[EGB] Re: [xmlsec] [Q.] verification fail (can not find <KeyInfo>)
EGB:STONEROSES@MATRIX (Blusjune Jung / Daum.net)
EGB:STONEROSES@MATRIX (Blusjune Jung / Daum.net)" <blusjune@daum.net
Sat, 11 Jan 2003 01:18:16 +0900
A. Sanin > As far as I can understand the spec,
A. Sanin >
A. Sanin > <dsig:RetrievalMethod
A. Sanin > Type="http://www.w3.org/2000/09/xmldsig#RSAKeyValue" .../>
A. Sanin > should point to <dsig:RSAKeyValue/> element.In your XML it points to
A. Sanin > <dsig:KeyInfo/>
A. Sanin > element which seems wrong to me. I would agree that the XML DSig is not
A. Sanin > fully clear
A. Sanin > here but I believe there was a disussion in XML DSig working group
A. Sanin > mailing list about this.
A. Sanin > However, I might be wrong and it'll be great to get second opinion on
A. Sanin > this. Rich?
A. Sanin >
A. Sanin > Aleksey
Hi~
Sorry for late reply to your mail. ^^;;
Let me talk about the above topic:
According to the XML-Signature Syntax and Processing document
of which version is W3C Recommendation 12 February 2002,
we can see the following statement in section 4.4.3:
4.4.3 The RetrievalMethod Element
A RetrievalMethod element within KeyInfo is used
to convey a reference to KeyInfo information that is stored at another location.
^^^^^^^^^^^^^^^^^^^^
So, I think that statement means the very target <RetrievalMethod/>
actually points can be <KeyInfo/> element.
The ``Type'' attribute value itself in <dsig:RetrievalMethod
Type="http://www.w3.org/2000/09/xmldsig#RSAKeyValue" .../> is to indicate
<RSAKeyValue/> element, but I think that is just to determine and notify
the type of sub(child) element in <KeyInfo/>, and (may) not to directly point
the <RSAKeyValue> element. (just was my thought. ^^)
What do you think about my opinion?
Have a nice weekend! :)
P.S.
Currently, I've got solved my problmatic situation by the quick-and-dirty way. :)
(Here's the output of diff(1) against the modified source (keyinfo.c))
$ diff -u keyinfo.c.original keyinfo.c
--- keyinfo.c.original Wed Jan 8 15:45:58 2003
+++ keyinfo.c Wed Jan 8 15:45:44 2003
@@ -551,7 +551,12 @@
keyName = NULL;
}
} else {
+ xmlNodePtr keyInfoNode = cur;
+
cur = xmlSecGetNextElementNode(cur->next);
+ if (cur == (xmlNodePtr)0) {
+ cur = xmlSecFindChild(keyInfoNode, BAD_CAST "KeyValue", xmlSecDSigNs);
+ }
}
}
if(keyName != NULL) {
--
To be a rock, and not to roll.
EGB ::= EternalGoldenBGE
BGE ::= Blusjune'sGotEGB
-x-x-[?]EGB:STONEROSES@MATRIX[!]-x-x-
| blusjune@EGBSD | ^_^ | stoneroses |
$ NAME=\
$ "Blusjune Jung <blusjune@daum.net>"
$ PGPKEYID="0x33067610"
-x-x-x Eternal Golden Blusjune x-x-x-