[xmlsec] Signing a batch of signed elements
Aleksey Sanin
aleksey at aleksey.com
Mon Nov 16 08:54:02 PST 2009
This sounds wrong:
expr=xpointer(id('1'))
Aleksey
Marcus Pereira wrote:
> I need to feed a government system that requires a signed xml that
> contains a batch of signed xml elements.
>
> After signing the elements and building the final batch file xmlsec1
> fails to sign it.
>
> It seems xmlsec1 is getting confused about the many "<Signature>"
> elements in the xml. Although I think I am telling it what is the right
> chain to sign the error shows a xpointer to the first signature element
> and not the last one (the one the node-id refers).
>
> How can I solve this?
>
> Thanks for any help.
> Marcus Pereira
>
> My command:
> ---------------------------------------
> $ xmlsec1 sign --pwd "xxxxxx" --id-attr:Id BatchObjects --node-id
> "batch1" --privkey-pem mykey.pem batch_obj_tmpl.xml
> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2
> library function failed:expr=xpointer(id('1'))
> func=xmlSecXPathDataListExecute:file=xpath.c:line=356:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec
> library function failed:
> func=xmlSecTransformXPathExecute:file=xpath.c:line=466:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec
> library function failed:
> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2371:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec
> library function failed:
> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1207:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec
> library function failed:transform=xpointer
> func=xmlSecTransformCtxExecute:file=transforms.c:line=1267:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec
> library function failed:
> func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec
> library function failed:
> func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec
> library function failed:node=Reference
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec
> library function failed:
> func=xmlSecDSigCtxSign:file=xmldsig.c:line=303:obj=unknown:subj=xmlSecDSigCtxSigantureProcessNode:error=1:xmlsec
> library function failed:
> Error: signature failed
> Error: failed to sign file "batch_obj_tmpl.xml"
> ---------------------------------------
>
> My Template:
> ---------------------------------------
> <?xml version="1.0"?>
> <SendBatch xmlns="http://www.somelink.org/xsdlink.xsd">
> <BatchObjects Id="batch1" version="1.00">
> <BatchNumber>1</BatchNumber>
> <SenderId>09812</SenderId>
> <ObjectsCount>2</ObjectsCount>
> <ObjectsList>
> <Object>
> <InfObject Id="1">
> <Name>Object Example 1</Name>
> <Status>1</Status>
> <ObjectData>
> <ObjDat1>
> <MoreData>Test 1 Test 1 Test 1</MoreData>
> </ObjDat1>
> </ObjectData>
> </InfObject>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
> Id="Sig_Object:1">
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="#1">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue>/xxx...DigestData2...xxx</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>/xxx...SignatureData2...xxx</SignatureValue>
> <KeyInfo>
> <X509Data>
> <X509Certificate>MIIX509CertificateData</X509Certificate>
> </X509Data>
> </KeyInfo>
> </Signature>
> </Object>
> <Object>
> <InfObject Id="2">
> <Name>Object Example 2</Name>
> <ObjectData>
> <ObjDat1>
> <MoreData>Test 2 Test 2 Test 2</MoreData>
> </ObjDat1>
> </ObjectData>
> </InfObject>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
> Id="Sig_Object:2">
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="#2">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue>/xxx...DigestData2...xxx</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>/xxx...SignatureData2...xxx</SignatureValue>
> <KeyInfo>
> <X509Data>
> <X509Certificate>MIIX509CertificateData</X509Certificate>
> </X509Data>
> </KeyInfo>
> </Signature>
> </Object>
> </ObjectsList>
> </BatchObjects>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="Sig_Batch1">
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="#batch1">
> <Transforms>
> <Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue/>
> </Reference>
> </SignedInfo>
> <SignatureValue/>
> <KeyInfo>
> <X509Data>
> <X509Certificate>MIIX509CertificateData</X509Certificate>
> </X509Data>
> </KeyInfo>
> </Signature>
> </SendBatch>
> ---------------------------------------
>
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
More information about the xmlsec
mailing list