[xmlsec] xpath question
Rob Cronin
rmc24 at cornell.edu
Sun Apr 13 12:51:58 PDT 2003
Hi Aleksy,
I've been working with the interoperability if you remember, and I hit a
brick wall, I think it may be due to my lacking of understanding exactly how
your or LibXml's xpath works when searching for a Reference in a document.
Below is the document, where I'm searching for
<<<<<<<
<Reference URI="#Id-dcfe14b7-f2e6-4869-8614-b7d8718115ae">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>p7Jp5FT3yGu545BSbdYKHkNxdzk=</DigestValue>
</Reference>
>>>>>>
which is located outside of the tag that contains all of the signature
information
<<<<<<
<soap:Body xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
wsu:Id="Id-dcfe14b7-f2e6-4869-8614-b7d8718115ae">
<Call
xmlns="http://asp.asp.cornell.edu/cgi-bin/rmc24/arithmeticsecure.cgi">
<sleep_for>1</sleep_for>
<y>3</y>
<x>4</x>
</Call>
</soap:Body>
>>>>>>
I think that may be the problem. Because if I move the body to a place
inside of the <Signature> element tag, it finds the reference fine. Can you
think of anything that I could look at in order to get the context to start
looking at the root node of the document
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
Thanks so much, below is the error I get, and the document I'm trying to
verify.
Rob Cronin
Here is the error
>>>>>>>>>>>
$ apps/xmlsec verify --trusted CAcert.pem soapreq
func=xmlSecXPathDataExecute:file=xpath.c:line=253:obj=unknown:subj=xmlXPtrEv
al:error=4:xml operation failed:
func=xmlSecXPathDataListExecute:file=xpath.c:line=336:obj=unknown:subj=xmlSe
cXPathDataExecute:error=2:xmlsec operation failed:
func=xmlSecTransformXPathExecute:file=xpath.c:line=446:obj=xpointer:subj=xml
SecXPathDataExecute:error=2:xmlsec operation failed:
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=1997:obj=xpointer:
subj=xmlSecTransformExecute:error=2:xmlsec operation failed:
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=966:obj=unknown:sub
j=xmlSecTransformPushXml:error=2:xmlsec operation failed:transform=xpointer
func=xmlSecTransformCtxExecute:file=transforms.c:line=1017:obj=unknown:subj=
xmlSecTransformCtxXmlExecute:error=2:xmlsec operation failed:
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1414:obj=unknown:
subj=xmlSecTransformCtxExecute:error=2:xmlsec operation failed:
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=695:obj=unknown:
subj=xmlSecDSigReferenceCtxProcessNode:error=2:xmlsec operation
failed:node=Reference
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=436:obj=unknown:s
ubj=xmlSecDSigCtxProcessSignedInfoNode:error=2:xmlsec operation failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=245:obj=unknown:subj=xmlSecDSig
CtxSigantureProcessNode:error=2:xmlsec operation failed:
Error: signature failed
ERROR
SignedInfo References (ok/all): 0/1
Manifests References (ok/all): 0/0
Error: failed to verify file "soapreq"
>>>>>>>>>
Below is the document soapreq. There is a lot of stuff in there, but in
particular the Reference to the Soap:Body is what I'm interested in solving.
>>>>>>>>>>>>>>>
<?xml version="1.0" encoding="utf-8"?>
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema">
<soap:Header>
<wsrp:path xmlns:wsrp="http://schemas.xmlsoap.org/rp"
soap:actor="http://schemas.xmlsoap.org/soap/actor/next"
soap:mustUnderstand="1">
<wsrp:action xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
wsu:Id="Id-52149406-7642-4b92-8906-51a79418e107">http://asp.asp.cornell.edu/
cgi-bin/rmc24/arithmetics
ecure.cgi#Call</wsrp:action>
<wsrp:to xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
wsu:Id="Id-cafe6401-7840-4ac0-8afd-028113954c19">http://asp00.asp.cornell.ed
u/cgi-bin/rmc24/arithmeticsec
ure.cgi</wsrp:to>
<wsrp:id xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
wsu:Id="Id-aaf4032b-934e-466c-88fe-7cdd4873092d">uuid:ff7c70d6-6458-4460-b5a
4-e0838c3d1747</wsrp:id>
</wsrp:path>
<wsu:Timestamp
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<wsu:Created
wsu:Id="Id-baed3f84-7b45-4fa0-ab79-188256154149">2003-03-12T01:14:59Z</wsu:C
reated>
<wsu:Expires
wsu:Id="Id-850cbfd2-a57b-47aa-9721-f0fc152f63bf">2003-03-12T01:19:59Z</wsu:E
xpires>
</wsu:Timestamp>
<wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"
soap:mustUnderstand="1">
<wsse:BinarySecurityToken
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
ValueType="wsse:X509v3" EncodingType="wsse:Base64Binary"
wsu:Id="SecurityToken-90e6d1e9-
57ce-43b2-8aec-83046d24f4ea">MIICtTCCAh6gAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQs
wCQYDVQQGEwJHQjESMBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQ
KEw5NeSBDb21wYW55IEx0ZDAeF
w0wMzAzMTEyMDE3NDJaFw0wNDAzMTAyMDE3NDJaMEwxCzAJBgNVBAYTAkdCMRIwEAYDVQQIEwlCZ
XJrc2hpcmUxEDAOBgNVBAcTB05ld2J1cnkxFzAVBgNVBAoTDk15IENvbXBhbnkgTHRkMIGfMA0GC
SqGSIb3DQEBAQUAA4GNADCBiQK
BgQC60+wSVxPg2bczrYX/740dawc/fYE8L0bCqra1SCn0rtrxQDDcgWr7vcEWy122YjJ0J4AC82y
1HnQ4ZMIkWhFbrVXpNJQ3jtQucOuJPRpCi0Eum0rk69STtbrCpjgLQIg2jxTFqsHvlF8E5WgR3j7
XMcMoGSOHxl3kWl3bf3VOXwIDA
QABo4GmMIGjMB0GA1UdDgQWBBQXp5+FoZ5A80wPOAFZ+mJwvwrmrDB0BgNVHSMEbTBrgBQXp5+Fo
Z5A80wPOAFZ+mJwvwrmrKFQpE4wTDELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCUJlcmtzaGlyZTEQM
A4GA1UEBxMHTmV3YnVyeTEXMBU
GA1UEChMOTXkgQ29tcGFueSBMdGSCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQC
Ek3fhoPBsEoTGjGi1FcJ10j8NjgHnc6djiFWmbSaGhth+qeEHaV4MHEBJrX4ifiG/rgfxURqm5sq
375PNYZHrp7pUSi0Uxva858vGC
nTH0sZrQSZBLuPaX03S9R0eAkwbVGD938psOofIVeE/YIt/Jb60rlB9plaM4ZLGFcnEUw==</wss
e:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Id-dcfe14b7-f2e6-4869-8614-b7d8718115ae">
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>p7Jp5FT3yGu545BSbdYKHkNxdzk=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>dsqhwt3NqdT+h2PE+JNmYvSTA8RwifAExdnuhmNRYhyucwTUFX2ZNC97i+s8
iLOBHR1o/3sf8Pz19y3j4Nx/dzXqAs21xkcGQaFNGi0nf7beqPJv6R5pZm/ipadsmnDslOiu3eT6
kNKpyRRxmQZe1LeFte
YeEdjIaiODiSu63Kc=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>>MIICtTCCAh6gAwIBAgIBADANBgkqhkiG9w0BAQQFADBMMQswCQYDVQQGEw
JHQjESMBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdOZXdidXJ5MRcwFQYDVQQKEw5NeSBDb2
1wYW55IEx0ZDAeFw0w
MzAzMTEyMDE3NDJaFw0wNDAzMTAyMDE3NDJaMEwxCzAJBgNVBAYTAkdCMRIwEAYDVQQIEwlCZXJr
c2hpcmUxEDAOBgNVBAcTB05ld2J1cnkxFzAVBgNVBAoTDk15IENvbXBhbnkgTHRkMIGfMA0GCSqG
SIb3DQEBAQUAA4GNADCBiQKBgQ
C60+wSVxPg2bczrYX/740dawc/fYE8L0bCqra1SCn0rtrxQDDcgWr7vcEWy122YjJ0J4AC82y1Hn
Q4ZMIkWhFbrVXpNJQ3jtQucOuJPRpCi0Eum0rk69STtbrCpjgLQIg2jxTFqsHvlF8E5WgR3j7XMc
MoGSOHxl3kWl3bf3VOXwIDAQAB
o4GmMIGjMB0GA1UdDgQWBBQXp5+FoZ5A80wPOAFZ+mJwvwrmrDB0BgNVHSMEbTBrgBQXp5+FoZ5A
80wPOAFZ+mJwvwrmrKFQpE4wTDELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCUJlcmtzaGlyZTEQMA4G
A1UEBxMHTmV3YnVyeTEXMBUGA1
UEChMOTXkgQ29tcGFueSBMdGSCAQAwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQQFAAOBgQCEk3
fhoPBsEoTGjGi1FcJ10j8NjgHnc6djiFWmbSaGhth+qeEHaV4MHEBJrX4ifiG/rgfxURqm5sq375
PNYZHrp7pUSi0Uxva858vGCnTH
0sZrQSZBLuPaX03S9R0eAkwbVGD938psOofIVeE/YIt/Jb60rlB9plaM4ZLGFcnEUw==</X509Ce
rtificate>
</X509Data>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
wsu:Id="Id-dcfe14b7-f2e6-4869-8614-b7d8718115ae">
<Call
xmlns="http://asp.asp.cornell.edu/cgi-bin/rmc24/arithmeticsecure.cgi">
<sleep_for>1</sleep_for>
<y>3</y>
<x>4</x>
</Call>
</soap:Body>
</soap:Envelope>
More information about the xmlsec
mailing list