[xmlsec] ref_id
Aleksey Sanin
aleksey@aleksey.com
Wed, 13 Aug 2003 08:41:42 -0700
This is a multi-part message in MIME format.
--------------040103060907050307040305
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
First of all, I would appreciate if you can use mailing list. This helps
to share knowledge :)
Now the error you have means that this particular URI type is not
allowed in current context
(if the error message is not enough you can look at the line 805 in
transforms.c). There is
a member "enabledReferenceUris" of xmlSecDSigCtx structure that
describes which URI
types are allowed. By default, it is set to allow *any* URI type. In
your case it is set to
something else. You either assigned a different value for this field
somewhere or I would
guess that you have not called xmlSecDSigCtxInitialize or
xmlSecDSigCtxCreate methods
to create the signature context and fill the structure with 0's instead.
Aleksey
Michiels Olivier wrote:
> Hi,
> I've added the code that register the id attribute to the verify
> function like this:
> if ((prototypeNode =
> xmlSecFindNode(xmlDocGetRootElement(doc),"Prototype","http://www.xkms.org/schema/xkms-2001-01-20"))
> == NULL) {
> fprintf(stderr,"Error: failed to retrieve the Prototype
> element\n");
> goto done;
> }
>
> if ((attr = xmlHasProp(prototypeNode,"Id")) == NULL) {
> fprintf(stderr,"Error: failed to find the attribute Id\n");
> goto done;
> }
> if (xmlAddID(NULL,doc,"Id",attr) == NULL) {
> fprintf(stderr,"Error: failed to add id\n");
> goto done;
> }
>
> This code works but when I try to verify the xml file I've this error:
> func=xmlSecTransformCtxSetUri:file=transforms.c:line=803:obj=unknown:subj=unknown:error=33:invalid
> URI type:uri=#refId_1
> func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1435:obj=unknown:subj=xmlSecTransformCtxSetUri:error=1:xmlsec
> library function failed:uri=#refId_1
> func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
> library function failed:node=Reference
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
> library function failed:
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
> library function failed:
> Error: signature verify
>
> The id is defined as below:
> <xkms:Prototype Id="refId_1">
> and referenced like this:
> <dsig:Reference URI="#refId_1">
>
> Where is my mistake, maybe I didn't understood well what you said.
>
> Olivier
> On Wed, 2003-08-13 at 11:56, Aleksey Sanin wrote:
>
>> /Take a look at src/xmltree.c file in xmlsec distribution. There is a
>> function
>> that registers ID attributes for <dsig:Signature/> or
>> <enc:EncryptedData/>
>> subtrees. Just search for "xmlAddID" in the file.
>>
>> Aleksey
>>
>>
>>
>>
>> Michiels Olivier wrote: /
>>
>>> / Me again,
>>> sorry but it's the first time I use the libxml2 librairy and your
>>> xmlsec librairy and I'm a little confused how to use some functions.
>>> You said that I can use the xmlAddId function to solve my problem,
>>> but I don't know how to use that function, how to initialize the
>>> xmlValidCtxtPtr parameter. I've check the doc of libxml2 but I
>>> didn't found something.
>>> You're help is really appreciated.
>>> /
>>
--------------040103060907050307040305
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: 8bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
<title></title>
</head>
<body text="#000000" bgcolor="#ffffff">
First of all, I would appreciate if you can use mailing list. This
helps to share knowledge :)<br>
Now the error you have means that this particular URI type is not
allowed in current context<br>
(if the error message is not enough you can look at the line 805 in
transforms.c). There is <br>
a member "enabledReferenceUris" of xmlSecDSigCtx structure that
describes which URI <br>
types are allowed. By default, it is set to allow *any* URI type. In
your case it is set to <br>
something else. You either assigned a different value for this field
somewhere or I would <br>
guess that you have not called xmlSecDSigCtxInitialize or
xmlSecDSigCtxCreate methods <br>
to create the signature context and fill the structure with 0's
instead. <br>
<br>
Aleksey<br>
<br>
<br>
Michiels Olivier wrote:<br>
<blockquote type="cite" cite="mid1060780101.29939.16.camel@Leenux">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="GENERATOR" content="GtkHTML/3.0.8">
Hi,<br>
I've added the code that register the id attribute to the verify
function like this:<br>
if ((prototypeNode =
xmlSecFindNode(xmlDocGetRootElement(doc),"Prototype",<a class="moz-txt-link-rfc2396E" href="http://www.xkms.org/schema/xkms-2001-01-20">"http://www.xkms.org/schema/xkms-2001-01-20"</a>))
== NULL) {<br>
fprintf(stderr,"Error: failed to retrieve the Prototype
element\n");<br>
goto done;<br>
}<br>
<br>
if ((attr = xmlHasProp(prototypeNode,"Id")) == NULL) {<br>
fprintf(stderr,"Error: failed to find the attribute Id\n");<br>
goto done;<br>
}<br>
if (xmlAddID(NULL,doc,"Id",attr) == NULL) {<br>
fprintf(stderr,"Error: failed to add id\n");<br>
goto done;<br>
}<br>
<br>
This code works but when I try to verify the xml file I've this error:<br>
func=xmlSecTransformCtxSetUri:file=transforms.c:line=803:obj=unknown:subj=unknown:error=33:invalid
URI type:uri=#refId_1<br>
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1435:obj=unknown:subj=xmlSecTransformCtxSetUri:error=1:xmlsec
library function failed:uri=#refId_1<br>
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
library function failed:node=Reference<br>
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
library function failed:<br>
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:<br>
Error: signature verify<br>
<br>
The id is defined as below:<br>
<xkms:Prototype Id="refId_1"><br>
and referenced like this:<br>
<dsig:Reference URI="#refId_1"><br>
<br>
Where is my mistake, maybe I didn't understood well what you said.<br>
<br>
Olivier<br>
On Wed, 2003-08-13 at 11:56, Aleksey Sanin wrote:
<blockquote type="CITE"> <i>Take a look at src/xmltree.c file in
xmlsec distribution. There is a function<br>
that registers ID attributes for <dsig:Signature/> or
<enc:EncryptedData/><br>
subtrees. Just search for "xmlAddID" in the file.<br>
<br>
Aleksey<br>
<br>
<br>
<br>
<br>
Michiels Olivier wrote: </i>
<blockquote type="CITE"><i> Me again,<br>
sorry but it's the first time I use the libxml2 librairy and your
xmlsec librairy and I'm a little confused how to use some functions.<br>
You said that I can use the xmlAddId function to solve my problem, but
I don't know how to use that function, how to initialize the
xmlValidCtxtPtr parameter. I've check the doc of libxml2 but I didn't
found something.<br>
You're help is really appreciated.<br>
</i><br>
</blockquote>
</blockquote>
</blockquote>
</body>
</html>
--------------040103060907050307040305--