For cases like this, XML Dsig spec has Object elements:
https://www.w3.org/TR/xmldsig-core1/#sec-Object
That can be used to validate the digest w/o invalidating
the signature itself if something goes wrong.
Aleksey
On 11/30/20 8:46 AM, Timothy Legge wrote:
Hi Aleksey
That does make sense to me. I don't have full information about the
original XML file so I can't say if it was a problem with what was
provided to me. I am working on perl's XML::Sig and this case caught
me by surprise. I will need to get some more information on where and
how the file was generated.
Tim
On Mon, Nov 30, 2020 at 12:41 PM Aleksey Sanin <[email protected]> wrote:
Hi Tim,
I believe that technically inability to resolve a URI for a Reference
(e.g. ID in your case) should result in a failure for calculating digest
thus making the signature invalid.
Best,
Aleksey
On 11/25/20 7:31 PM, Timothy Legge wrote:
Hi
I recently had a file that had three signatures but one of the
References in the file did not point to anything in the XML file.
https://pastebin.com/raw/8TWV0AZW
What does one do with that? In my case I used the reference to look
for a matching node with the ID set to the value of the reference.
Since it was not in the file, I skipped processing that signature.
I know it's a little off topic for this list but I imagine you have
seen something similar before.
Tim
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
