[xmlsec] Why won't this verify?

Rich Salz rsalz at datapower.com
Tue Nov 26 20:11:32 PST 2002


It looks like it's not finding the ID in the Reference/@URI.  Do I
need to load a DTD (hope not...)

This is a WS-Security signature using IBM's XSS4J.
I just used the commandline "xmlsec verify {filename}".

; xmlsec  verify xslbench3-xsl.verify-alice.ref
xmlSecTransformStateParseUri (transforms.c:1166): error 24: invalid nodes set : empty
xmlSecSignedInfoRead (xmldsig.c:1493): error 51: invalid reference :
= Status:
== Signatures ok: 0
== Signatures fail: 1
== SignedInfo Ref ok: 0
== SignedInfo Ref fail: 1
== Manifest Ref ok: 0
== Manifest Ref fail: 0
FAIL
Error: operation failed

        /r$
-------------- next part --------------
<SOAP-ENV:Envelope xmlns:SOAP="http://schemas.xmlsoap.org/soap/envelope/" xmlns:SOAP-ENC="http://schemas.xmlsoap.org/soap/encoding/" xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
<SOAP:Header>
<wsse:Security>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Body">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>
Ohts6cbxKraprTz02IGW6u3/2Dk=
</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
YaOsTg9nM17S4pViA5Ftj9tXwhIU/jZhxhxZEtrLB0Ng5jlVw9qOQ1y53JKvHe/++DSysAkK
vd9U1ZIhiXAoHFqeNlyyoqqP26UvnZRVjHQq9hXyjOIVEJ3siZStCHggBtFJs9r8bM9ZMW0e
3IOqwNXIgUWrsT01N8nf0EPpGmY=
</SignatureValue>
<KeyInfo>
<KeyValue>
<RSAKeyValue>
<Modulus>
lCM9xfSsILue0HwE2XwiZiatJDaFxTdnGoET/2LR/k9wNH8gOoNDAEgJI0V+MGjgmS
/w6ZfpCMlIhY2w5LtrzSGUuPTguuoNNtWyCaQx61dvpzC/lw3ObUzoMjQl9na09wC/
UY49oLgCL1EC74vDY+7Hdjy/fIeMAikAl2zKTnc=
</Modulus>
<Exponent>
AQAB
</Exponent>
</RSAKeyValue>
</KeyValue>
<X509Data>
<X509IssuerSerial>
<X509IssuerName>
CN=Alice,O=DataPower,L=Cambridge,ST=MA,C=US
</X509IssuerName>
<X509SerialNumber>
0
</X509SerialNumber>
</X509IssuerSerial>
<X509SubjectName>
CN=Alice,O=DataPower,L=Cambridge,ST=MA,C=US
</X509SubjectName>
<X509Certificate>
MIICGDCCAYGgAwIBAgIBADANBgkqhkiG9w0BAQUFADBSMQswCQYDVQQGEwJVUzELMAkGA1UECBMC
TUExEjAQBgNVBAcTCUNhbWJyaWRnZTESMBAGA1UEChMJRGF0YVBvd2VyMQ4wDAYDVQQDEwVBbGlj
ZTAeFw0wMjExMjMwMTE1MzNaFw0xMjExMjMwMTE1MzNaMFIxCzAJBgNVBAYTAlVTMQswCQYDVQQI
EwJNQTESMBAGA1UEBxMJQ2FtYnJpZGdlMRIwEAYDVQQKEwlEYXRhUG93ZXIxDjAMBgNVBAMTBUFs
aWNlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCUIz3F9Kwgu57QfATZfCJmJq0kNoXFN2ca
gRP/YtH+T3A0fyA6g0MASAkjRX4waOCZL/Dpl+kIyUiFjbDku2vNIZS49OC66g021bIJpDHrV2+n
ML+XDc5tTOgyNCX2drT3AL9Rjj2guAIvUQLvi8Nj7sd2PL98h4wCKQCXbMpOdwIDAQABMA0GCSqG
SIb3DQEBBQUAA4GBAJBKfQN7hJZ2tNjLiZWpXaRyiTc80TDZhPZYsSAEMYJ13R4gcThuZuSkpr3q
xpdHotS8KhNn7FzVn/KtOnh1fqCGQQ6UfRiRAtEruhaBDI9jculwQRyzm7Ard7q5MLIIx3CKjaf1
2kN1mmEdHOitpfb+2LM/ksBIEaJ2MC5F0Jvi
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
</wsse:Security>
</SOAP:Header>
<SOAP-ENV:Body id="Body">
<xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" version="1.0">
<xsl:output encoding="utf-8"/>
<xsl:template match="PLAY">
<html>
<head>
<title>
<xsl:value-of select="/PLAY/TITLE"/>
</title>
</head>
<body>
<h1>
<xsl:value-of select="/PLAY/TITLE"/>
</h1>
<table>
<xsl:for-each select="//ACT">
<xsl:variable name="act" select="TITLE"/>
<xsl:for-each select="SCENE">
<xsl:value-of select="concat($act,' - ',TITLE,'   ')"/>
Has
<xsl:value-of select="count(.//SPEECH)"/>
speeches
with
an
average
of
<xsl:value-of select="round(count(.//LINE) div count(.//SPEECH))"/>
line(s)
each.
<br/>
</xsl:for-each>
</xsl:for-each>
</table>
</body>
</html>
</xsl:template>
</xsl:stylesheet>
</SOAP-ENV:Body>
</SOAP-ENV:Envelope>


More information about the xmlsec mailing list