You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Paul Cameron <pa...@rpdata.com> on 2007/02/05 07:03:00 UTC
problems with configure
I'm having some problems with running configure to build the binaries for
xmlsecurity. The conf.log file is attached. Can someone help sort out these
problems? It would be very much appreciated.
Thanks,
Paul Cameron
Senior Analyst/Programmer
RP Data - "Real property knowledge you can trust"
T: (07) 3114 9934
F: (07) 3114 9900
E: paul.cameron@rpdata.com
W: www.rpdata.com
This email is intended only for the use of the individual or entity
named above and may contain information that is confidential and
privileged. If you are not the intended recipient, you are hereby
notified that any dissemination, distribution or copying of this email
is strictly prohibited. If you have received this email in error,
please notify us immediately by return email or telephone +61 (07)
3114 9999 and destroy the original message.
RE: problems with configure
Posted by Scott Cantor <ca...@osu.edu>.
> I'm having some problems with running configure to build the binaries for
> xmlsecurity. The conf.log file is attached. Can someone help sort out
> these problems? It would be very much appreciated.
Looks to me like you've got a Xerces-C 2.x that's built with Sun's compiler
and then you're trying to build this with gcc. You can't mix them.
There may also be library path issues causing trouble, but it looks more
like a compiler mismatch to me.
Run ldd against libxerces-c and see what it's linked to. libCrun would
indicate Sun's and libstdc++ would be gcc.
-- Scott
Re: problems with configure
Posted by Paul Cameron <pc...@rpdata.com>.
Paul Cameron <pcn <at> rpdata.com> writes:
>
> Berin Lautenbach <berin <at> wingsofhermes.org> writes:
>
> >
> > Can you post the template that you are using and the keypair (assuming
> > they are test keys) to me or the list? Keypair not so necessary - I can
> > use my own, but the template would help.
> >
> > You could try putting a bit of dummy text as the signature value - it
> > will get overwritten, but the loader for the Signature expects text
> > children in certain places and throws an exception if it doesn't find them.
> >
> > Cheers,
> > Berin
> >
> SNIP...
>
> Here's the template:
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
> xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-
wssecurity-
SNIP ...
The template above was missing the XML tag from the first line of the message:
<?xml version=~"1.0~" encoding=~"utf-8~"?>
So, now templatesign reports, "Errors during parse" but doesn't specify what
those errors are.
Re: problems with configure
Posted by Paul Cameron <pc...@rpdata.com>.
Berin Lautenbach <berin <at> wingsofhermes.org> writes:
>
> Can you post the template that you are using and the keypair (assuming
> they are test keys) to me or the list? Keypair not so necessary - I can
> use my own, but the template would help.
>
> You could try putting a bit of dummy text as the signature value - it
> will get overwritten, but the loader for the Signature expects text
> children in certain places and throws an exception if it doesn't find them.
>
> Cheers,
> Berin
>
SNIP...
Here's the template:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:wsa="http://schemas.xmlsoap.org/ws/2004/03/addressing"
xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-
secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-wssecurity-utility-1.0.xsd">
<soap:Header>
<wsa:Action wsu:Id="Id-3edad06f-f155-4405-9233-6a3f22862258">
</wsa:Action>
<wsa:MessageID wsu:Id="Id-b02eb10a-b0d9-491d-ba57-
5db81199302e">uuid:cca7447a-6ad7-4360-a8f0-a2181aa7c58c</wsa:MessageID>
<wsa:ReplyTo wsu:Id="Id-d11bbd45-c9c5-4ca2-9a95-6cf62f3847b3">
<wsa:Address>http://schemas.xmlsoap.org/ws/2004/03/addressing/role/anonymous</w
sa:Address>
</wsa:ReplyTo>
<wsa:To wsu:Id="Id-af811131-86e1-4146-bbed-
22da8be29d11">https://lasar002-int.dmz/ATS/dEnquiries</wsa:To>
<wsse:Security>
<wsu:Timestamp wsu:Id="Timestamp-d1dc5b06-ce21-43c7-a720-9bde3629d05a">
<wsu:Created>2006-11-23T05:31:41Z</wsu:Created>
</wsu:Timestamp>
<wsse:UsernameToken xmlns:wsu="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-a197613a-0a6e-4861-a72f-f355a6d66307">
<wsse:Username>pblccitec</wsse:Username>
<wsse:Password Type="http://docs.oasis-open.org/wss/2004/01/oasis-
200401-wss-username-token-profile-1.0#PasswordText">webservice</wsse:Password>
<wsse:Nonce>QTctSdLLjEGx4IFXz74yxQ==</wsse:Nonce>
<wsu:Created>2006-11-23T05:31:41Z</wsu:Created>
</wsse:UsernameToken>
<wsse:BinarySecurityToken ValueType="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"
EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-
message-security-1.0#Base64Binary" xmlns:wsu="http://docs.oasis-
open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"
wsu:Id="SecurityToken-14bc43ec-55a8-4956-9065-
16e6b80b7400">MIID8DCCA1mgAwIBAgIBATANBgkqhkiG9w0BAQQFADBaMQswCQYDVQQGEwJBVTEMM
AoGA1UECBMDUUxEMQ8wDQYDVQQHEwZCcmlzc3kxDDAKBgNVBAoTA05STTEMMAoGA1UECxMDSVRTMRAw
DgYDVQQDEwdzYXJ2ZWdhMB4XDTA1MDgzMTA1MTAxNFoXDTA3MDgzMTA1MTAxNFowXTELMAkGA1UEBhM
CQVUxDDAKBgNVBAgTA1FMRDEPMA0GA1UEBxMGQnJpc3N5MQ0wCwYDVQQKFAROUiZNMQwwCgYDVQQLEw
NJVFMxEjAQBgNVBAMTCXRlc3R1c2VyMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAM29v
k40v30gWJr7+pvNi3x/785nSkCv2RuXaCidNG1C2+WVUKyolSkFjQQPj3A+JXrRPqS4jQbUOVMubYYt
s5ElvpOG72nrDKQbLo1BVLJiJi+gTZEAS+S4ZpBzxaJYDwvX/Wa94WtgelWw+PSiGomPy995S1Aykty
WQVXZiezR3TL626wOefLXb5DGHgKh8YxVWkGL9FiaKdDieUQryXFX0ksiin7CVk4WNST2vPdOAC8KAZ
44/jPq95M631j0WU2CYT7Q66JtseZIMjlPvl7QbnMLIptq5quIoft7gX18T2rIFbmNFOE6SiD4em8wg
zW02FJr9FlPhWa6uEdFvqUCAwEAAaOCAT0wggE5MAkGA1UdEwQCMAAwLAYJYIZIAYb4QgENBB8WHU9w
ZW5TU0wgR2VuZXJhdGVkIENlcnRpZmljYXRlMB0GA1UdDgQWBBQTElg47m7eBhUhkdWvdbqhY/qBqjC
BggYDVR0jBHsweYAUDoB/c41zEYu2YHK28gaN0z0vdVChXqRcMFoxCzAJBgNVBAYTAkFVMQwwCgYDVQ
QIEwNRTEQxDzANBgNVBAcTBkJyaXNzeTEMMAoGA1UEChMDTlJNMQwwCgYDVQQLEwNJVFMxEDAOBgNVB
AMTB3NhcnZlZ2GCAQAwWgYDVR0fBFMwUTAkoCKgIIYeaHR0cDovL3d3dy5teWhvc3QuY29tL215Y2Eu
Y3JsMCmgJ6AlhiNodHRwOi8vd3d3Lm15b3RoZXJob3N0LmNvbS9teWNhLmNybDANBgkqhkiG9w0BAQQ
FAAOBgQBWQx+k1GGAJ69rX7aJP0eR3BCmHbNC89bBpSeiBOCVOGmLSMVY9c6Kbo7QNJV7pxZcCGN5tA
OO+Bry2E0ZL5auA02XzNeCNZyasHPrSgQJvTA11krJ4Kjh5/UAN+0MxiDY50R3IGBneTKFYFRSVPyUm
Kmw01wqIMFmxilpQ4W8LQ==</wsse:BinarySecurityToken>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<ds:CanonicalizationMethod
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-
sha1" />
<Reference URI="#Id-3edad06f-f155-4405-9233-6a3f22862258">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-
c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>TVCH1habTRf0MmhInZ7lZEQqXHY=</DigestValue>
</Reference>
<Reference URI="#Id-b02eb10a-b0d9-491d-ba57-5db81199302e">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-
c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>cRnv3LpgnL/efdrnXSEcd7Jn4V0=</DigestValue>
</Reference>
<Reference URI="#Id-d11bbd45-c9c5-4ca2-9a95-6cf62f3847b3">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-
c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>6574cbbjN1AwhoAKNjrxwAD2zM8=</DigestValue>
</Reference>
<Reference URI="#Id-af811131-86e1-4146-bbed-22da8be29d11">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-
c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>4KnoFdUUUkvpmbxV6SZVc20B+zU=</DigestValue>
</Reference>
<Reference URI="#Timestamp-d1dc5b06-ce21-43c7-a720-9bde3629d05a">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-
c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>gFfTJ7l30pDGRg5wuFN6raJFxeg=</DigestValue>
</Reference>
<Reference URI="#Id-f02ffa1e-f0c5-4acf-9961-c34cf57f91a5">
<Transforms>
<Transform Algorithm="http://www.w3.org/2001/10/xml-exc-
c14n#" />
</Transforms>
<DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>UkUKHCCWocfInrKvwRG+7YYjBjY=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>UuI0sDfhFKG/y4zqICTqKEGQZQPqlaHROvwXsEGRHtLUZtxonXJEQs02rvyJi2A
Ubw4GGMLmjLD6K7jb8E52AFrAYPTQyQHo5ZQnfX0jpnavnD6HbbZbz+YqUkCv7ADK+zPWcupI9W+iYx
Xofnr4OPi+2n/J5QsUilZGHs/PgJ9J9c8M+wFxV0nas6RqXY88C7xNiBD6ct3xysoMWbC5XXhNGwgp2
ZJBtUqksXDCuS4m1Y+3sin2U9RC9zM6k/J5a1BAMuV6mlhvfGvladoprsF2d8rHY6/6wYFLfWeYb2iQ
cWzPDpZiRtbuFxg7wW6kuBofXeyizHfXc9IP1z6gLQ==</SignatureValue>
<KeyInfo>
<wsse:SecurityTokenReference>
<wsse:Reference URI="#SecurityToken-14bc43ec-55a8-4956-9065-
16e6b80b7400" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-
wss-x509-token-profile-1.0#X509v3" />
</wsse:SecurityTokenReference>
</KeyInfo>
</Signature>
</wsse:Security>
</soap:Header>
<soap:Body wsu:Id="Id-f02ffa1e-f0c5-4acf-9961-c34cf57f91a5">
<GetTitleWithName xmlns="http://wsgate.nrm.qld.gov.au/ATS/dEnquiries">
<family_name xmlns="java:au.gov.qld.nrm.ats.enquiries" />
<given_name xmlns="java:au.gov.qld.nrm.ats.enquiries" />
<prev_title_reference xmlns="java:au.gov.qld.nrm.ats.enquiries" />
<title_reference
xmlns="java:au.gov.qld.nrm.ats.enquiries">1/22</title_reference>
</GetTitleWithName>
</soap:Body>
</soap:Envelope>
I removed the digests, the signature value and the whitespace before
submitting it to "templatesign".
Many thanks,
Paul.
Re: problems with configure
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Can you post the template that you are using and the keypair (assuming
they are test keys) to me or the list? Keypair not so necessary - I can
use my own, but the template would help.
You could try putting a bit of dummy text as the signature value - it
will get overwritten, but the loader for the Signature expects text
children in certain places and throws an exception if it doesn't find them.
Cheers,
Berin
Paul Cameron wrote:
> Berin Lautenbach <berin <at> wingsofhermes.org> writes:
>
>> Paul Cameron wrote:
>>> BTW, if the API binaries on nagoya.apache.org were accessible, it would
> make
>>> my life a lot easier. Do you know what's wrong with this site?
>> Nagoya is no longer available. I'll remove that link from the site
>> until I can figure out another place I can generate the API docs.
>>
>> Cheers,
>> Berin
>>
>>
> I have since downloaded the source for Xalan and Xerces, and have successfully
> compiled the xml-security package using the GNU C and C++ compilers.
>
> I was going through the set of tools that come with the package, and
> discovered that the "templatesign" tool will do mostly what I wanted to do.
> Unfortunately, I'm having some trouble with this. I ran it using our X509
> certificate and a real XML message with the digests and signature values
> removed. It returned the following message:
>
> An error occured during signing operation
> Message: Expected TEXT child of <SignatureValue>
>
> Can you tell me what this means?
>
> Thanks,
>
> Paul
>
>
>
>
>
>
>
Re: problems with configure
Posted by Paul Cameron <pc...@rpdata.com>.
Berin Lautenbach <berin <at> wingsofhermes.org> writes:
>
> Paul Cameron wrote:
> > BTW, if the API binaries on nagoya.apache.org were accessible, it would
make
> > my life a lot easier. Do you know what's wrong with this site?
>
> Nagoya is no longer available. I'll remove that link from the site
> until I can figure out another place I can generate the API docs.
>
> Cheers,
> Berin
>
>
I have since downloaded the source for Xalan and Xerces, and have successfully
compiled the xml-security package using the GNU C and C++ compilers.
I was going through the set of tools that come with the package, and
discovered that the "templatesign" tool will do mostly what I wanted to do.
Unfortunately, I'm having some trouble with this. I ran it using our X509
certificate and a real XML message with the digests and signature values
removed. It returned the following message:
An error occured during signing operation
Message: Expected TEXT child of <SignatureValue>
Can you tell me what this means?
Thanks,
Paul
Re: problems with configure
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
Paul Cameron wrote:
> BTW, if the API binaries on nagoya.apache.org were accessible, it would make
> my life a lot easier. Do you know what's wrong with this site?
Nagoya is no longer available. I'll remove that link from the site
until I can figure out another place I can generate the API docs.
Cheers,
Berin
Re: problems with configure
Posted by Paul Cameron <pc...@rpdata.com>.
Scott Cantor <cantor.2 <at> osu.edu> writes:
>
> > I'm having some problems with running configure to build the binaries for
> > xmlsecurity. The conf.log file is attached. Can someone help sort out
> > these problems? It would be very much appreciated.
>
> Looks to me like you've got a Xerces-C 2.x that's built with Sun's compiler
> and then you're trying to build this with gcc. You can't mix them.
>
> There may also be library path issues causing trouble, but it looks more
> like a compiler mismatch to me.
>
> Run ldd against libxerces-c and see what it's linked to. libCrun would
> indicate Sun's and libstdc++ would be gcc.
>
Yes, you're right.
>ldd libxerces-c.so
libpthread.so.1 => /usr/lib/libpthread.so.1
libnsl.so.1 => /usr/lib/libnsl.so.1
libsocket.so.1 => /usr/lib/libsocket.so.1
libdl.so.1 => /usr/lib/libdl.so.1
libc.so.1 => /usr/lib/libc.so.1
libmp.so.2 => /usr/lib/libmp.so.2
libthread.so.1 => /usr/lib/libthread.so.1
librt.so.1 => /usr/lib/librt.so.1
libaio.so.1 => /usr/lib/libaio.so.1
libmd5.so.1 => /usr/lib/libmd5.so.1
/usr/platform/SUNW,UltraAX-MP/lib/libc_psr.so.1
/usr/platform/SUNW,UltraAX-MP/lib/libmd5_psr.so.1
I'll retry running "configure" by setting the env var CC to point to Sun's C
compiler.
BTW, if the API binaries on nagoya.apache.org were accessible, it would make
my life a lot easier. Do you know what's wrong with this site?
Paul.