That's an error in digest validation.
Aleksey
On 8/31/11 2:59 AM, cristian radu wrote:
Thank you Luiz,
It worked (sometimes I'm really blind - I missed that tag name)
Anyway now I have in output:
func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=unknown:error=12:invalid
data:data and digest do not match
FAIL
SignedInfo References (ok/all): 0/1
Manifests References (ok/all): 0/0
Is this the standard output for a failed signature validation ?
The XML is generated by a third app: Component Spaces .NET
Best regards,
Cristian Radu
----- Original Message -----
From: "[email protected]"<[email protected]>
To: cristian radu<[email protected]>
Cc: "[email protected]"<[email protected]>
Sent: Tuesday, August 30, 2011 6:02 PM
Subject: Re: [xmlsec] xmlsec Digest, Vol 88, Issue 7
Hi cristian
I got an similar problem as yours due Id keyword
i fixed by adding
'<!DOCTYPE test [<!ATTLIST infNFe Id ID #IMPLIED>]>'
in my xml i have
<?xml version="1.0" encoding="utf-8"?><envEvento
xmlns="http://www.portalfiscal.inf.br/nfe";
versao="1.01"><idLote>000000000000001</idLote><evento
xmlns="http://www.portalfiscal.inf.br/nfe"; versao="1.01"><infEvento
Id="ID1101103511080233882300023855213000003122199996877301"><cOrgao>35</cOrgao><tpAmb>2</tpAmb><CNPJ>02338823000238</CNPJ><chNFe>35110802338823000238552130000031221999968773</chNFe><dhEvento>2011-08-15T08:44:15-03:00</dhEvento><tpEvento>110110</tpEvento><nSeqEvento>1</nSeqEvento><verEvento>1.01</verEvento></infEvento></evento></envEvento>
Note the Id tag on infEvento
i fixed to sign/verify this xml by adding !DOCTYPE after xml tag
<?xml version="1.0" encoding="utf-8"?><!DOCTYPE test [<!ATTLIST infEvento
Id ID #IMPLIED>]><envEvento xmlns="http://www.portalfiscal.inf.br/nfe";
versao="1.01"><idLote>000000000000001</idLote><evento
xmlns="http://www.portalfiscal.inf.br/nfe"; versao="1.01"><infEvento
Id="ID1101103511080233882300023855213000003122199996877301"><cOrgao>35</cOrgao><tpAmb>2</tpAmb><CNPJ>02338823000238</CNPJ><chNFe>35110802338823000238552130000031221999968773</chNFe><dhEvento>2011-08-15T08:44:15-03:00</dhEvento><tpEvento>110110</tpEvento><nSeqEvento>1</nSeqEvento><verEvento>1.01</verEvento></infEvento></evento></envEvento>
Regards
Luiz
Thank you for the quick reply
Unfortunately I can't get it to work
Here is what I tried (the first 3 lines are the commands I've tried, the
id-attr in the last one is the actual ID from the saml doc - I am that
desperate):
~/ xmlsec1 --verify --id-attr ID --enable-visa3d-hack --trusted-pem
FedExOffice_SSO_Base64.pem saml.xml
~/ xmlsec1 --verify --id-attr "ID" --enable-visa3d-hack --trusted-pem
FedExOffice_SSO_Base64.pem saml.xml
~/ xmlsec1 --verify --id-attr _3b47431b-02d2-44ca-bee9-b6a5a60c7c94
--enable-visa3d-hack --trusted-pem FedExOffice_SSO_Base64.pem saml.xml
and this is the output:
func=xmlSecTransformVisa3DHackExecute:file=xpath.c:line=1114:obj=Visa3DHackTransform:subj=xmlGetID:error=5:libxml2
library function failed:id="_3b47431b-02d2-44ca-bee9-b6a5a60c7c94"
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2405:obj=Visa3DHackTransform:subj=xmlSecTransformExecute:error=1:xmlsec
library function failed:
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1236:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec
library function failed:transform=Visa3DHackTransform
func=xmlSecTransformCtxExecute:file=transforms.c:line=1296:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
library function failed:
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
library function failed:node=Reference
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
Error: signature failed
ERROR
SignedInfo References (ok/all): 0/1
Manifests References (ok/all): 0/0
Error: failed to verify file "saml.xml"
I really need the help on this one
Tank you
Cristian Radu
----- Original Message -----
From: "[email protected]"<[email protected]>
To: [email protected]
Cc:
Sent: Monday, August 29, 2011 10:00 PM
Subject: xmlsec Digest, Vol 88, Issue 7
Send xmlsec mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
http://www.aleksey.com/mailman/listinfo/xmlsec
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of xmlsec digest..."
Today's Topics:
1. ID tag related error (cristian radu)
2. Re: ID tag related error (Aleksey Sanin)
----------------------------------------------------------------------
Message: 1
Date: Mon, 29 Aug 2011 02:28:12 -0700 (PDT)
From: cristian radu<[email protected]>
To: "[email protected]"<[email protected]>
Subject: [xmlsec] ID tag related error
Message-ID:
<[email protected]>
Content-Type: text/plain; charset="us-ascii"
Hello,
I've installed xmlsec library and run a xml doc through it to verify the
signature. You can find the xml doc attached. The problem is that I get a
list of errors and the first is:
func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
library function
failed:expr=xpointer(id('_3b47431b-02d2-44ca-bee9-b6a5a60c7c94'))
I looked on FAQ section and saw the fix there but it doesn't work on my
case (the ID tag is uppercase and its value is compliant - from what I
know).
Any help would be greatly appreciated.
Cristian Radu
-------------- next part --------------
A non-text attachment was scrubbed...
Name: saml.xml
Type: application/octet-stream
Size: 5470 bytes
Desc: not available
URL:
<http://www.aleksey.com/pipermail/xmlsec/attachments/20110829/1ac705f3/attachment-0001.obj>
------------------------------
Message: 2
Date: Mon, 29 Aug 2011 06:23:23 -0700
From: Aleksey Sanin<[email protected]>
To: cristian radu<[email protected]>
Cc: "[email protected]"<[email protected]>
Subject: Re: [xmlsec] ID tag related error
Message-ID:<[email protected]>
Content-Type: text/plain; charset="iso-8859-1"; Format="flowed"
Do what FAQ says, that's the error.
Aleksey
On 8/29/11 2:28 AM, cristian radu wrote:
Hello,
I've installed xmlsec library and run a xml doc through it to verify the
signature. You can find the xml doc attached. The problem is that I get
a list of errors and the first is:
func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
library function
failed:expr=xpointer(id('_3b47431b-02d2-44ca-bee9-b6a5a60c7c94'))
I looked on FAQ section and saw the fix there but it doesn't work on my
case (the ID tag is uppercase and its value is compliant - from what I
know).
Any help would be greatly appreciated.
Cristian Radu
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://www.aleksey.com/pipermail/xmlsec/attachments/20110829/b977ee1d/attachment-0001.html>
------------------------------
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
End of xmlsec Digest, Vol 88, Issue 7
*************************************
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
