W3C home > Mailing lists > Public > w3c-ietf-xmldsig@w3.org > April to June 2005

Xmlsecurity-C signed soap validation - can someone give me a hint

From: Cullum, Steve <steven.cullum@eds.com>
Date: Fri, 13 May 2005 12:23:17 +0100
Message-ID: <4F014656062C1140880B2247EDAFD3B101067FF9@ukspm204.emea.corp.eds.com>
To: "'w3c-ietf-xmldsig@w3.org.'" <w3c-ietf-xmldsig@w3.org>

I am trying to validate the following signed SOAP document.  I have the private/public keys xxx.p12 file installed into the default windows keystore.  The document was signed using the Verisign TSIK library version "tsik-1.10-windows"

Using "checksig.exe" to test my document the exception "XSECException::IDNotFoundInDOMDoc"  is thrown. Because fNodeIDMap inside the fn() is 0

	DOMElement *DOMDocumentImpl::getElementById(const XMLCh *elementId) const
	{
		if (fNodeIDMap == 0)          
      	  return 0;
	}

I am using using :- XercesC_2_5, XalanC_1_7, xml-security-c-1.1.0


Can anyone help me.......please.  I presume the document is incorrect in some way but I don't really know where to begin - everything looks ok according to my interpretation of the specification.

Thankyou in advance.

Steve





Here is the call stack from the debugger ::-

>	xerces-c_2_5_0D.dll!xercesc_2_5::DOMDocumentImpl::getElementById(const unsigned short * elementId=0x01290eca)  Line 642	C++
 	xsec_1_1_0D.dll!TXFMDocObject::setInput(xercesc_2_5::DOMDocument * doc=0x0128f890, const unsigned short * newFragmentId=0x01290eca)  Line 108 + 0x11	C++
 	xsec_1_1_0D.dll!DSIGReference::getURIBaseTXFM(xercesc_2_5::DOMDocument * doc=0x0128f890, const unsigned short * URI=0x01290ec8, const XSECEnv * env=0x01275568)  Line 502	C++
 	xsec_1_1_0D.dll!DSIGReference::calculateHash(unsigned char * toFill=0x0012f2d8, unsigned int maxToFill=0x00000080)  Line 1206 + 0x2e	C++
 	xsec_1_1_0D.dll!DSIGReference::checkHash()  Line 1365 + 0x14	C++
 	xsec_1_1_0D.dll!DSIGReference::verifyReferenceList(DSIGReferenceList * lst=0x01288f28, safeBuffer & errStr={...})  Line 885 + 0x8	C++
 	xsec_1_1_0D.dll!DSIGSignedInfo::verify(safeBuffer & errStr={...})  Line 123 + 0x10	C++
 	xsec_1_1_0D.dll!DSIGSignature::verify()  Line 1055 + 0x12	C++
 	checksig.exe!evaluate(int argc=0x00000002, char * * argv=0x00326c58)  Line 483 + 0xe	C++
 	checksig.exe!main(int argc=0x00000002, char * * argv=0x00326c58)  Line 583 + 0xd	C++
 	checksig.exe!mainCRTStartup()  Line 398 + 0x11	C
 	kernel32.dll!77e8141a() 	




Function ...

// from debugger
newFragmentId == "wsse-c26651c0-c209-11d9-9834-e9a275261f99"

DOMElement *DOMDocumentImpl::getElementById(const XMLCh *elementId) const {
    if (fNodeIDMap == 0)          
        return 0;

  /**
   ** fNodeIDMap is 0
   **/

    DOMAttr *theAttr = fNodeIDMap->find(elementId);
    if (theAttr == 0)
        return 0;

    return theAttr->getOwnerElement();
}

void TXFMDocObject::setInput(DOMDocument *doc, const XMLCh * newFragmentId) {

	// We have a document fragment marked by an objectID string.
	// Now try to find the node that the objectId belongs to
	fragmentObject = doc->getElementById(newFragmentId);

/**
 ** --- fragmentObject always returns NULL  **/
 	if ((fragmentObject == NULL) && (mp_env != NULL) && (mp_env->getIdByAttributeName())) 
	{
		// It might be that no DSIG DTD was attached and that the ID is in a
		// DSIG element and the application is permitting attribute name based
		// Id searches
		fragmentObject = findDSIGId(doc, newFragmentId, mp_env);
	}

	if (fragmentObject == 0)
		throw XSECException(XSECException::IDNotFoundInDOMDoc);

	document = doc;
	fragmentId = XMLString::replicate(newFragmentId);
	type = TXFMBase::DOM_NODE_DOCUMENT_FRAGMENT;
}



Signed soap xml :-------


<?xml version="1.0" encoding="UTF-8"?>
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
 <soapenv:Header><wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/><ds:Reference URI="#wsse-c26651c0-c209-11d9-9834-e9a275261f99"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>+G19/tWZSlCS894TQvdJYrVsb+4=</ds:DigestValue></ds:Reference><ds:Reference URI="#wsse-c26121a0-c209-11d9-9834-e9a275261f99"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>4B9ZewNptVgz0MpJBpaoI6b0Oks=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>MCwCFFiTYY7/B+tYizrqc!
 cMZJKVQC6RyAhQUoVXtXfNUVEFZlaE3USajTEqUzQ==</ds:SignatureValue></ds:Signature></wsse:Security><wsu:Timestamp xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility"><wsu:Created wsu:Id="wsse-c26121a0-c209-11d9-9834-e9a275261f99">2005-05-11T10:45:15Z</wsu:Created></wsu:Timestamp></soapenv:Header><soapenv:Body wsu:Id="wsse-c26651c0-c209-11d9-9834-e9a275261f99" xmlns:wsu="http://schemas.xmlsoap.org/ws/2002/07/utility">
  <ns1:secountResponse soapenv:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/" xmlns:ns1="myserviceprovider">
   <secountReturn xsi:type="xsd:string"><secount_results>
   <disclaimer><.... CONTENTS REMOVED ..../></disclaimer>
   <header>
    		<.... CONTENTS REMOVED ..../>
   </header>
   <results>
        	<.... CONTENTS REMOVED ..../>
   </results>
</secount_results>
</secountReturn>
  </ns1:secountResponse>
 </soapenv:Body>
</soapenv:Envelope>
Received on Friday, 13 May 2005 17:18:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:21:40 UTC