Well, it's a known issue and it was discussed on xmlsec mailing list
many times.
The last time was last week :)
http://www.aleksey.com/pipermail/xmlsec/2003/001527.html
(read on this is a long thread).
Breifly: Visa protocol breaks several XML specifications because
"939..." could not
be an ID attribute. You may hack libxml2 and make it work. But I have
no idea what
else woud you break and what kind of other security issues may show up.
Aleksey
Jason Coon wrote:
ok,
I know I should not do this but I am desperate. I am trying to verify this
xml message with the root cert. Yes this is VISA. Anyway. I get this
message. I have tried xmlsec1 and the examples and your online tool and
everything I do I get this error also attaching DTD to declare node. I
think it is a bug though I can verify other types of xml signatures. lo
Sun solaris
xmlsec1 1.1.1 (openssl)
libxml2 20511
OpenSSL 0.9.7b 10 Apr 2003
Any Help would be appreciated.
sincerally Jason Coon
func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEv
al:error=5:libxml2 library function failed:expr=xpointer(id('939123509'))
func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSe
cXPathDataExecute:error=1:xmlsec library function failed:
func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xml
SecXPathDataExecute:error=1:xmlsec library function failed:
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2332:obj=xpointer:
subj=xmlSecTransformExecute:error=1:xmlsec library function failed:
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1168:obj=unknown:su
bj=xmlSecTransformPushXml:error=1:xmlsec library function
failed:transform=xpointer
func=xmlSecTransformCtxExecute:file=transforms.c:line=1228:obj=unknown:subj=
xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed:
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1564:obj=unknown:
subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:
subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function
failed:node=Reference
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:s
ubj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function
failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSig
CtxSigantureProcessNode:error=1:xmlsec library function failed:
Error: signature verification failed
<ThreeDSecure><Message id="PAReq20030928111313"><PARes
id="939123509"><version>1.0.2</version><Merchant
<acqBIN>11111111111</acqBIN><merID>12AB,cd/34-EF -g,5/H-67</merID></Mercha
nt><Purchase><xid>MDAwMDAwM
jAwMzA5MjgxMTEzMTM=</xid><date>20030928
11:13:13</date><purchAmount>123456</purchAmount><currency>840</
currency><exponent>2</exponent></Purchase><pan>0000000001000</pan><TX><time>
20030928 16:12:46</time><st
atus>Y</status><cavv>AAABBJg0VhI0VniQEjRWAAAAAAA=</cavv><eci>03</eci><cavvAl
gorithm>1</cavvAlgorithm></
TX></PARes><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo
xmlns="http://www.w3.org/2
000/09/xmldsig#"><CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></
CanonicalizationMethod><SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></Signat
ureMethod><Reference URI="#939123509"><DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1">
</DigestMethod><DigestValue>qbtokjyh7AaUwsfV3NdOtYraVVY=</DigestValue></Refe
rence></SignedInfo><Signatu
reValue>kGlOMSgqHlKo2mU5dcrVz2XJgl+fyyAxEQ61pD8XPOmNBH0C80PbmvBnrKD6UkpfoUhc
lCxL/zW/3RT1hTNY2pgf9FqSYAv
xthEDpmKyaQT6y77Eo3WTpSBOyV3XrH3xD4Mu76K8ZHNSuf1FRBvoDjO0CGEMW4VgupziCjgIeag
=</SignatureValue><KeyInfo>
<X509Data><X509Certificate>MIICJTCCAY6gAwIBAgIVANr+5nC2js/XYLb4IjL9N32xM8AGM
A0GCSqGSIb3DQEBBQUAMEcxCzAJ
BgNVBAYTAlVTMRAwDgYDVQQKEwdDYXJhZGFzMRUwEwYDVQQLEwxDYXJhZGFzIExhYnMxDzANBgNV
BAMTBkNUSCBDQTAeFw0wMzA4MTk
xNDIyNTVaFw0wNTA4MTgxNDIyNTVaMEQxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDYXJhZGFzMRU
wEwYDVQQLEwxDYXJhZGFzIExhYn
MxDDAKBgNVBAMTA0NUSDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAnwMTpPBfeChZ/q+nT+
4pHsX1JQXHCPTzoAO1CBfvtgmqh
lRmKNhB9k+/tvKZMF5K/FQ879lW6MDEjq+2Sezz2FjUF9GZDjqJC/VzbeINji0kj8tYdjkqDAcu3
6Q/n4A7LmZqtY+7FAbN53rLWaSv
1Nx4Gk/JdLdOmHuwtp8E+xcCAwEAAaMQMA4wDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQUFAAOB
gQAq7k89O6UZCAcPY074dluCQAa
6ditQmX32g2Lzda8n3uBU5pD0JQqpxWCWriD3m2zcZHLjjXpMJSzd2CRl1HsGrTkLFGLs27iG/fR
Nv+9RLkPWV/GulBKWk+WGTiHAoI
umIoYZYvz7L8lWJRw0bKvBXj3W42uxyacGr3HyWa1HDQ==</X509Certificate><X509Certifi
cate>MIICLzCCAZigAwIBAgIUDP
wVD8SyBkFHsDnddWtKGyIqUxEwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UEBhMCVVMxEDAOBgNVBA
oTB0NhcmFkYXMxFTATBgNVBAsTD
ENhcmFkYXMgTGFiczERMA8GA1UEAxMIQ1RIIFJPT1QwHhcNMDMwODE5MTQyMjUzWhcNMDcwODE4M
TQyMjUzWjBHMQswCQYDVQQGEwJV
UzEQMA4GA1UEChMHQ2FyYWRhczEVMBMGA1UECxMMQ2FyYWRhcyBMYWJzMQ8wDQYDVQQDEwZDVEgg
Q0EwgZ8wDQYJKoZIhvcNAQEBBQA
DgY0AMIGJAoGBAJRiE7jros/yRb7tmenId3UeArIKyQ9/g4926zYYPkVx8k/iNIEimsRvjWOyv5V
ca6fOtRBO6zsMmgUVziRnNGDIXi
Vlp7zDlqJR/4o3gFBjfKfHYfe1RJLZfl2yHF6A8xJGYZNhGD/rQb1I6qy1S/ayluY5x2oftL8xsn
il2oCFAgMBAAGjFjAUMBIGA1UdE
wEB/wQIMAYBAf8CAQAwDQYJKoZIhvcNAQEFBQADgYEAL5qy3xM/LGrzE0WghCGwzWSYOWzMAOfek
3pL5At9hQuL7/UCh5u9vRTFCgLs
R6EveIzuqrHb7dfnLpXIyoOyL5eVG7YBn5xtR1WSUdxWdIsm1Yuxbrw8IlQXSgCc3KVQAIoT9zlc
HUzGzf3PUVrm578tfRjKP1ya+tL
NoDoGXvg=</X509Certificate><X509Certificate>MIICMjCCAZugAwIBAgIVAJoV+yURqXHF
8zXECfEhRqpwzCMwMA0GCSqGSIb
3DQEBBQUAMEkxCzAJBgNVBAYTAlVTMRAwDgYDVQQKEwdDYXJhZGFzMRUwEwYDVQQLEwxDYXJhZGF
zIExhYnMxETAPBgNVBAMTCENUSC
BST09UMB4XDTAzMDgxOTE0MjI1MVoXDTExMDgxNzE0MjI1MVowSTELMAkGA1UEBhMCVVMxEDAOBg
NVBAoTB0NhcmFkYXMxFTATBgNVB
AsTDENhcmFkYXMgTGFiczERMA8GA1UEAxMIQ1RIIFJPT1QwgZ8wDQYJKoZIhvcNAQEBBQADgY0AM
IGJAoGBAIrpC9h6fesI1FnpSHH+
dP+JaY3FitHMW9LHBLpdCSEzAVe6VJOZO7Ycw49iDKkhPCrSZk/59RXD+3+vYqukFL0FLfG2GFTA
1c9YU94dqBovrmwbMP7HYN82PmQ
tifzGMeS9d7znDx+AqlDU1eXCZMVdHSsz/qneP8LSydrMaU/RAgMBAAGjFjAUMBIGA1UdEwEB/wQ
IMAYBAf8CAQEwDQYJKoZIhvcNAQ
EFBQADgYEAZdRIyN/SSPQ3bLunDVKxanOLDiXfczxGMnQZWK47fQfWdbqqEINrcObagSw44Ba9pF
Z796DXn5XPZOkLuhrgLSwVVVqkU
WLeUaRPEFGDXQMk9XqrbCpivQix1Hr+9DgWWiqg0snC7JkD6rieQ8NIuj+bD83vnuhOW/nLEuLSf
xk=</X509Certificate></X509
Data></KeyInfo></Signature></Message></ThreeDSecure>
|
