"Signature" node in the document has a namespace. "//Signature" xpath expression refers to a node without namespace. Try to change the
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"; Id="starthere"> ... </Signature>
to
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; Id="starthere"> ... </dsig:Signature>
and use a modified XPath expression
//dsig:[EMAIL PROTECTED]'starthere']Best, Aleksey
Wes Thomas wrote:
I have two signature elements in my doc. The first is already signed. The 2nd is the one I want to sign.
I'm using --node-xpath //[EMAIL PROTECTED]'starthere'] and all I get is "failed to find default node with name="Signature".
What gives?
Wes
------------------------------------------------------------------------
<REQUEST_GROUP _ID="uuidd4350970-76ec-4f70-ba76-01f6e451e2a9"> <SIGNATURES> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"; Id="Sig01"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116";> <XPath>not(not(ancestor-or-self::HEADER | ancestor-or-self::DATA | ancestor-or-self::VIEW))</XPath> </Transform> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>FxOs0kwERnP2OJqXvzq8FOTPfvg=</DigestValue> </Reference> <Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties"; URI="#EncomiaTamperSealDateTime01"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue>CjIppl9waS7qunS7L5LvRdokx4w=</DigestValue> </Reference> <Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties"; URI="#uuidc5fb087b-f225-4516-aa9c-22e1276a63ab"> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue/> </Reference> </SignedInfo> <SignatureValue>bUNRBnnWwLgCQdxFfElNAbxI397cclGOTBnb81lg3D0kKwNWKt9ZvYPA3DH1lm9Z dzT5npcz8biqXMKhd4xAGUBxlwk3cAstBPLIOyj20phEWzEGIgpJuRuuvbL/0sVP 3lZIMnNT4LG5RjYkQYaJQg91JHF7N1Svb2/hK0zZYeM=</SignatureValue> <KeyInfo> <KeyValue> <RSAKeyValue> <Modulus> mreoR32OMyHnPvmsm9XMpbnwPjX3JvnkYuvgEVLcdEAIOU+sFy9XzbS0hw/LZG2m kM2Vvrjk6WptSYINOTK9LiMlH+ed/hS0CCzn05GZU/UqbMAb7ELeX04Bfuc7hl3M mofFKegACguCRFjkfVsE/e7CCIKXs93Nd23bu+SCiZU= </Modulus> <Exponent> AQAB </Exponent> </RSAKeyValue> </KeyValue> <X509Data> <X509Certificate>MIIFFjCCA/6gAwIBAgIQDK/FTOu4TTesIFQffg6mZTANBgkqhkiG9w0BAQUFADCB 2DELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQL ExZWZXJpU2lnbiBUcnVzdCBOZXR3b3JrMT0wOwYDVQQLEzRUZXJtcyBvZiB1c2Ug YXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90ZXN0Y2EvMR8wHQYDVQQL ExZGb3IgVGVzdCBQdXJwb3NlcyBPbmx5MS8wLQYDVQQDEyZTSVNBQyBNZWRpdW0g QXNzdXJhbmNlIENsYXNzIDMgVEVTVCBDQTAeFw0wNDAzMDYwMDAwMDBaFw0wNTAz MDUyMzU5NTlaMIIBETELMAkGA1UEBhMCVVMxCzAJBgNVBAgUAlRYMRAwDgYDVQQH FAdIb3VzdG9uMRYwFAYDVQQKFA1TYW1wbGUgTGVuZGVyMTQwMgYDVQQLFCtNQkEg U0lTQUMgTWVkaXVtIEFzc3VyYW5jZSBURVNUIGNlcnRpZmljYXRlMT0wOwYDVQQL FDRUZXJtcyBvZiB1c2UgYXQgaHR0cHM6Ly93d3cudmVyaXNpZ24uY29tL2Nwcy90 ZXN0Y2EvMR8wHQYDVQQLFBZGb3IgVGVzdCBQdXJwb3NlcyBPbmx5MRMwEQYDVQQD EwpXZXMgVGhvbWFzMSAwHgYJKoZIhvcNAQkBFhFhZ2VudEBlbmNvbWlhLmNvbTCB nzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAmreoR32OMyHnPvmsm9XMpbnwPjX3 JvnkYuvgEVLcdEAIOU+sFy9XzbS0hw/LZG2mkM2Vvrjk6WptSYINOTK9LiMlH+ed /hS0CCzn05GZU/UqbMAb7ELeX04Bfuc7hl3MmofFKegACguCRFjkfVsE/e7CCIKX s93Nd23bu+SCiZUCAwEAAaOCASIwggEeMAwGA1UdEwEB/wQCMAAwSwYDVR0gBEQw QjBABgpghkgBhvhFAQcVMDIwMAYIKwYBBQUHAgEWJGh0dHBzOi8vd3d3LnZlcmlz aWduLmNvbS9jcHMvdGVzdGNhLzAOBgNVHQ8BAf8EBAMCBaAwNAYIKwYBBQUHAQEE KDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC52ZXJpc2lnbi5jb20wKAYDVR0f BCEwHzAdoBugGYYXaHR0cDovL2NybC52ZXJpc2lnbi5jb20wEQYJYIZIAYb4QgEB BAQDAgeAMB0GA1UdDgQWBBSy5hL8A9TnClJV7chrt362qOsFsDAfBgNVHSMEGDAW gBTMaYP4K2BCQUBgjagPXXAwvgrKszANBgkqhkiG9w0BAQUFAAOCAQEAQacgO3Du kPPmzabHOQ9VHoJlra6JGkGeaObLMY9YaKxF0/CruHlfbbkn/7h5UxEVzJjKivo5 mzE9L5pARJRSTy4vS2lk5mQ0fQKRHiYWTI+OoOeXa+fnUfKNHDsnCX6P8DgyQ5uO 6h+cIDyCfmiJLeimmaCgXCqphrAyJGhZ3hPHSypJsikIgM4wI+afvKJ66IN/G7TH UuKjrDifyJqg8nzBNMNma1ParHPyqk2YZupHF6bE4T2JN46CBuTjW/3qpPPA2FBl OtJ+b3p32OogZJsfQn971RY9tIcmF5fRyZH37D4L8iUnwj8/MvqcJ1Bgpptc5DzN gkDAYxuP7hTPVw==</X509Certificate> <X509SubjectName>[EMAIL PROTECTED],CN=Wes Thomas,OU=For Test Purposes Only,OU=Terms of use at https://www.verisign.com/cps/testca/,OU=MBA SISAC Medium Assurance TEST certificate,O=Sample Lender,L=Houston,ST=TX,C=US</X509SubjectName> <X509IssuerSerial> <X509IssuerName>CN=SISAC Medium Assurance Class 3 TEST CA,OU=For Test Purposes Only,OU=Terms of use at https://www.verisign.com/cps/testca/,OU=VeriSign Trust Network,O=VeriSign\, Inc.,C=US</X509IssuerName> <X509SerialNumber>16863389628646640081019990102011455077</X509SerialNumber> </X509IssuerSerial> </X509Data> </KeyInfo> <Object> <SignatureProperties> <SignatureProperty Id="EncomiaTamperSealDateTime01" Target="#Sig01"> <DateTimeStamp DateTime="2004-03-18T23:20:42Z"/> </SignatureProperty> </SignatureProperties> </Object> <KeyInfo> <KeyValue> <RSAKeyValue> <Modulus/> <Exponent/> </RSAKeyValue> </KeyValue> <X509Data> <X509Certificate/> <X509SubjectName/> <X509IssuerSerial/> </X509Data> </KeyInfo> <Object> <SignatureProperties> <SignatureProperty Id="uuidc5fb087b-f225-4516-aa9c-22e1276a63ab" Target="#Sig01"> <DateTimeStamp DateTime="2004-03-19T00:00:53Z"/> </SignatureProperty> </SignatureProperties> </Object> </Signature> </SIGNATURES> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"; Id="starthere"> <SignedInfo> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/> </Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue/> </Reference> </SignedInfo> <SignatureValue/> </Signature> </REQUEST_GROUP>
_______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
