[xmlsec] WSSE signature validation fails

Aleksey Sanin aleksey at aleksey.com
Wed Aug 22 08:36:33 PDT 2018 

Section 3.2 from the FAQ if I recall correctly.

Aleksey

On 8/21/18 1:24 PM, Tomer Azran wrote:
> Hello,
> 
> We are trying to use xmlsec1 utility in order to verify a soap response 
> with a <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> element.
> 
> This is the KeyInfo element in the soap envelope (I removed the actual 
> key identifier data):
> 
> <KeyInfo>
> 
>                  <wsse:SecurityTokenReference xmlns="">
> 
>                                  <wsse:KeyIdentifier 
> ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509SubjectKeyIdentifier" 
> EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary">[BASE64 
> STRING]</wsse:KeyIdentifier>
> 
>                  </wsse:SecurityTokenReference>
> 
> </KeyInfo>
> 
> I'm running the following command in order to verify the signature:
> 
> /usr/bin/xmlsec1 --verify answer.xml
> 
> Getting the following error:
> 
> func=xmlSecXPathDataExecute:file=xpath.c:line=273:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 
> library function 
> failed:expr=xpointer(id('Id-c96770b6-807c-44e5-b070-9a01f2fcf9ef'))
> 
> func=xmlSecXPathDataListExecute:file=xpath.c:line=373:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec 
> library function failed:
> 
> func=xmlSecTransformXPathExecute:file=xpath.c:line=483:obj=xpointer:subj=xmlSecXPathDataExecute:error=1:xmlsec 
> library function failed:
> 
> func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2405:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec 
> library function failed:
> 
> func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1236:obj=unknown:subj=xmlSecTransformPushXml:error=1:xmlsec 
> library function failed:transform=xpointer
> 
> func=xmlSecTransformCtxExecute:file=transforms.c:line=1296:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec 
> library function failed:
> 
> func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1571:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec 
> library function failed:
> 
> func=xmlSecDSigCtxProcessSignedInfoNode:file=xmldsig.c:line=804:obj=unknown:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec 
> library function failed:node=Reference
> 
> func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=547:obj=unknown:subj=xmlSecDSigCtxProcessSignedInfoNode:error=1:xmlsec 
> library function failed:
> 
> func=xmlSecDSigCtxVerify:file=xmldsig.c:line=366:obj=unknown:subj=xmlSecDSigCtxSignatureProcessNode:error=1:xmlsec 
> library function failed:
> 
> Error: signature failed
> 
> ERROR
> 
> SignedInfo References (ok/all): 0/1
> 
> Manifests References (ok/all): 0/0
> 
> Error: failed to verify file "answer.xml"
> 
> Can you please advise?
> 
> Tomer.
> 
> 
> 
> _______________________________________________
> xmlsec mailing list
> xmlsec at aleksey.com
> http://www.aleksey.com/mailman/listinfo/xmlsec
>

More information about the xmlsec mailing list