You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by tobias <to...@t-systems.com> on 2015/05/18 13:58:31 UTC
Re: Optional ID of attached element
I`m getting this error when I try to verify a signed xml. The problem is it
has not ID and therefore I tried to disable the ID mapping by removing this
line of code signedElement.setIdAttributeNS(null, "Id", true);
Out customers delivers a xml file where always the root element is the part
which is being signed by default. Don`t know how to handle a signed xml file
without an id as maker.
Caused by: org.apache.xml.security.utils.resolver.ResourceResolverException:
Cannot resolve element with ID SignedProperties-1430866800583
at
org.apache.xml.security.utils.resolver.implementations.ResolverFragment.engineResolveURI(ResolverFragment.java:81)
~[xmlsec-2.0.4.jar:2.0.4]
at
org.apache.xml.security.utils.resolver.ResourceResolver.resolve(ResourceResolver.java:288)
~[xmlsec-2.0.4.jar:2.0.4]
at
org.apache.xml.security.signature.Reference.getContentsBeforeTransformation(Reference.java:426)
~[xmlsec-2.0.4.jar:2.0.4]
at
org.apache.xml.security.signature.Reference.dereferenceURIandPerformTransforms(Reference.java:606)
~[xmlsec-2.0.4.jar:2.0.4]
at
org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:718)
~[xmlsec-2.0.4.jar:2.0.4]
at org.apache.xml.security.signature.Reference.verify(Reference.java:787)
~[xmlsec-2.0.4.jar:2.0.4]
at
org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:334)
~[xmlsec-2.0.4.jar:2.0.4]
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/Optional-ID-of-attached-element-tp41910p42076.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: Optional ID of attached element
Posted by tobias <to...@t-systems.com>.
ok, you`re right. I found out that in the custmer xml I`ve got two refernce
blocks and the second one is making me trouble.
<ds:Reference Id="Reference-TSL-1430866800574" URI="">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></ds:Transform>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
<ds:DigestValue>43acDj5lSIqh6LBvpVbQ9Hj9QFjX0vZ4IWrw7E8OY0g=
</ds:DigestValue>
</ds:Reference>
<ds:Reference Id="Reference-SignedProperties-1430866800684"
Type="http://uri.etsi.org/01903#SignedProperties"
URI="#SignedProperties-1430866800583">
<ds:Transforms>
<ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
<ds:DigestValue>ms/B/LYB/XjPHZeuHpBgtTYG1fq9sLfqld5ArY4E/N4=
</ds:DigestValue>
</ds:Reference>
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/Optional-ID-of-attached-element-tp41910p42080.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: Optional ID of attached element
Posted by "Cantor, Scott" <ca...@osu.edu>.
On 5/18/15, 12:58 PM, "tobias" <to...@t-systems.com> wrote:
>I just want to get rid of the need of an Id attribute in the signed
>element.
And I told you how non-ID based signatures of an entire document are
expressed.
>I understand that the way you are showing in the examples is a good way to
>do it,
I don't know what examples you mean, but they have nothing to do with me.
-- Scott
Re: Optional ID of attached element
Posted by tobias <to...@t-systems.com>.
I just want to get rid of the need of an Id attribute in the signed element.
I understand that the way you are showing in the examples is a good way to
do it, but our customer is delivering an xml document without an id in the
root element (always the signed element). I just want to solve my use case
and need your help!
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/Optional-ID-of-attached-element-tp41910p42078.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: Optional ID of attached element
Posted by "Cantor, Scott" <ca...@osu.edu>.
On 5/18/15, 11:58 AM, "tobias" <to...@t-systems.com> wrote:
>Out customers delivers a xml file where always the root element is the
>part
>which is being signed by default. Don`t know how to handle a signed xml
>file
>without an id as maker.
If you mean you want to sign the whole document, that requires a Reference
URI of "" (literally the empty string). This is all covered by the
standard, which you need to read if you use the library. XML Signature is
not something you can just let the library take care of for you, there are
too many application-layer issues involved to do anything safely with the
spec.
-- Scott