[xmlsec] Transform not implemented?
non_given at msn.com
non_given at msn.com
Tue May 20 04:28:12 PDT 2003
I was trying to verify a signed XML document which includes
the following transform:
<Transform Algorithm="http://www.w3.org/2001/04/decrypt#" />
I get the following error:
xmlsec1 --verify testfile.xml
func=xmlSecTransformNodeRead:file=transforms.c:line=1472:obj=unknown:subj=xmlSecTransformIdsListFindByHref:error=1:xmlsec
library function failed:href=http://www.w3.org/2001/04/decrypt#
func=xmlSecTransformCtxNodesListRead:file=transforms.c:line=715:obj=unknown:subj=xmlSecTransformNodeRead:error=1:xmlsec
library function failed:node=Transform
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1447:obj=unknown:subj=xmlSecTransformCtxNodesListRead:error=1:xmlsec
library function failed:node=Transforms
func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
library function failed:node=Reference
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
library function failed:
func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
library function failed:
Error: signature failed
ERROR
SignedInfo References (ok/all): 0/1
Manifests References (ok/all): 0/0
Error: failed to verify file "testfile.xml"
Does this mean this transform has not been implemented in
xmlsec?
Details:
-----------------------
I notice this transform in some test files but they don't
appear to be in use by the test suite.
I didn't find the transform URL anywhere else in the source
distribution.
xmlsec1-1.0.1/test/merlin-xmlenc-five/decryption-transform.xml
xmlsec1-1.0.1/test/merlin-xmlenc-five/decryption-transform-except.xml
I'm using xmlsec1 1.0.1 (openssl)
OpenSSL 0.9.7b 10 Apr 2003
The transform comes from the following specification:
Specification: Web Services Security (WS-Security)
http://www-106.ibm.com/developerworks/library/ws-secure/
In particular the specification RECOMMENDS two additional
algorithms above and beyond
the ones required by the XML Signature specification.
http://www-106.ibm.com/developerworks/library/ws-secure/#subhead4.5.1
The two that it RECOMMENDS are:
Canonicalization, Exclusive XML Canonicalization,
http://www.w3.org/2001/10/xml-exc-c14n
Transformation, XML Decryption Transformation,
http://www.w3.org/2001/04/decrypt
Thanks!
More information about the xmlsec
mailing list