Right, so it cannot be done this way. Thank you!
I also tried to put the Signature element into ds: namespace, but then the sign tool failed again. It turned out the removing the cb: namespace from the parent element of the ds:Signature node solves the problem. I saw xmlSecDSigNs variable hardcoded in libxmlsec not only when finding the Signature node, but also later in the transformation chain. May I ask if that is mandatory to be that way, or I can change the search namespace (by changing that constant) to the relative one written in our standard. I should then recompile of course the whole lib which I've done before. Bests, Adam ________________________________ Feladó: Aleksey Sanin <[email protected]> Elküldve: 2020. június 4. 17:09 Címzett: Kiss Ádám; [email protected] Tárgy: Re: [xmlsec] Signing with root element not having namespace In xmndsig-core-schema.xsd, there is targetNamespace defined: targetNamespace="http://www.w3.org/2000/09/xmldsig#"; Which places ALL entities (types, elements, ...) from this schema into this namespace (including Signature node itself). In XYZBlock.xsd, the same Signature element is redefined for no obvious reasons as <xs:element name="Signature" type="ds:SignatureType"/> This should be replaced with something like this to reference the Signature element defined in xmldsig spec: <xs:element ref="ds:Signature"/> As it stands right now, this is not an xmldsig compatible construct. Hope this helps, Aleksey On 6/4/20 3:57 AM, Kiss Ádám wrote: > Thank you for your answer! > > > Unfortunately the standard is not public, but obfuscated version should > be okay for investigation. I've attached the XSDs the standard specify. > The XML I sent you earlier is just our interpretation, can be changed. > > > Do you have any idea we can go on? > > > Bests, Adam > > > > ------------------------------------------------------------------------ > *Feladó:* Aleksey Sanin <[email protected]> > *Elküldve:* 2020. június 3. 17:39 > *Címzett:* Kiss Ádám; [email protected] > *Tárgy:* Re: [xmlsec] Signing with root element not having namespace > Indeed in your XML file the Signature node doesn't have the correct > namespace: > > <Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";> > > Is this standard publically available somewhere? This doesn't look > right to me. > > Aleksey > > On 6/3/20 7:50 AM, Kiss Ádám wrote: >> Hello! >> >> >> I've been using your lib for a long time with many success! >> >> >> Now I got a task which I cannot handle with my skills. I've attached a >> simplified version of the XML. >> >> >> The main problem is that an industry standard determines the whole >> structure of the XML in this application including the namespaces. When >> I tried to sign it with the standard method in the doc I got the error: >> 'node not found'. It turned out xmlsecGetNodeNSHref sees the <Signature> >> block with (null) namepspace, which doesn't fit xmlsec's requirement. >> Changing xmlSecFindNode to ignore the (null) namespace helped for a >> short time, but some function calls later a similar error was found in >> xmlSecFindParent. After getting over again C14N failed. I am not sure if >> that (null) is the problem during the canonization. >> >> >> I cannot see that deep into the code. Could you help me out? >> >> >> Bests, >> >> Adam >> >> >> _______________________________________________ >> xmlsec mailing list >> [email protected] >> http://www.aleksey.com/mailman/listinfo/xmlsec >> > > _______________________________________________ > xmlsec mailing list > [email protected] > http://www.aleksey.com/mailman/listinfo/xmlsec >
_______________________________________________ xmlsec mailing list [email protected] http://www.aleksey.com/mailman/listinfo/xmlsec
