<div dir="ltr">hi Aleksey,<br>Thanks for you reply.<br><br><div class="gmail_quote">On Thu, Oct 9, 2008 at 6:12 PM, Aleksey Sanin <span dir="ltr"><<a href="mailto:aleksey@aleksey.com">aleksey@aleksey.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">This error means that c14n data do not match. With xmlsec<br>
you can actually get a dump of c14n data right before digest<br>
is calculated (see xmlsec command line options for details).</blockquote><div>I run " xmlsec1 --verify --pubkey-cert-pem usercert.pem --id-attr:ID saml:Assertion --store-references assertion.xml" and get the following output.<br>
</div><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;"><br>
Get the same dump from the signer and compare.</blockquote><div><br>How can I do?<br><br>Thanks a lot<br>Weizhong Qiang<br> <br><br><br>*********************<br>xmlsec1 --verify --pubkey-cert-pem usercert.pem --id-attr:ID saml:Assertion --store-references assertion.xml <br>
func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 library function failed:expr=xpointer(id('_0017db74-c5ca-4860-bf7b-cf58f00000d0'))<br>func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed: <br>
func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed: <br>func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec library function failed: <br>
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:transform=xpointer<br>func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed: <br>
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1568:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed: <br>func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:node=Reference<br>
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec library function failed: <br>func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec library function failed: <br>
Error: signature failed <br>ERROR<br>SignedInfo References (ok/all): 0/1<br>Manifests References (ok/all): 0/0<br>= VERIFICATION CONTEXT<br>== Status: unknown<br>== flags: 0x00000006<br>== flags2: 0x00000000<br>== Key Info Read Ctx:<br>
= KEY INFO READ CONTEXT<br>== flags: 0x00000000<br>== flags2: 0x00000000<br>== enabled key data: all<br>== RetrievalMethod level (cur/max): 0/1<br>== TRANSFORMS CTX (status=0)<br>== flags: 0x00000000<br>== flags2: 0x00000000<br>
== enabled transforms: all<br>=== uri: NULL<br>=== uri xpointer expr: NULL<br>== EncryptedKey level (cur/max): 0/1<br>=== KeyReq:<br>==== keyId: NULL<br>==== keyType: 0x00000000<br>==== keyUsage: 0xffffffff<br>==== keyBitsSize: 0<br>
=== list size: 0<br>== Key Info Write Ctx:<br>= KEY INFO WRITE CONTEXT<br>== flags: 0x00000000<br>== flags2: 0x00000000<br>== enabled key data: all<br>== RetrievalMethod level (cur/max): 0/1<br>== TRANSFORMS CTX (status=0)<br>
== flags: 0x00000000<br>== flags2: 0x00000000<br>== enabled transforms: all<br>=== uri: NULL<br>=== uri xpointer expr: NULL<br>== EncryptedKey level (cur/max): 0/1<br>=== KeyReq:<br>==== keyId: NULL<br>==== keyType: 0x00000001<br>
==== keyUsage: 0xffffffff<br>==== keyBitsSize: 0<br>=== list size: 0<br>== Signature Transform Ctx:<br>== TRANSFORMS CTX (status=0)<br>== flags: 0x00000000<br>== flags2: 0x00000000<br>== enabled transforms: all<br>=== uri: NULL<br>
=== uri xpointer expr: NULL<br>=== Transform: exc-c14n (href=<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br>=== Transform: rsa-sha1 (href=<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>)<br>
== Signature Method:<br>=== Transform: rsa-sha1 (href=<a href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">http://www.w3.org/2000/09/xmldsig#rsa-sha1</a>)<br>== SignedInfo References List:<br>=== list size: 1<br>= REFERENCE VERIFICATION CONTEXT<br>
== Status: unknown<br>== URI: "#_0017db74-c5ca-4860-bf7b-cf58f00000d0"<br>== Reference Transform Ctx:<br>== TRANSFORMS CTX (status=1)<br>== flags: 0x00000000<br>== flags2: 0x00000000<br>== enabled transforms: all<br>
=== uri: <br>=== uri xpointer expr: #_0017db74-c5ca-4860-bf7b-cf58f00000d0<br>=== Transform: xpointer (href=<a href="http://www.w3.org/2001/04/xmldsig-more/xptr">http://www.w3.org/2001/04/xmldsig-more/xptr</a>)<br>=== Transform: enveloped-signature (href=<a href="http://www.w3.org/2000/09/xmldsig#enveloped-signature">http://www.w3.org/2000/09/xmldsig#enveloped-signature</a>)<br>
=== Transform: exc-c14n (href=<a href="http://www.w3.org/2001/10/xml-exc-c14n#">http://www.w3.org/2001/10/xml-exc-c14n#</a>)<br>=== Transform: membuf-transform (href=NULL)<br>=== Transform: sha1 (href=<a href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>
=== Transform: membuf-transform (href=NULL)<br>== Digest Method:<br>=== Transform: sha1 (href=<a href="http://www.w3.org/2000/09/xmldsig#sha1">http://www.w3.org/2000/09/xmldsig#sha1</a>)<br>== Manifest References List:<br>
=== list size: 0<br>Error: failed to verify file "assertion.xml"<br><br></div></div><br></div>