[xmlsec] Read FAQ 3.4 (XPointer) but still cannot seem to get
things to work......
Steve
scullum at nildram.co.uk
Sun May 15 03:40:11 PDT 2005
Hi
I know this has been covered in the FAQ and I have read the mailing lists
but I have the classic XPointer() problem detailed in Section 3.4
I have been given a document generated using the Verisign TSIK SDK which
unfortunately I cannot modify and xmlsec refuses to parse it. If I replace
the referenced URI from
<ds:Reference URI="#wsse-c26651c0-c209-11d9-9834-e9a275261f99">
With
<ds:Reference URI="">
the document is parsed and fails validation of the signature (makes sense).
I have read the FAQ several times and tried various combinations of using
the --id-attr argument, but I still cannot get past this problem. I have
also downloaded the http://schemas.xmlsoap.org/soap/envelope/
<http://schemas.xmlsoap.org/soap/envelope/> (renamed it to schema.xml) and
tried using
--verify --dtd-file schema.xml myfile.xml
This fails with the error [failed to parse dtd file "schema.xml"], so I
presume I am doing something completely wrong here.
Can somebody please point me in the right direction..
** The document pasted below is my problematic document,it has been run
through [xmllint --format] and the data has been <removed> so it will fail
verification.**
<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soapenv:Header>
<wsse:Security
xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext">
<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
<ds:Reference URI="#wsse-c26651c0-c209-11d9-9834-e9a275261f99">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>+G19/tWZSlCS894TQvdJYrVsb+4=</ds:DigestValue>
</ds:Reference>
<ds:Reference URI="#wsse-c26121a0-c209-11d9-9834-e9a275261f99">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>4B9ZewNptVgz0MpJBpaoI6b0Oks=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>MCwCFFiTYY7/B+tYizrqccMZJKVQC6RyAhQUoVXtXfNUVEFZlaE3USajTEqUzQ==</ds:SignatureValue>
</ds:Signature>
</wsse:Security>
<wsu:Timestamp
xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
<wsu:Created
wsu:Id="wsse-c26121a0-c209-11d9-9834-e9a275261f99">2005-05-11T10:45:15Z</wsu:Created>
</wsu:Timestamp>
</soapenv:Header>
<soapenv:Body xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"
wsu:Id="wsse-c26651c0-c209-11d9-9834-e9a275261f99">
<ns1:secountResponse xmlns:ns1="MYSOAPSERVER"
soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<secountReturn xsi:type="xsd:string">
<secount_results>
<disclaimer><REMOVED></disclaimer>
<header>
<REMOVED>
</header>
<results>
<REMOVED>
</results>
</secount_results>
</secountReturn>
</ns1:secountResponse>
</soapenv:Body>
</soapenv:Envelope>
>
More information about the xmlsec
mailing list