[xmlsec] Brackets in Reference
Hello Aleksey, Please find enclosed a signature produced by another toolkit which uses left and right brackets in its reference element. XMLSec seems to be objecting to the presence of the brackets. If I take them out, XMLSec gets further, but naturally complains about the data to digest compare. Reference URI=#Object[040327174718Z] Is this use legitimate ? Any ideas ? Ed C:\XMLSecxmlsec verify --store-references --crypto mscrypto inout/signedXMLDSIG .xml func=xmlSecXPathDataExecute:file=..\src\xpath.c:line=273:obj=unknown:subj=xmlXPt rEval:error=5:libxml2 library function failed:expr=xpointer(id('Object[040327174 718Z]'));last error=0 (0x);last error msg=The operation completed succes sfully. func=xmlSecXPathDataListExecute:file=..\src\xpath.c:line=356:obj=unknown:subj=xm lSecXPathDataExecute:error=1:xmlsec library function failed: ;last error=0 (0x00 00);last error msg=The operation completed successfully. func=xmlSecTransformXPathExecute:file=..\src\xpath.c:line=466:obj=xpointer:subj= xmlSecXPathDataExecute:error=1:xmlsec library function failed: ;last error=0 (0x );last error msg=The operation completed successfully. func=xmlSecTransformDefaultPushXml:file=..\src\transforms.c:line=2371:obj=xpoint er:subj=xmlSecTransformExecute:error=1:xmlsec library function failed: ;last err or=0 (0x);last error msg=The operation completed successfully. func=xmlSecTransformCtxXmlExecute:file=..\src\transforms.c:line=1207:obj=unknown :subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=xp ointer;last error=0 (0x);last error msg=The operation completed successf ully. func=xmlSecTransformCtxExecute:file=..\src\transforms.c:line=1267:obj=unknown:su bj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: ;last er ror=0 (0x);last error msg=The operation completed successfully. func=xmlSecDSigReferenceCtxProcessNode:file=..\src\xmldsig.c:line=1568:obj=unkno wn:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed: ;last error=0 (0x);last error msg=The operation completed successfully. func=xmlSecDSigCtxProcessSignedInfoNode:file=..\src\xmldsig.c:line=804:obj=unkno wn:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed :node=Reference;last error=0 (0x);last error msg=The operation completed successfully. func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=547:obj=unknow n:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed : ;last error=0 (0x);last error msg=The operation completed successfully . func=xmlSecDSigCtxVerify:file=..\src\xmldsig.c:line=366:obj=unknown:subj=xmlSecD SigCtxSigantureProcessNode:error=1:xmlsec library function failed: ;last error=0 (0x);last error msg=The operation completed successfully. Error: signature failed ERROR SignedInfo References (ok/all): 0/1 Manifests References (ok/all): 0/0 = VERIFICATION CONTEXT == Status: unknown == flags: 0x0006 == flags2: 0x == Key Info Read Ctx: = KEY INFO READ CONTEXT == flags: 0x == flags2: 0x == enabled key data: all == RetrievalMethod level (cur/max): 0/1 == TRANSFORMS CTX (status=0) == flags: 0x == flags2: 0x == enabled transforms: all === uri: NULL === uri xpointer expr: NULL == EncryptedKey level (cur/max): 0/1 == Key Info Write Ctx: = KEY INFO WRITE CONTEXT == flags: 0x == flags2: 0x == enabled key data: all == RetrievalMethod level (cur/max): 0/1 == TRANSFORMS CTX (status=0) == flags: 0x == flags2: 0x == enabled transforms: all === uri: NULL === uri xpointer expr: NULL == EncryptedKey level (cur/max): 0/1 == Signature Transform Ctx: == TRANSFORMS CTX (status=0) == flags: 0x == flags2: 0x == enabled transforms: all === uri: NULL === uri xpointer expr: NULL === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315) === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1) == Signature Method: === Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1) == SignedInfo References List: === list size: 1 = REFERENCE VERIFICATION CONTEXT == Status: unknown == URI: #Object[040327174718Z] == Reference Transform Ctx: == TRANSFORMS CTX (status=1) == flags: 0x == flags2: 0x == enabled transforms: all === uri: === uri xpointer expr: #Object[040327174718Z] === Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr) === Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315) === Transform: membuf-transform (href=NULL) === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) === Transform: membuf-transform (href=NULL) == Digest Method: === Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1) == Manifest References List: === list size: 0 Error: failed to verify file inout/signedXMLDSIG.xml?xml version=1.0 encoding=UTF-8? !DOCTYPE Signature Signature
Re: [xmlsec] Brackets in Reference
On Sat, Mar 27, 2004 at 01:02:12PM -0500, Edward Shallow wrote: Hello Aleksey, Please find enclosed a signature produced by another toolkit which uses left and right brackets in its reference element. XMLSec seems to be objecting to the presence of the brackets. If I take them out, XMLSec gets further, but naturally complains about the data to digest compare. Reference URI=#Object[040327174718Z] Is this use legitimate ? Any ideas ? [ and ] are not allowed in the Name production this might be the reason. Daniel -- Daniel Veillard | Red Hat Network https://rhn.redhat.com/ [EMAIL PROTECTED] | libxml GNOME XML XSLT toolkit http://xmlsoft.org/ http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/ ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Brackets in Reference
Reference URI=#Object[040327174718Z] Being pedantic: 1. That *may* be legal, since URI is of type anyURI. 2. Without the --dtdfile argument, xmlsec doesn't know that this is an IDREF/ID pair. 3. ID's are of type NAME, and cannot have square brackets in them; so foo Id='Object[], if Id is an attribute of type ID, is not legal XML. The toolkit you used is doing something wrong. /r$ -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec