interop problem java to C++

Thu, 18 Jan 2007 04:29:46 -0800 

Hi All,
I am hoping that someone on this list may be able to give me some assistance with a problem I have been looking into for the past 4 days and can't seem to come up with any solution for. 


The problem manifests itself in the xml-security-c 3.0 code base (well 
appears to me to at any rate) with references failing to verify, eg 
Reference URI="#_12345-678901" failed to verify



I am currently creating signatures with canicalization method of 
exclusive with comments, an RSA SHA1 signature, a SHA1 digest and an 
enveloped transform. Example at the end of this message.



The XML document themselves are UTF-16 encoded and are created in Java, 
I have tried both the xmldsig implementation (JSR105) from the Java web 
services pack and the JSR105 implementation in the latest 1.4 java 
security libs (binary distribution from web site).



All generated documents from both JSR implementations validate correctly 
in Java space. A generated document with a single enveloped signature 
for the root node only will validate correctly in xmlsec-c.



The problem of invalid references arises in xmlsec-c code base when 
either a document has a single signature whose reference URI is some 
child node of the document or when the root node has a signature AND 
some child node of the document has a signature. (Validation with xerces 
2.7 always comes out correct)



I believe this is something I am doing wrong, possibly in some kind of 
setup but I can't pin point anything out of the ordinary, from debug 
output I am getting from the xmlsec-c side the various details about the 
reference such as the transform type and targetted URI seem to be in order.



Any suggestions on why I might be seeing this issue would be much 
appreciated. For reference I am using OpenSSL 0.9.8b, with no xalan 
support on Linux. I have also tried the RC2 of 3.1 with the same results 
as above. Please let me know if any other detail may be useful in 
diagnosing this and thanks in advance for your time.


regards,
Bradley


 For example:
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
                <ds:SignedInfo>
                        <ds:CanonicalizationMethod
                                
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments"; />

			<ds:SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />

                        <ds:Reference URI="#_12345-67890">
                                <ds:Transforms>

					<ds:Transform 
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"; />

                                </ds:Transforms>
                                <ds:DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
                                
<ds:DigestValue>p8iH5++jws3fFbJ6ry7j97JmazI=</ds:DigestValue>
                        </ds:Reference>
                </ds:SignedInfo>
                <ds:SignatureValue>

		 
ZttbWswqnKdRMKb4OEChYeANHzpc+g9iX35iiVdigvPoOn0Hug8EwPXWT1GZgDSNfjbtAV47P2AO
		 
jDM/dKlFB6wPqadsofi4sXYvvRU2uFWoKcNf8Y3t1hoFsjlx/s/G28pnIm7tJ4Qt+xUE51cPv2XA

                        T2iIWSVRHypCFUejWlY=
                </ds:SignatureValue>
                <ds:KeyInfo>
                        <ds:KeyName>myrsakey</ds:KeyName>
                </ds:KeyInfo>
        </ds:Signature>






















					Reply via email to