Re: Invalid Reference Signature when I try to refer some XMLObject element

[Sean Mullan]

Miroslav Nachev wrote:
Hi,
I need of help to find where is my mistake during signing process.
The case is:
I would like to sign some element which is part of "<dsig:Signature". 
This element is located in "<dsig:Object>" as sub-element named 
<xsd:SignedProperties Id="L1.S1-SignedProperties">. During signing 
process everything is OK, but when I try to verify the signature, the 
result is "Bad reference with URI='#L1.S1-SignedProperties'".

Before you validate the signature, you may need to register the ID 
attribute of the QualifyingProperties element using the 
IdResolver.registerElementById method (or 
DOMValidateContext.setIdAttributeNS if you are using the JSR 105 API). 
Otherwise it won't be able to find it.

Also, I could not find any source code that returns the error message 
"Bad reference ...". Can you send the stack trace of the exception?

--Sean


Can you help me or give me some suggestions where is the mistake?
At the end of the message is the XML Signature structure.


Best Regards,
Miroslav Nachev


<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; 
Id="L1.S1-Signature">
 <dsig:SignedInfo>
   <dsig:CanonicalizationMethod 
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
   <dsig:SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
   <dsig:Reference URI="#DOC1">
     <dsig:DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
     <dsig:DigestValue>...</dsig:DigestValue>
   </dsig:Reference>
   <dsig:Reference 
Type="http://uri.etsi.org/01903/v1.3.2#SignedProperties"; 
URI="#L1.S1-SignedProperties">
     <dsig:DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
     <dsig:DigestValue>...</dsig:DigestValue>
   </dsig:Reference>
   <dsig:Reference URI="#L1.S1-KeyInfo">
     <dsig:DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
     <dsig:DigestValue>...</dsig:DigestValue>
     </dsig:Reference>
   </dsig:SignedInfo>
   <dsig:SignatureValue Id="L1.S1-SignatureValue">...</dsig:SignatureValue>
   <dsig:KeyInfo Id="L1.S1-KeyInfo">
     <dsig:X509Data>...</dsig:X509Data>
   </dsig:KeyInfo>
   <dsig:Object>
     <xsd:QualifyingProperties 
xmlns:xsd="http://uri.etsi.org/01903/v1.3.2#"; 
Id="L1.S1-QualifyingProperties" Target="#L1.S1-Signature">
       <xsd:SignedProperties Id="L1.S1-SignedProperties">
         <xsd:SignedSignatureProperties>
           <xsd:SigningTime>2007-01-30T20:10:12+0200</xsd:SigningTime>
         </xsd:SignedSignatureProperties>
       </xsd:SignedProperties>
     </xsd:QualifyingProperties>
   </dsig:Object>
 <dsig:Object/>
</dsig:Signature>