Re: [xmlsec] Signing with root element not having namespace

Thu, 04 Jun 2020 03:58:26 -0700 

Thank you for your answer!


Unfortunately the standard is not public, but obfuscated version should be okay 
for investigation. I've attached the XSDs the standard specify. The XML I sent 
you earlier is just our interpretation, can be changed.


Do you have any idea we can go on?


Bests, Adam


________________________________
Feladó: Aleksey Sanin <[email protected]>
Elküldve: 2020. június 3. 17:39
Címzett: Kiss Ádám; [email protected]
Tárgy: Re: [xmlsec] Signing with root element not having namespace

Indeed in your XML file the Signature node doesn't have the correct
namespace:

<Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>

Is this standard publically available somewhere? This doesn't look
right to me.

Aleksey

On 6/3/20 7:50 AM, Kiss Ádám wrote:
> Hello!
>
>
> I've been using your lib for a long time with many success!
>
>
> Now I got a task which I cannot handle with my skills. I've attached a
> simplified version of the XML.
>
>
> The main problem is that an industry standard determines the whole
> structure of the XML in this application including the namespaces. When
> I tried to sign it with the standard method in the doc I got the error:
> 'node not found'. It turned out xmlsecGetNodeNSHref sees the <Signature>
> block with (null) namepspace, which doesn't fit xmlsec's requirement.
> Changing xmlSecFindNode to ignore the (null) namespace helped for a
> short time, but some function calls later a similar error was found in
> xmlSecFindParent. After getting over again C14N failed. I am not sure if
> that (null) is the problem during the canonization.
>
>
> I cannot see that deep into the code. Could you help me out?
>
>
> Bests,
>
> Adam
>
>
> _______________________________________________
> xmlsec mailing list
> [email protected]
> http://www.aleksey.com/mailman/listinfo/xmlsec
>

Attachment: XYZBlock.xsd
Description: XYZBlock.xsd

Attachment: xmldsig-core-schema.xsd
Description: xmldsig-core-schema.xsd

Attachment: Message.xsd
Description: Message.xsd

<?xml version="1.0" encoding="UTF-8"?>
<EventMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:cb="XYZBlock" xsi:noNamespaceSchemaLocation="Message.xsd">
  <Header>
    <Verb>created</Verb>
    <Noun>Block</Noun>
    <Revision>1.0</Revision>
    <Timestamp>2020-06-03T10:38:51Z</Timestamp>
    <Source>http://192.168.0.100:8092</Source>
    <MessageID>69420</MessageID>
    <Target>http://17.6.16.6:8092</Target>
  </Header>
  <Payload>
    <cb:XYZBlock xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:noNamespaceSchemaLocation="XYZBlock.xsd">
      <XYZ>
	<FREQ>45</FREQ>
        <DID>2</DID>
        <Location>
          <Latitude>0.000000</Latitude>
          <Longitude>0.000000</Longitude>
        </Location>
      </XYZ>
      <Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
          <ds:Reference URI="">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <ds:DigestValue/>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue/>
        <ds:KeyInfo>
          <ds:KeyValue/>
        </ds:KeyInfo>
      </Signature>
    </cb:XYZBlock>
    <Format>XML</Format>
  </Payload>
</EventMessage>

<?xml version="1.0" encoding="UTF-8"?>
<EventMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:cb="XYZBlock" xsi:noNamespaceSchemaLocation="Message.xsd">
  <Header>
    <Verb>created</Verb>
    <Noun>Block</Noun>
    <Revision>1.0</Revision>
    <Timestamp>2020-06-03T10:38:51Z</Timestamp>
    <Source>http://192.168.0.100:8092</Source>
    <MessageID>69420</MessageID>
    <Target>http://17.6.16.6:8092</Target>
  </Header>
  <Payload>
    <cb:XYZBlock xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:noNamespaceSchemaLocation="XYZBlock.xsd">
      <XYZ>
	<FREQ>45</FREQ>
        <DID>2</DID>
        <Location>
          <Latitude>0.000000</Latitude>
          <Longitude>0.000000</Longitude>
        </Location>
      </XYZ>
      <Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
          <ds:Reference URI="">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <ds:DigestValue/>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>abcd</ds:SignatureValue>
        <ds:KeyInfo>
          <ds:KeyValue>
            <ds:RSAKeyValue>
              <ds:Modulus>abcd</ds:Modulus>
              <ds:Exponent>abcd</ds:Exponent>
            </ds:RSAKeyValue>
          </ds:KeyValue>
        </ds:KeyInfo>
      </Signature>
    </cb:XYZBlock>
    <Format>XML</Format>
  </Payload>
</EventMessage>

Attachment: BaseTypes.xsd
Description: BaseTypes.xsd

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to