[xmlsec] Signing with root element not having namespace

Wed, 03 Jun 2020 07:51:04 -0700 

Hello!


I've been using your lib for a long time with many success!


Now I got a task which I cannot handle with my skills. I've attached a 
simplified version of the XML.


The main problem is that an industry standard determines the whole structure of 
the XML in this application including the namespaces. When I tried to sign it 
with the standard method in the doc I got the error: 'node not found'. It 
turned out xmlsecGetNodeNSHref sees the <Signature> block with (null) 
namepspace, which doesn't fit xmlsec's requirement. Changing xmlSecFindNode to 
ignore the (null) namespace helped for a short time, but some function calls 
later a similar error was found in xmlSecFindParent. After getting over again 
C14N failed. I am not sure if that (null) is the problem during the 
canonization.


I cannot see that deep into the code. Could you help me out?


Bests,

Adam

<?xml version="1.0" encoding="UTF-8"?>
<EventMessage xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xmlns:cb="XYZBlock" xsi:noNamespaceSchemaLocation="Message.xsd">
  <Header>
    <Verb>created</Verb>
    <Noun>Block</Noun>
    <Revision>1.0</Revision>
    <Timestamp>2020-06-03T10:38:51Z</Timestamp>
    <Source>http://192.168.0.100:8092</Source>
    <MessageID>69420</MessageID>
    <Target>http://17.6.16.6:8092</Target>
  </Header>
  <Payload>
    <cb:XYZBlock xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"; xsi:noNamespaceSchemaLocation="XYZBlock.xsd">
      <XYZ>
	<FREQ>45</FREQ>
        <DID>2</DID>
        <Location>
          <Latitude>0.000000</Latitude>
          <Longitude>0.000000</Longitude>
        </Location>
      </XYZ>
      <Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
        <ds:SignedInfo>
          <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
          <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
          <ds:Reference URI="">
            <ds:Transforms>
              <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
            </ds:Transforms>
            <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
            <ds:DigestValue/>
          </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue/>
        <ds:KeyInfo>
          <ds:KeyValue/>
        </ds:KeyInfo>
      </Signature>
    </cb:XYZBlock>
    <Format>XML</Format>
  </Payload>
</EventMessage>

_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec

Reply via email to