apache - XMLSec: What's wrong with the signature? ("Reference for URI has no XMLSignatureInput") -

-

i'm using apache-santuario 1.4.4 generate signed message:

<soapenv:envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap-sec="http://schemas.xmlsoap.org/soap/security/2000-12">   <soapenv:header>     <ds:signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">       <ds:signedinfo>         <ds:canonicalizationmethod algorithm="http://www.w3.org/tr/2001/rec-xml-c14n-20010315"/>         <ds:signaturemethod algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>         <ds:reference uri="#ds-om">           <ds:transforms>             <ds:transform algorithm="http://www.w3.org/tr/2001/rec-xml-c14n-20010315"/>           </ds:transforms>           <ds:digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>           <ds:digestvalue>8nzkh.....99alyeu4=</ds:digestvalue>         </ds:reference>       </ds:signedinfo>       <ds:signaturevalue>         xswt/8hzsnwewj.....8dhwy+fvckhlg==       </ds:signaturevalue>       <ds:keyinfo>         <ds:x509data>           <ds:x509certificate>             miid4tccasmgawib....wquq/eiergfyu9znmkfpa==           </ds:x509certificate>         </ds:x509data>         <ds:keyvalue>           <ds:rsakeyvalue>             <ds:modulus>               zsmjlbhhvxfe03peuaq8x.....d4b63mmf8p+3xaymgw==             </ds:modulus>             <ds:exponent>aqba</ds:exponent>           </ds:rsakeyvalue>         </ds:keyvalue>       </ds:keyinfo>     </ds:signature>   </soapenv:header>   <soapenv:body soap-sec:id="ds-om">     <ns1:servic xmlns:ns1="http://www.foo.es/schemas">       ...     </ns1:servic>   </soapenv:body> </soapenv:envelope>

when send service i'm working with, replies this:

<soapenv:envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/xmlschema" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance">   <soapenv:body>     <soapenv:fault>       <faultcode xmlns:ns1="http://www.foo.com/schemas">ns1:digitalsignatureerror</faultcode>       <faultstring>the reference uri #ds-om has no xmlsignatureinput</faultstring>       <detail>          <string/>       </detail>     </soapenv:fault>   </soapenv:body> </soapenv:envelope>

i've googled lot haven't found error. reference bad declared? wrong? idea appreciated.

thanks in advance.

"ds-om" defined "soap-sec:id" - think what's causing problem here, soap-sec:id not proper xml:id or not correctly recognized one. circumvent declare reference using xpath transform instead:

<ds:reference uri="">       <ds:transforms>         <ds:transform algorithm="http://www.w3.org/tr/1999/rec-xpath-19991116">            <ds:xpath xmlns:soapenv="&soapenv;" xmlns:soap-sec="&soap-sec;">              //soapenv:envelope[@soap-sec:id='ds-om']            <ds:xpath>         <ds:transform algorithm="http://www.w3.org/tr/2001/rec-xml-c14n-20010315"/>       </ds:transforms>       .... </ds:reference>

Comments

Post a Comment

Popular posts from this blog

linux - Mailx and Gmail nss config dir -

-
i trying send mail linux command line using mailx command. can send local domain no problem want set mail send gmail account receive mail sent gmail account. after configuring mail.rc so: account gmail { set smtp=smtps://smtp.gmail.com:587 set smtp-auth=login set smtp-auth-user=username@gmail.com set smtp-auth-password=password set ssl-verify=ignore } i error: resolving host smtp.gmail.com . . . done. connecting 74.125.25.109 . . . connected. missing "nss-config-dir" variable. "/home/username/dead.letter" 11/354 . . . message not sent. after looking "nss-config-dir" here , located certn.db , keyn.db files , added mail.rc so: account gmail { set smtp=smtps://smtp.gmail.com:587 set smtp-auth=login set smtp-auth-user=username@gmail.com set smtp-auth-password=password set ssl-verify=ignore set nss-config-dir=/home/user/.mozilla/firefox/location.default } now when try send mail using command: echo "sent gmail account" | mailx -v -a
Read more

c# - Is it possible to remove an existing registration from Autofac container builder? -

-
something along lines: builder.registertype<mytype>().as<itype>(); builder.registertype<mytype2>().as<itype>(); builder.deregistertype<mytype>().as<itype>() var container = builder.build(); var types = container.resolve<ienumerable<itype>>(); assert.istrue(types.count == 1); assert.istrue(types[0].gettype == typeof(mytype2)); scenario: go through bunch of assemblies , go register types want make sure have 1 implementation of given type. need before create container. track on own nice if autofac me bit. this cannot done directly using containerbuilder , unless start on new one. mind you, having first built container should able construct new container filtering away unwanted types , reusing registrations first container. this: ... var container = builder.build(); builder = new containerbuilder(); var components = container.componentregistry.registrations .where(cr => cr.activator.limittype != typ
Read more

php - Mysql PK and FK char(36) vs int(10) -

-
i have read mysql can handle indexes , searches better if tables keys integers rather char(36) uuid's. is worth converting int(10)? note: use 1 server , have have plans use multiple databases concurrently therefore removing 1 of big reasons using uuid. our tables innodb if makes difference. thanks in advance. usually rdbms can handle integer keys pk more efficient, other datatypes. reason how build index column, yes: long dont require string (or other typed) keys, should use integers. however: char(36) , int(10) far away being equal, because int(10) much smaller, char(36). dont know, if require many different keys, should keep in mind. update, complete last paragraph: int(10) 32-bit, char(36) 36 - ^byte^ (= 288-bit). not mean, int consumes less space, means, char(36) has 4 times more different keys.
Read more