You mean xmlsec can't work in URI case? On 8/1/13 9:43 AM, "Aleksey Sanin" <[email protected]> wrote:
>I am sorry but you need to read XML DTD spec and XMLDsig spec as well. >Unfortunately, this is required reading if you want to use xmlsec >library. > > > >Aleksey > >On 7/31/13 6:40 PM, Jeffrey Jin (jefjin) wrote: >> Hi Aleksey, >> >> Thanks for your quick replay. You mean I need to change attribute URI to >> ID? Like this: >> "<ds:Reference ID="#s29c0153b613859ac1c788536d2a924d65e643b308" >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>" >> >> If my understanding is correct, there has two issues coming: >> 1) it's saml response from ci, I need to change the URI to ID when I >> receive the response >> 2) when I change URI to ID, yes, below error is gone, but I got error: >> >>func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=u >>nk >> nown:error=12:invalid data:data and digest do not match >> RESULT: Signature is INVALID >> >> I can make sure I use the correct public key to verify, it should be >> VALID. I'm worry about changing URI to ID whether has problem. I check >>the >> URI type in anyURI on http://www.w3.org/2000/09/xmldsig# and >> URI="#s29c0153b613859ac1c788536d2a924d65e643b308"identifies a node-set >> containing the element with ID attribute value >> 's29c0153b613859ac1c788536d2a924d65e643b308' of the XML resource >> containing the signature. XML Signature (and its applications) modify >>this >> node-set to include the element plus all descendants including >>namespaces >> and attributes -- but not comments. >> >> -Jeffrey >> >> On 8/1/13 2:00 AM, "Aleksey Sanin" <[email protected]> wrote: >> >>> You need to define ID attribute to the element where it is specified, >>> not to the Reference element where it is used >>> >>> Aleksey >>> >>> On 7/31/13 12:25 AM, Jeffrey Jin (jefjin) wrote: >>>> Hi xmlsec team, >>>> >>>> I use xmlsec library to verify signature whether correct. But when >>>>saml >>>> response include "<ds:Reference >>>> URI="#s29c0153b613859ac1c788536d2a924d65e643b308" >>>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>" >>>> I got the error: >>>> >>>> >>>> >>>>func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlX >>>>Pt >>>> rEval:error=5:libxml2 library function >>>> failed:expr=xpointer(id('s29c0153b613859ac1c788536d2a924d65e643b308')) >>>> >>>> >>>>func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj= >>>>xm >>>> lSecXPathDataExecute:error=1:xmlsec library function failed: >>>> >>>> >>>>func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:sub >>>>j= >>>> xmlSecXPathDataExecute:error=1:xmlsec library function failed: >>>> >>>> >>>>func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2405:obj=xpoi >>>>nt >>>> er:subj=xmlSecTransformExecute:error=1:xmlsec library function failed: >>>> >>>> >>>>func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1236:obj=unkno >>>>wn >>>> :subj=xmlSecTransformPushXml:error=1:xmlsec library function >>>> failed:transform=xpointer >>>> >>>> >>>>func=xmlSecTransformCtxExecute:file=transforms.c:line=1296:obj=unknown: >>>>su >>>> bj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function >>>>failed: >>>> >>>> >>>>func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unk >>>>no >>>> wn:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function >>>> failed: >>>> >>>> >>>>func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unk >>>>no >>>> wn:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library >>>> function failed:node=Reference >>>> >>>> >>>>func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unkn >>>>ow >>>> n:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library >>>> function failed: >>>> >>>> >>>>func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSe >>>>cD >>>> SigCtxSigantureProcessNode:error=1:xmlsec library function failed: >>>> Error: signature verification failed >>>> >>>> >>>> I found the answer of similar issue from >>>> http://www.aleksey.com/xmlsec/faq.html >>>> >>>> So I add the DTD: >>>> >>>> <!DOCTYPE test [ >>>> <!ATTLIST ds:Reference URI ID #IMPLIED> >>>> ]> >>>> >>>> But it doesn't work. Someone can help me out. >>>> >>>> Thanks in advance. >>>> >>>> >>>> -Jeffrey >>>> >>>> >>>> >>>> _______________________________________________ >>>> xmlsec mailing list >>>> [email protected] >>>> http://www.aleksey.com/mailman/listinfo/xmlsec >>>> >> _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
