Hello Aleksey,
Please find enclosed a signature produced by another toolkit which uses
left and right brackets in its reference element. XMLSec seems to be
objecting to the presence of the brackets. If I take them out, XMLSec gets
further, but naturally complains about the data to digest compare.
<Reference URI="#Object[040327174718Z]">
Is this use legitimate ? Any ideas ?
Ed
C:\XMLSec>xmlsec verify --store-references --crypto mscrypto inout/signedXMLDSIG
.xml
func=xmlSecXPathDataExecute:file=..\src\xpath.c:line=273:obj=unknown:subj=xmlXPt
rEval:error=5:libxml2 library function failed:expr=xpointer(id('Object[040327174
718Z]'));last error=0 (0x00000000);last error msg=The operation completed succes
sfully.
func=xmlSecXPathDataListExecute:file=..\src\xpath.c:line=356:obj=unknown:subj=xm
lSecXPathDataExecute:error=1:xmlsec library function failed: ;last error=0 (0x00
000000);last error msg=The operation completed successfully.
func=xmlSecTransformXPathExecute:file=..\src\xpath.c:line=466:obj=xpointer:subj=
xmlSecXPathDataExecute:error=1:xmlsec library function failed: ;last error=0 (0x
00000000);last error msg=The operation completed successfully.
func=xmlSecTransformDefaultPushXml:file=..\src\transforms.c:line=2371:obj=xpoint
er:subj=xmlSecTransformExecute:error=1:xmlsec library function failed: ;last err
or=0 (0x00000000);last error msg=The operation completed successfully.
func=xmlSecTransformCtxXmlExecute:file=..\src\transforms.c:line=1207:obj=unknown
:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=xp
ointer;last error=0 (0x00000000);last error msg=The operation completed successf
ully.
func=xmlSecTransformCtxExecute:file=..\src\transforms.c:line=1267:obj=unknown:su
bj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: ;last er
ror=0 (0x00000000);last error msg=The operation completed successfully.
func=xmlSecDSigReferenceCtxProcessNode:file=..\src\xmldsig.c:line=1568:obj=unkno
wn:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed: ;last
error=0 (0x00000000);last error msg=The operation completed successfully.
func=xmlSecDSigCtxProcessSignedInfoNode:file=..\src\xmldsig.c:line=804:obj=unkno
wn:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed
:node=Reference;last error=0 (0x00000000);last error msg=The operation completed
successfully.
func=xmlSecDSigCtxProcessSignatureNode:file=..\src\xmldsig.c:line=547:obj=unknow
n:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed
: ;last error=0 (0x00000000);last error msg=The operation completed successfully
.
func=xmlSecDSigCtxVerify:file=..\src\xmldsig.c:line=366:obj=unknown:subj=xmlSecD
SigCtxSigantureProcessNode:error=1:xmlsec library function failed: ;last error=0
(0x00000000);last error msg=The operation completed successfully.
Error: signature failed
ERROR
SignedInfo References (ok/all): 0/1
Manifests References (ok/all): 0/0
= VERIFICATION CONTEXT
== Status: unknown
== flags: 0x00000006
== flags2: 0x00000000
== Key Info Read Ctx:
= KEY INFO READ CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
== Key Info Write Ctx:
= KEY INFO WRITE CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
== Signature Transform Ctx:
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
=== Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
== Signature Method:
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
== SignedInfo References List:
=== list size: 1
= REFERENCE VERIFICATION CONTEXT
== Status: unknown
== URI: "#Object[040327174718Z]"
== Reference Transform Ctx:
== TRANSFORMS CTX (status=1)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri:
=== uri xpointer expr: #Object[040327174718Z]
=== Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr)
=== Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
=== Transform: membuf-transform (href=NULL)
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
=== Transform: membuf-transform (href=NULL)
== Digest Method:
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
== Manifest References List:
=== list size: 0
Error: failed to verify file "inout/signedXMLDSIG.xml"<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE Signature>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Object[040327174718Z]">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>Arau9ZBqfn0zta/D/bcK9L5SbzQ=</DigestValue></Reference>
<Reference URI="#SigningTime[040327174718Z]">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>RgfQ3qRhHGSfIacxwW+1ZdRrU28=</DigestValue></Reference></SignedInfo>
<SignatureValue>s/O9quSaqvMK1Kt9l1+rNzRmUwqfuWSrWYq1XqYVcX1KOkYRkaiduYimjAqZGJViEQDVnlwp8HKnEKEyHy2NaYwlXz1qfFchcxdQ1ZjbriMZ059IdzZdF+qAmqaJ4ArRJaxuXvdjolULGUua8RkMaJqFMDv0GYuZ0ivW4+1s/C8=</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>ubjLPyp1MoESkWWRVUL1k93pHo9NF4YFtJmEz04lse0UOybq0u+fbopFioTnf8YrE685U0/90cS1YDd1BgHjdOvysJ1KvggQWdJZ5Y8+g2fUStxK9zJihx7f722wT+RX9egr3plc5DNyTtO0V9eUahq1YeCL0A4NKy3tCy5TzoE=</Modulus>
<Exponent>AQAB</Exponent></RSAKeyValue></KeyValue>
<X509Data>
<X509SubjectName>C=CA, ST=Ontario, L=Ottawa, O=Canada Post Corporation, O=For Test Use Only, OU=Electronic Post Mark, CN=Electronic Post Mark Signature, [EMAIL PROTECTED]</X509SubjectName>
<X509Certificate>MIIEYjCCA0qgAwIBAgIBATANBgkqhkiG9w0BAQUFADCB8zELMAkGA1UEBhMCQ0ExEDAOBgNVBAgTB09udGFyaW8xDzANBgNVBAcTBk90dGF3YTEgMB4GA1UEChMXQ2FuYWRhIFBvc3QgQ29ycG9yYXRpb24xGjAYBgNVBAoTEUZvciBUZXN0IFVzZSBPbmx5MR0wGwYDVQQLExRFbGVjdHJvbmljIFBvc3QgTWFyazE2MDQGA1UEAxMtQ2FuYWRhIFBvc3QgQ29ycG9yYXRpb24gQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSwwKgYJKoZIhvcNAQkBFh1TZWN1cml0eU9mZmljZXJAY2FuYWRhcG9zdC5jYTAeFw0wMzA0MDYxODM2MzdaFw0wNDA0MDUxODM2MzdaMIHkMQswCQYDVQQGEwJDQTEQMA4GA1UECBMHT250YXJpbzEPMA0GA1UEBxMGT3R0YXdhMSAwHgYDVQQKExdDYW5hZGEgUG9zdCBDb3Jwb3JhdGlvbjEaMBgGA1UEChMRRm9yIFRlc3QgVXNlIE9ubHkxHTAbBgNVBAsTFEVsZWN0cm9uaWMgUG9zdCBNYXJrMScwJQYDVQQDEx5FbGVjdHJvbmljIFBvc3QgTWFyayBTaWduYXR1cmUxLDAqBgkqhkiG9w0BCQEWHVNlY3VyaXR5T2ZmaWNlckBjYW5hZGFwb3N0LmNhMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC5uMs/KnUygRKRZZFVQvWT3ekej00XhgW0mYTPTiWx7RQ7JurS759uikWKhOd/xisTrzlTT/3RxLVgN3UGAeN06/KwnUq+CBBZ0lnljz6DZ9RK3Er3MmKHHt/vbbBP5Ff16CvemVzkM3JO07RX15RqGrVh4IvQDg0rLe0LLlPOgQIDAQABo4GRMIGOMA8GA1UdEwQIMAYBAf8CAQAwHQYDVR0OBBYEFKZR/M4ixWJmIpuiwA77ZkNW2YIDMB8GA1UdIwQYMBaAFDlJBm7JMYyBXc1i6V4IYkQvK3pqMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9jYTEudXB1LmludC9tYXN0ZXIuY3JsMAsGA1UdDwQEAwIHgDANBgkqhkiG9w0BAQUFAAOCAQEAhm6+mjqr2JlFHNWYbjZMMmnmF3/iuwdJNT7YLumEThpo1D6oNpcfIDO+fjc01ydgQPxHVd/DtyDddPYH1IrNwpN2drGgwvBPCPabXu0tkTQRK2cdeEaollYGbg4VdI9rLOsapVcUjHhxwX5nn0wKWYeC1Kg8fPh8VA+7yb8OIpokkaPVO1ZEAYiuL5vghUtGRm1g1LG035FH6TifGx8lwi19uXaC8+zTQhASm3AbiZCJZ6ni7JxylU5ktJMXFZGvw5mjb4VDNeNKWp+47DYhT7lJLB438pQd5l22Tly9qKpCxO/xyaUC8s+PfesNQnKqJmcApGdC6avmBeBot/KNPw==</X509Certificate></X509Data></KeyInfo>
<Object Id="Object[040327174718Z]" Encoding="http://www.w3.org/2000/09/xmldsig#base64";>RGF0YSBJIHdhbnQgdG8gc2lnbi4gRWQgVGVzdCBEZWNlbWJlciAyOCAyMDAzIDEwOjM1</Object>
<Object>
<SignatureProperties>
<SignatureProperty Id="SigningTime[040327174718Z]">
<signingtime>040327174718Z</signingtime></SignatureProperty></SignatureProperties></Object></Signature>
