature > > > > > > > >>Csaba, > >> > >>An Envelope transform has to operate on the document the signature is > >>contained in, so it throws an exception if it finds that the input is > >>not a node set of some kind. > >> > >>Can you post a copy of the XML signature you are trying to validate? > >> > >>Cheers, > >>Berin > >> > >> > >>Csaba Vegso wrote: > >> > >> > >>>Dear all, > >>> > >>>I am trying to validate an enveloped XML signature by using XML Security > >>>v1.0. The verifyOnlySigniture() returns with true, but when I want > >>>to validate the signature > >>>over the whole document with the verify() method a > >>>TransformInputOutputFail > >>><http://xml.apache.org/security/c/apiDocs/classXSECException.html#w43w6> > > > > type > > > >>>of XSECException exception is catched (desc.: "XPath requires DOM_NODES > >>>input type"). As I am checking the downloaded source code, I see that > >>>the only one position where such type of exception is thrown is the > >>>TXFMEnvelope::setInput() method. > >>> > >>>I would be very grateful, if somebody could save me some time required > >>>by further debugging. > >>> > >>>I am using Xerces 2.4.0, Xalan 1.7.0 and openssl-0.9.7. I doubt it is > >>>matter, but the signiture was created by choosing RSA on Win2000. > >>> > >>>Thanks in advance, > >>> > >>>------------------------------------------------------------------------ > >>> > >>>*Csaba Vegso* > >>> > >>>Electrical Engineer > >>> > >>> > >>> > >>>Phone: +36 1 476 8437 > >>> > >>>Mobile: +36 30 242 0862 > >>> > >>>Geomant Call Center Solutions > >>> > >>> > >>> > >>> > >>> > >> > > > > > > >
