I am not aware of any limitations in xmlsec that will prevent you
from doing what you described :)
Take a look at FAQ at http://www.aleksey.com/xmlsec
Aleksey
Marcus Pereira wrote:
I think xmlsec1 is trying to use the wrong signature template to "fill".
<Reference URI="#1">
Is my command line arguments wrong or its a limitation of the program?
Marcus
Aleksey Sanin wrote:
This sounds wrong:
expr=xpointer(id('1'))
Aleksey
Marcus Pereira wrote:
I need to feed a government system that requires a signed xml that
contains a batch of signed xml elements.
After signing the elements and building the final batch file xmlsec1
fails to sign it.
It seems xmlsec1 is getting confused about the many "<Signature>"
elements in the xml. Although I think I am telling it what is the
right chain to sign the error shows a xpointer to the first signature
element and not the last one (the one the node-id refers).
How can I solve this?
Thanks for any help.
Marcus Pereira
My command:
---------------------------------------
$ xmlsec1 sign --pwd "xxxxxx" --id-attr:Id BatchObjects --node-id
"batch1" --privkey-pem mykey.pem batch_obj_tmpl.xml
func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
library function failed:expr=xpointer(id('1'))
func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec
library function failed:transform=xpointer
func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
library function failed:
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
library function failed:node=Reference
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
Error: signature failed
Error: failed to sign file "batch_obj_tmpl.xml"
---------------------------------------
My Template:
---------------------------------------
<?xml version="1.0"?>
<SendBatch xmlns="http://www.somelink.org/xsdlink.xsd";>
<BatchObjects Id="batch1" version="1.00">
<BatchNumber>1</BatchNumber>
<SenderId>09812</SenderId>
<ObjectsCount>2</ObjectsCount>
<ObjectsList>
<Object>
<InfObject Id="1">
<Name>Object Example 1</Name>
<Status>1</Status>
<ObjectData>
<ObjDat1>
<MoreData>Test 1 Test 1 Test 1</MoreData>
</ObjDat1>
</ObjectData>
</InfObject>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";
Id="Sig_Object:1">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#1">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>/xxx...DigestData2...xxx</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>/xxx...SignatureData2...xxx</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIX509CertificateData</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Object>
<Object>
<InfObject Id="2">
<Name>Object Example 2</Name>
<ObjectData>
<ObjDat1>
<MoreData>Test 2 Test 2 Test 2</MoreData>
</ObjDat1>
</ObjectData>
</InfObject>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";
Id="Sig_Object:2">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#2">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>/xxx...DigestData2...xxx</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>/xxx...SignatureData2...xxx</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIIX509CertificateData</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</Object>
</ObjectsList>
</BatchObjects>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"; Id="Sig_Batch1">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#batch1">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue/>
</Reference>
</SignedInfo>
<SignatureValue/>
<KeyInfo>
<X509Data>
<X509Certificate>MIIX509CertificateData</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</SendBatch>
---------------------------------------
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
