Thank you Luiz,
It worked (sometimes I'm really blind - I missed that tag name) Anyway now I have in output: func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid data:data and digest do not match FAIL SignedInfo References (ok/all): 0/1 Manifests References (ok/all): 0/0 Is this the standard output for a failed signature validation ? The XML is generated by a third app: Component Spaces .NET Best regards, Cristian Radu ----- Original Message ----- From: "[email protected]" <[email protected]> To: cristian radu <[email protected]> Cc: "[email protected]" <[email protected]> Sent: Tuesday, August 30, 2011 6:02 PM Subject: Re: [xmlsec] xmlsec Digest, Vol 88, Issue 7 Hi cristian I got an similar problem as yours due Id keyword i fixed by adding '<!DOCTYPE test [<!ATTLIST infNFe Id ID #IMPLIED>]>' in my xml i have <?xml version="1.0" encoding="utf-8"?><envEvento xmlns="http://www.portalfiscal.inf.br/nfe"; versao="1.01"><idLote>000000000000001</idLote><evento xmlns="http://www.portalfiscal.inf.br/nfe"; versao="1.01"><infEvento Id="ID1101103511080233882300023855213000003122199996877301"><cOrgao>35</cOrgao><tpAmb>2</tpAmb><CNPJ>02338823000238</CNPJ><chNFe>35110802338823000238552130000031221999968773</chNFe><dhEvento>2011-08-15T08:44:15-03:00</dhEvento><tpEvento>110110</tpEvento><nSeqEvento>1</nSeqEvento><verEvento>1.01</verEvento></infEvento></evento></envEvento> Note the Id tag on infEvento i fixed to sign/verify this xml by adding !DOCTYPE after xml tag <?xml version="1.0" encoding="utf-8"?><!DOCTYPE test [<!ATTLIST infEvento Id ID #IMPLIED>]><envEvento xmlns="http://www.portalfiscal.inf.br/nfe"; versao="1.01"><idLote>000000000000001</idLote><evento xmlns="http://www.portalfiscal.inf.br/nfe"; versao="1.01"><infEvento Id="ID1101103511080233882300023855213000003122199996877301"><cOrgao>35</cOrgao><tpAmb>2</tpAmb><CNPJ>02338823000238</CNPJ><chNFe>35110802338823000238552130000031221999968773</chNFe><dhEvento>2011-08-15T08:44:15-03:00</dhEvento><tpEvento>110110</tpEvento><nSeqEvento>1</nSeqEvento><verEvento>1.01</verEvento></infEvento></evento></envEvento> Regards Luiz > Thank you for the quick reply > > Unfortunately I can't get it to work > > Here is what I tried (the first 3 lines are the commands I've tried, the > id-attr in the last one is the actual ID from the saml doc - I am that > desperate): > > ~/ xmlsec1 --verify --id-attr ID --enable-visa3d-hack --trusted-pem > FedExOffice_SSO_Base64.pem saml.xml > > ~/ xmlsec1 --verify --id-attr "ID" --enable-visa3d-hack --trusted-pem > FedExOffice_SSO_Base64.pem saml.xml > > ~/ xmlsec1 --verify --id-attr _3b47431b-02d2-44ca-bee9-b6a5a60c7c94 > --enable-visa3d-hack --trusted-pem FedExOffice_SSO_Base64.pem saml.xml > > and this is the output: > > > func=xmlSecTransformVisa3DHackExecute:file=xpath.c:line=1114:obj=Visa3DHackTransform:subj=xmlGetID:error=5:libxml2 > library function failed:id="_3b47431b-02d2-44ca-bee9-b6a5a60c7c94" > func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2405:obj=Visa3DHackTransform:subj=xmlSecTransformExecute:error=1:xmlsec > library function failed: > func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1236:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec > library function failed:transform=Visa3DHackTransform > func=xmlSecTransformCtxExecute:file=transforms.c:line=1296:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec > library function failed: > func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec > library function failed: > func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec > library function failed:node=Reference > func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec > library function failed: > func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec > library function failed: > Error: signature failed > ERROR > SignedInfo References (ok/all): 0/1 > Manifests References (ok/all): 0/0 > Error: failed to verify file "saml.xml" > > > > I really need the help on this one > Tank you > > Cristian Radu > > > > > ----- Original Message ----- > From: "[email protected]" <[email protected]> > To: [email protected] > Cc: > Sent: Monday, August 29, 2011 10:00 PM > Subject: xmlsec Digest, Vol 88, Issue 7 > > Send xmlsec mailing list submissions to > [email protected] > > To subscribe or unsubscribe via the World Wide Web, visit > http://www.aleksey.com/mailman/listinfo/xmlsec > or, via email, send a message with subject or body 'help' to > [email protected] > > You can reach the person managing the list at > [email protected] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of xmlsec digest..." > > > Today's Topics: > > 1. ID tag related error (cristian radu) > 2. Re: ID tag related error (Aleksey Sanin) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Mon, 29 Aug 2011 02:28:12 -0700 (PDT) > From: cristian radu <[email protected]> > To: "[email protected]" <[email protected]> > Subject: [xmlsec] ID tag related error > Message-ID: > <[email protected]> > Content-Type: text/plain; charset="us-ascii" > > Hello, > > I've installed xmlsec library and run a xml doc through it to verify the > signature. You can find the xml doc attached. The problem is that I get a > list of errors and the first is: > func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 > library function > failed:expr=xpointer(id('_3b47431b-02d2-44ca-bee9-b6a5a60c7c94')) > > I looked on FAQ section and saw the fix there but it doesn't work on my > case (the ID tag is uppercase and its value is compliant - from what I > know). > > Any help would be greatly appreciated. > > Cristian Radu > -------------- next part -------------- > A non-text attachment was scrubbed... > Name: saml.xml > Type: application/octet-stream > Size: 5470 bytes > Desc: not available > URL: > <http://www.aleksey.com/pipermail/xmlsec/attachments/20110829/1ac705f3/attachment-0001.obj> > > ------------------------------ > > Message: 2 > Date: Mon, 29 Aug 2011 06:23:23 -0700 > From: Aleksey Sanin <[email protected]> > To: cristian radu <[email protected]> > Cc: "[email protected]" <[email protected]> > Subject: Re: [xmlsec] ID tag related error > Message-ID: <[email protected]> > Content-Type: text/plain; charset="iso-8859-1"; Format="flowed" > > Do what FAQ says, that's the error. > > Aleksey > > > On 8/29/11 2:28 AM, cristian radu wrote: >> Hello, >> >> I've installed xmlsec library and run a xml doc through it to verify the >> signature. You can find the xml doc attached. The problem is that I get >> a list of errors and the first is: >> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 >> library function >> failed:expr=xpointer(id('_3b47431b-02d2-44ca-bee9-b6a5a60c7c94')) >> >> I looked on FAQ section and saw the fix there but it doesn't work on my >> case (the ID tag is uppercase and its value is compliant - from what I >> know). >> >> Any help would be greatly appreciated. >> >> Cristian Radu >> >> >> _______________________________________________ >> xmlsec mailing list >> [email protected] >> http://www.aleksey.com/mailman/listinfo/xmlsec > -------------- next part -------------- > An HTML attachment was scrubbed... > URL: > <http://www.aleksey.com/pipermail/xmlsec/attachments/20110829/b977ee1d/attachment-0001.html> > > ------------------------------ > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec > > > End of xmlsec Digest, Vol 88, Issue 7 > ************************************* > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
