[xmlsec] Missing namespace in keyinfo from
xmlSecTmplSignatureEnsureKeyInfo ?
Sylvain MEILARD
sylvain at meduse.homelinux.net
Tue Jul 12 10:30:50 PDT 2005
Hello !
Here is your (modified) sample code, with the th (modified) template i used
(attached to this mail).
I cretaed quickly a private key with the following command :
openssl req -x509 -new
, removed th passphrase with :
openssl rsa -in privkey privatekey.pem -out key.pem
Here is the full output i get :
Error: no namespace for keyInfo !!:
Error: Still no namespace for keyInfo !!:
<?xml version="1.0" encoding="UTF-8"?>
<!--
XML Security Library example: Simple signature template file for sign1 example.
-->
<Envelope xmlns="urn:envelope">
<Data>
Hello, World!
</Data>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="">
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>9H/rQr2Axe9hYTV2n/tCp+3UIQQ=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>JJ/qZpTE+Tx9Yq1qYhPvYN9jFhGdQstDTZ7BPa2D5xSgxH8+Yx2JxGBL5iL/9Ycf
VM9meZrHt6MyHv/cEUnDOkO6qBW5+r0jXQJSN7dkABrnQRdepAKHsAFx+lXE96lJ
cu5chSQ3Kiv+IArUuPKSLo8YUckQG89IbyIPSJgYiII=</SignatureValue>
<KeyInfo>
<X509Data/>
</KeyInfo>
</Signature>
</Envelope>
Of course, the "Signature" tag has a default namespace, so it should be ok,
but when i try to validate a similar document with xmlSchemaValidateDoc()
In my real code, i added something like that :
///////////////////////////////////////////////////////
enfants = signature->xmlChildrenNode;
while (enfants) {
if ( enfants && enfants->name && enfants->ns )
printf ( "TAG %s : namespace : %s\n", enfants->name ,
enfants->ns->href);
else
printf ( "TAG %s : namespace : NONE !!!\n", enfants->name );
enfants = enfants->next;
}
///////////////////////////////////////////////////////
and i get that on the output :
TAG text : namespace : NONE !!!
TAG SignedInfo : namespace : http://www.w3.org/2000/09/xmldsig#
TAG text : namespace : NONE !!!
TAG SignatureValue : namespace : http://www.w3.org/2000/09/xmldsig#
TAG text : namespace : NONE !!!
TAG KeyInfo : namespace : NONE !!!
TAG text : namespace : NONE !!!
element KeyInfo: Schemas validity error : Element 'KeyInfo': This element is
not expected. Expected is one of (
{http://www.w3.org/2000/09/xmldsig#}KeyInfo,
{http://www.w3.org/2000/09/xmldsig#}Object ).
So what i don't understand is why SignedInfo and SignatureValue tags have a
good namespace and not the KeyInfo tag ?
regards,
sylvain
>
>>
>> When i run sign1, i got the following result :
>> Error: no namespace for keyInfo !!:
>> Error: Still no namespace for keyInfo !!:
>> <?xml version="1.0" encoding="UTF-8"?>
>> <!--
>> XML Security Library example: Simple signature template file for sign1
>> example.
>> -->
>> ....
>> ....
>> <SignatureValue>JJ/qZpTE+Tx9Yq1qYhPvYN9jFhGdQstDTZ7BPa2D5xSgxH8+Yx2JxGBL5iL/9Ycf
>> VM9meZrHt6MyHv/cEUnDOkO6qBW5+r0jXQJSN7dkABrnQRdepAKHsAFx+lXE96lJ
>> cu5chSQ3Kiv+IArUuPKSLo8YUckQG89IbyIPSJgYiII=</SignatureValue>
>> <KeyInfo>
>> <X509Data/>
>> </KeyInfo>
>> </Signature>
>> </Envelope>
>>
>> So i see that :
>> my keyinfo tag as been added to the xml, but without any namespace :-(
> Can you attach the *whole* document, please? Namespace might be
> declared in the parent and I would guess that in this case it
> was declared in the Signature node.
>
>
>> If the namespace is not set, validation of my document with xml schema won't
>> work. Of course, i could set it manually, but i sure i missed something,
>> because namespace is set in all the othe tag, and what i see in the code let
>> me think it should be set even for keyinfo...
>>
> Again, will you mind to attach the whole document, please?
>
>
> Aleksey
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sign1-tmpl.xml
Type: text/xml
Size: 799 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20050712/72282f9c/sign1-tmpl-0002.xml
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sign1.c
Type: text/x-csrc
Size: 5771 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20050712/72282f9c/sign1-0002.bin
More information about the xmlsec
mailing list