I think xmlsec1 is trying to use the wrong signature template to "fill".
<Reference URI="#1">Is my command line arguments wrong or its a limitation of the program? Marcus Aleksey Sanin wrote:
This sounds wrong: expr=xpointer(id('1')) Aleksey Marcus Pereira wrote:I need to feed a government system that requires a signed xml that contains a batch of signed xml elements.After signing the elements and building the final batch file xmlsec1 fails to sign it.It seems xmlsec1 is getting confused about the many "<Signature>" elements in the xml. Although I think I am telling it what is the right chain to sign the error shows a xpointer to the first signature element and not the last one (the one the node-id refers).How can I solve this? Thanks for any help. Marcus Pereira My command: ---------------------------------------$ xmlsec1 sign --pwd "xxxxxx" --id-attr:Id BatchObjects --node-id "batch1" --privkey-pem mykey.pem batch_obj_tmpl.xml func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 library function failed:expr=xpointer(id('1')) func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed: func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed: func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec library function failed: func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=xpointer func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed: func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:node=Reference func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed: func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed:Error: signature failed Error: failed to sign file "batch_obj_tmpl.xml" --------------------------------------- My Template: --------------------------------------- <?xml version="1.0"?> <SendBatch xmlns="http://www.somelink.org/xsdlink.xsd";> <BatchObjects Id="batch1" version="1.00"> <BatchNumber>1</BatchNumber> <SenderId>09812</SenderId> <ObjectsCount>2</ObjectsCount> <ObjectsList> <Object> <InfObject Id="1"> <Name>Object Example 1</Name> <Status>1</Status> <ObjectData> <ObjDat1> <MoreData>Test 1 Test 1 Test 1</MoreData> </ObjDat1> </ObjectData> </InfObject><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"; Id="Sig_Object:1"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#1"> <Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>/xxx...DigestData2...xxx</DigestValue> </Reference> </SignedInfo> <SignatureValue>/xxx...SignatureData2...xxx</SignatureValue> <KeyInfo> <X509Data> <X509Certificate>MIIX509CertificateData</X509Certificate> </X509Data> </KeyInfo> </Signature> </Object> <Object> <InfObject Id="2"> <Name>Object Example 2</Name> <ObjectData> <ObjDat1> <MoreData>Test 2 Test 2 Test 2</MoreData> </ObjDat1> </ObjectData> </InfObject><Signature xmlns="http://www.w3.org/2000/09/xmldsig#"; Id="Sig_Object:2"><SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#2"> <Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><DigestValue>/xxx...DigestData2...xxx</DigestValue> </Reference> </SignedInfo> <SignatureValue>/xxx...SignatureData2...xxx</SignatureValue> <KeyInfo> <X509Data> <X509Certificate>MIIX509CertificateData</X509Certificate> </X509Data> </KeyInfo> </Signature> </Object> </ObjectsList> </BatchObjects> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"; Id="Sig_Batch1"> <SignedInfo><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><Reference URI="#batch1"> <Transforms><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></Transforms> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <DigestValue/> </Reference> </SignedInfo> <SignatureValue/> <KeyInfo> <X509Data> <X509Certificate>MIIX509CertificateData</X509Certificate> </X509Data> </KeyInfo> </Signature> </SendBatch> --------------------------------------- _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
