As we already have discussed several times, Visa 3D protocol does not follow XML/XPointer/XMLDSig specifications when it declares "id" attribute as CDATA instead of ID and uses invalid ID values (like "12345" or "aaa+bbb") for these attributes.
However, Visa 3D protocol is an important use case thus I have
decided to implement a *special hack* for ones who have to work
with it. This change is available in CVS and would be included
in the next xmlsec release. Explanations are placed in FAQ (see bellow).
For example, after implementing this hack you would be able to verify a Visa 3D documents with xmlsec command line utility using the following command line:
xmlsec1 verify --enable-visa3d-hack --id-attr PARes --trusted some.cert some.xml
Again, this is a hack, use it on your own risk!
Aleksey
From the FAQ: --------------------------
3.3. I am trying to sign/validate a document but xmlXPtrEval function can't evaluate "xpointer(id('XXXXXXX'))" expression. What's wrong?
First of all, read section 3.2 <cid:[EMAIL PROTECTED]> about ID attributes. If you have tried to declare
required ID attribute in DTD as it is described and you still have problems then
I would guess that you are playing with Visa 3D protocol. This protocol tries to
reference to an "id" attribute defined as CDATA instead of ID in the DTD and
it is impossible in XML as described in section 3.2 <cid:[EMAIL PROTECTED]>. Even worse, the value of
this Visa 3D "id" attribute may start from number or contain "+" or "/" characters
which is impossible for ID attribute <http://www.w3.org/TR/REC-xml#sec-attribute-types>. Based on this, I have to say that Visa 3D
protocol does not use XML or XMLDSig specifications. And if you can then
you should probably let Visa guys know about this problem (thought it was
already done several times).
The only good solution for this problem is changing Visa 3D protocol. However,
it might take time. As a short term solution you can use a special "Visa 3D specific"
hack in xmlsec. Please note, that nobody (including me) knows what else
might be broken in your application if you decide to use this hack. You are on
your own here because this hack makes your application to work with non-XML
and non-XMLDSig but some "Visa 3D" files.
In order to process "Visa 3D" documents, you need to do two things:
* Register ID attributes manually (|xmlAddID| function or
|--id-attr| option for
xmlsec command line utility).
* Enable Visa 3D hack in XML DSig context (|dsigCtx->flags |=
XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK| or |--enable-visa3d-hack| option
for xmlsec command line utility).This is a *hack*. *You are warned!*
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
