<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-2">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
</head>
<body dir="ltr">
<div id="divtagdefaultwrapper" style="font-size: 12pt; color: rgb(0, 0, 0); font-family: Calibri, Helvetica, sans-serif, "EmojiFont", "Apple Color Emoji", "Segoe UI Emoji", NotoColorEmoji, "Segoe UI Symbol", "Android Emoji", EmojiSymbols;" dir="ltr">
<p>Right, so it cannot be done this way. Thank you!</p>
<p><br>
</p>
<p>I also tried to put the Signature element into ds: namespace, but then the sign tool failed again. It turned out the removing the cb: namespace from the parent element of the ds:Signature node solves the problem. I saw <span>xmlSecDSigNs</span> variable
hardcoded in libxmlsec not only when finding the Signature node, but also later in the transformation chain. May I ask if that is mandatory to be that way, or I can change the search namespace (by changing that constant) to the relative one written in our
standard. I should then recompile of course the whole lib which I've done before.<br>
</p>
<p><br>
</p>
<p>Bests, Adam<br>
</p>
<p><br>
</p>
<p><br>
</p>
<br>
<br>
<div style="color: rgb(0, 0, 0);">
<div>
<hr tabindex="-1" style="display:inline-block; width:98%">
<div id="x_divRplyFwdMsg" dir="ltr"><font style="font-size:11pt" face="Calibri, sans-serif" color="#000000"><b>Feladó:</b> Aleksey Sanin <aleksey@aleksey.com><br>
<b>Elküldve:</b> 2020. június 4. 17:09<br>
<b>Címzett:</b> Kiss Ádám; xmlsec@aleksey.com<br>
<b>Tárgy:</b> Re: [xmlsec] Signing with root element not having namespace</font>
<div> </div>
</div>
</div>
<font size="2"><span style="font-size:10pt;">
<div class="PlainText">In xmndsig-core-schema.xsd, there is targetNamespace defined:<br>
<br>
targetNamespace="<a href="http://www.w3.org/2000/09/xmldsig#" id="LPlnk326634" previewremoved="true">http://www.w3.org/2000/09/xmldsig#</a>"<br>
<br>
Which places ALL entities (types, elements, ...) from this schema<br>
into this namespace (including Signature node itself).<br>
<br>
In XYZBlock.xsd, the same Signature element is redefined for no<br>
obvious reasons as<br>
<br>
<xs:element name="Signature" type="ds:SignatureType"/><br>
<br>
This should be replaced with something like this to reference the<br>
Signature element defined in xmldsig spec:<br>
<br>
<xs:element ref="ds:Signature"/><br>
<br>
As it stands right now, this is not an xmldsig compatible construct.<br>
<br>
Hope this helps,<br>
<br>
Aleksey<br>
<br>
On 6/4/20 3:57 AM, Kiss Ádám wrote:<br>
> Thank you for your answer!<br>
> <br>
> <br>
> Unfortunately the standard is not public, but obfuscated version should <br>
> be okay for investigation. I've attached the XSDs the standard specify. <br>
> The XML I sent you earlier is just our interpretation, can be changed.<br>
> <br>
> <br>
> Do you have any idea we can go on?<br>
> <br>
> <br>
> Bests, Adam<br>
> <br>
> <br>
> <br>
> ------------------------------------------------------------------------<br>
> *Feladó:* Aleksey Sanin <aleksey@aleksey.com><br>
> *Elküldve:* 2020. június 3. 17:39<br>
> *Címzett:* Kiss Ádám; xmlsec@aleksey.com<br>
> *Tárgy:* Re: [xmlsec] Signing with root element not having namespace<br>
> Indeed in your XML file the Signature node doesn't have the correct<br>
> namespace:<br>
> <br>
> <Signature xmlns:ds="<a href="http://www.w3.org/2000/09/xmldsig#" id="LPlnk141975" previewremoved="true">http://www.w3.org/2000/09/xmldsig#</a>"><br>
> <br>
> Is this standard publically available somewhere? This doesn't look<br>
> right to me.<br>
> <br>
> Aleksey<br>
> <br>
> On 6/3/20 7:50 AM, Kiss Ádám wrote:<br>
>> Hello!<br>
>> <br>
>> <br>
>> I've been using your lib for a long time with many success!<br>
>> <br>
>> <br>
>> Now I got a task which I cannot handle with my skills. I've attached a <br>
>> simplified version of the XML.<br>
>> <br>
>> <br>
>> The main problem is that an industry standard determines the whole <br>
>> structure of the XML in this application including the namespaces. When <br>
>> I tried to sign it with the standard method in the doc I got the error: <br>
>> 'node not found'. It turned out xmlsecGetNodeNSHref sees the <Signature> <br>
>> block with (null) namepspace, which doesn't fit xmlsec's requirement. <br>
>> Changing xmlSecFindNode to ignore the (null) namespace helped for a <br>
>> short time, but some function calls later a similar error was found in <br>
>> xmlSecFindParent. After getting over again C14N failed. I am not sure if <br>
>> that (null) is the problem during the canonization.<br>
>> <br>
>> <br>
>> I cannot see that deep into the code. Could you help me out?<br>
>> <br>
>> <br>
>> Bests,<br>
>> <br>
>> Adam<br>
>> <br>
>> <br>
>> _______________________________________________<br>
>> xmlsec mailing list<br>
>> xmlsec@aleksey.com<br>
>> <a href="http://www.aleksey.com/mailman/listinfo/xmlsec" id="LPlnk184971" previewremoved="true">
http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
>> <br>
> <br>
> _______________________________________________<br>
> xmlsec mailing list<br>
> xmlsec@aleksey.com<br>
> <a href="http://www.aleksey.com/mailman/listinfo/xmlsec" id="LPlnk496548" previewremoved="true">
http://www.aleksey.com/mailman/listinfo/xmlsec</a><br>
> <br>
</div>
</span></font></div>
</div>
</body>
</html>