[xmlsec] xPath namespace issue

Brian McLaughlin brian.mclaughlin at latens.co.uk
Tue Apr 3 09:23:21 PDT 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

All,

I am having an issue I hope you could assist me on -

Following signing a document using xmlDSig I have a doc which looks as
follows:

<?xml version="1.0"?>
<1>
   <name>Brian</name>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference>
<Transforms>
<Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>EqdS4l71pUFiQDXyUBrp5f1+y9M=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>xKq1SiBwwnd7fSwEFQ9zNmu6apkk+B18QUaGTGFnlpKmMSo2lvNzTQbKpWewteVD
8vgSbiebBmmKndmqvaCxfLgk7Nr4d5Q0pmRsovgKHZsC11Nq5gV+ovmDRnGbhoAa
smFXJ1lHYIwoSbIOK0QWS1vBjX26Q2685tSJ4tkYldc=</SignatureValue>
<KeyInfo>
<X509Data>
<X509Certificate>MIID3zCCA0igAwIBAgIBKTANBgkqhkiG9w0BAQQFADCBoTELMAkGA1UEBhMCVUsx
GTAXBgNVBAgTEE5vcnRoZXJuIElyZWxhbmQxEDAOBgNVBAcTB0JlbGZhc3QxFzAV
BgNVBAoTDkxhdGVucyBTeXN0ZW1zMRMwEQYDVQQLEwpJVCBTdXBwb3J0MRIwEAYD
VQQDEwlSb290IENlcnQxIzAhBgwerqwer9w0BCQEWFGl0c3VwcG9ydEBsYXRlbnMu
Y29tMB4XDTA3MDEwMjE1MDcxM1oXDTE2MTIzMDE1MDcxM1owgZcxCzAJBgNVBAYT
AlVLMRkwFwYDVQQIExBOb3J0aGVybiBJcmVsYW5kMRcwFQYDVQQKEw5MYXRlbnMg
U3lzdGVtczEVMBMGA1UECxMMQXBwbGljYXRpb25zMRQwEgYDVQQDEwtTaW5lYWQg
S25veDEnMCUGCSqGSIb3DQEJARYYc2luZWFkLmtub3hAbGF0ZW5zLmNvLnVrMIGf
MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDU1GTEw0hZaLCgJCCmyIGKzRBNE28Q
CJEoqnz1yW3e24W2b0c5hrW4guEXNrmsYk0c/GrnYrqQADbgIsYxbr936b6HGHgY
u+qL+alFbI4fch5OfF0PTRZ+bj0qPwW8I8matL6v15e3E5SPoiS/h6QQeTeZAkz3
lRwfvVznKw9P2QIDAQABo4IBLTCCASkwCQYDVR0TBAIwADAsBglghkgBhvhCAQ0E
HxYdT3BlblNTTCBHZW5lcmF0ZWQgQ2VydGlmaWNhdGUwHQYDVR0OBBYEFPnvM9lc
Ib29ArY4uoiSEVjr8QKPMIHOBgNVHSMEgcYwgcOAFE6F18Q2eKXozaco1QrS0ubT
StBToYGnpIGkMIGhMQswCQYDVQQGEwJVSzEZMBcGA1UECBMQTm9ydGhlcm4gSXJl
bGFuZDEQMA4GA1UEBxMHQmVsZmFzdDEXMBUGA1UEChMOTGF0ZW5zIFN5c3RlbXMx
EzARBgNVBAsTCklUIFN1cHBvcnQxEjAQBgNVBAMTCVJvb3QgQ2VydDEjMCEGCSqG
SIb3DQEJARYUaXRzdXBwb3J0QGxhdGVucy5jb22CAQAwDQYJKoZIhvcNAQEEBQAD
gYEAHDZTx+czi8AroKtOKn7rituyFKtK2wM3yL/LVks0ds8osOXKcDXLDTH8CaNG
va//YxER1FTWnyonX6Khk4co1ddrV3jcdaY/+3qnWCer1WlKGszZbfd9jx7vupoK
nKjO/jEZE8UbVQGjyCFmjTtK4CL2PQ4wvXip2aLB7xP1zUI=</X509Certificate>
</X509Data>
</KeyInfo>
</Signature></1>


When I verify, I am aware that I will use the X509Certificate node for
verifying but I also want to parse the X509Certificate separately and
confirm it is the certificate I expect - the way I am doing this uses
XPath and I believed I could search for //X509Certificate however this
yields no results.


Below is the code for the test app that I am using to retrieve the node -


#include <cstdio>
#include <iostream>
#include <vector>
#include <string>
#include <libxml2/libxml/xpath.h>

std::vector<std::string> parseXMLFileForConfiguration (const
std::string & xmlConfigFile, const std::vector<std::string> & nodeList)
{
  xmlDocPtr doc;
  xmlXPathContextPtr context;
  xmlXPathObjectPtr result;
  xmlChar *xmlValue;
  std::vector<std::string> valueList;

  // Parse XML document
  xmlInitParser();

  doc = xmlParseFile( xmlConfigFile.c_str() );
  if (NULL == doc)
  {
    xmlCleanupParser();
  }

  context = xmlXPathNewContext(doc);
  if (NULL == context)
  {
    xmlFreeDoc(doc);
    xmlCleanupParser();
  }

  // Search for each tag
  for ( std::vector<std::string>::const_iterator iter =
nodeList.begin(); iter != nodeList.end(); iter++ )
  {
    result = xmlXPathEvalExpression( reinterpret_cast<const xmlChar
*>( iter->c_str() ), context);
    if (NULL == result)
    {
      std::cout << "Can't find the path" << std::endl;
      xmlXPathFreeContext(context);
      xmlFreeDoc(doc);
      xmlCleanupParser();
    }

    if ( result->nodesetval->nodeNr != 1 )
    {
      std::cout << std::string("Node number is") <<
result->nodesetval->nodeNr << std::endl;
      xmlXPathFreeObject(result);
      xmlXPathFreeContext(context);
      xmlFreeDoc(doc);
      xmlCleanupParser();
    }
    // Get Value
    xmlValue = xmlNodeListGetString(doc,
result->nodesetval->nodeTab[0]->children, 1);
    // Add to the list
    valueList.push_back( reinterpret_cast<const char *>(xmlValue) );
    // Clean up
    xmlFree(xmlValue);
    xmlXPathFreeObject(result);
  }

  xmlXPathFreeContext(context);
  xmlFreeDoc(doc);
  xmlCleanupParser();

  return valueList;
}


int main(int argc, char *argv[] )
{
  std::string xmlfile(argv[1]);

  std::string
searchPath("//latens/Signature[@xmlns=\"http://www.w3.org/2000/09/xmldsig#\"]/KeyInfo/X509Data/X509Certificate");

  std::vector<std::string> elementList;
  elementList.push_back(searchPath);

  std::vector<std::string> res = parseXMLFileForConfiguration
(xmlfile, elementList);

  std::cout << "XML out - "<< res[0] << std::endl;

  return 1;

}


Any help is greatly appreciated!

Thanks in advance,

Brian.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFGEn94x+Pka16x9kURAr54AJ0Qb6osFq55SN6kqYLWzymzObdebACeMoK6
z+/bmc73NU3Mz1XVpxYjnck=
=ooGg
-----END PGP SIGNATURE-----

More information about the xmlsec mailing list