Well, it means that I failed to explain what needs to be done in my first email and I don't have any other ides how to do it.
Aleksey On 7/31/13 6:57 PM, Jeffrey Jin (jefjin) wrote: > You mean xmlsec can't work in URI case? > > On 8/1/13 9:43 AM, "Aleksey Sanin" <[email protected]> wrote: > >> I am sorry but you need to read XML DTD spec and XMLDsig spec as well. >> Unfortunately, this is required reading if you want to use xmlsec >> library. >> >> >> >> Aleksey >> >> On 7/31/13 6:40 PM, Jeffrey Jin (jefjin) wrote: >>> Hi Aleksey, >>> >>> Thanks for your quick replay. You mean I need to change attribute URI to >>> ID? Like this: >>> "<ds:Reference ID="#s29c0153b613859ac1c788536d2a924d65e643b308" >>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>" >>> >>> If my understanding is correct, there has two issues coming: >>> 1) it's saml response from ci, I need to change the URI to ID when I >>> receive the response >>> 2) when I change URI to ID, yes, below error is gone, but I got error: >>> >>> func=xmlSecOpenSSLEvpDigestVerify:file=digests.c:line=229:obj=sha1:subj=u >>> nk >>> nown:error=12:invalid data:data and digest do not match >>> RESULT: Signature is INVALID >>> >>> I can make sure I use the correct public key to verify, it should be >>> VALID. I'm worry about changing URI to ID whether has problem. I check >>> the >>> URI type in anyURI on http://www.w3.org/2000/09/xmldsig# and >>> URI="#s29c0153b613859ac1c788536d2a924d65e643b308"identifies a node-set >>> containing the element with ID attribute value >>> 's29c0153b613859ac1c788536d2a924d65e643b308' of the XML resource >>> containing the signature. XML Signature (and its applications) modify >>> this >>> node-set to include the element plus all descendants including >>> namespaces >>> and attributes -- but not comments. >>> >>> -Jeffrey >>> >>> On 8/1/13 2:00 AM, "Aleksey Sanin" <[email protected]> wrote: >>> >>>> You need to define ID attribute to the element where it is specified, >>>> not to the Reference element where it is used >>>> >>>> Aleksey >>>> >>>> On 7/31/13 12:25 AM, Jeffrey Jin (jefjin) wrote: >>>>> Hi xmlsec team, >>>>> >>>>> I use xmlsec library to verify signature whether correct. But when >>>>> saml >>>>> response include "<ds:Reference >>>>> URI="#s29c0153b613859ac1c788536d2a924d65e643b308" >>>>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>" >>>>> I got the error: >>>>> >>>>> >>>>> >>>>> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlX >>>>> Pt >>>>> rEval:error=5:libxml2 library function >>>>> failed:expr=xpointer(id('s29c0153b613859ac1c788536d2a924d65e643b308')) >>>>> >>>>> >>>>> func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj= >>>>> xm >>>>> lSecXPathDataExecute:error=1:xmlsec library function failed: >>>>> >>>>> >>>>> func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:sub >>>>> j= >>>>> xmlSecXPathDataExecute:error=1:xmlsec library function failed: >>>>> >>>>> >>>>> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2405:obj=xpoi >>>>> nt >>>>> er:subj=xmlSecTransformExecute:error=1:xmlsec library function failed: >>>>> >>>>> >>>>> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1236:obj=unkno >>>>> wn >>>>> :subj=xmlSecTransformPushXml:error=1:xmlsec library function >>>>> failed:transform=xpointer >>>>> >>>>> >>>>> func=xmlSecTransformCtxExecute:file=transforms.c:line=1296:obj=unknown: >>>>> su >>>>> bj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function >>>>> failed: >>>>> >>>>> >>>>> func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unk >>>>> no >>>>> wn:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function >>>>> failed: >>>>> >>>>> >>>>> func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unk >>>>> no >>>>> wn:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library >>>>> function failed:node=Reference >>>>> >>>>> >>>>> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unkn >>>>> ow >>>>> n:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library >>>>> function failed: >>>>> >>>>> >>>>> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSe >>>>> cD >>>>> SigCtxSigantureProcessNode:error=1:xmlsec library function failed: >>>>> Error: signature verification failed >>>>> >>>>> >>>>> I found the answer of similar issue from >>>>> http://www.aleksey.com/xmlsec/faq.html >>>>> >>>>> So I add the DTD: >>>>> >>>>> <!DOCTYPE test [ >>>>> <!ATTLIST ds:Reference URI ID #IMPLIED> >>>>> ]> >>>>> >>>>> But it doesn't work. Someone can help me out. >>>>> >>>>> Thanks in advance. >>>>> >>>>> >>>>> -Jeffrey >>>>> >>>>> >>>>> >>>>> _______________________________________________ >>>>> xmlsec mailing list >>>>> [email protected] >>>>> http://www.aleksey.com/mailman/listinfo/xmlsec >>>>> >>> > _______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
