apache - XMLSec: What's wrong with the signature? ("Reference for URI has no XMLSignatureInput") -
i'm using apache-santuario 1.4.4 generate signed message:
<soapenv:envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soap-sec="http://schemas.xmlsoap.org/soap/security/2000-12"> <soapenv:header> <ds:signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> <ds:signedinfo> <ds:canonicalizationmethod algorithm="http://www.w3.org/tr/2001/rec-xml-c14n-20010315"/> <ds:signaturemethod algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:reference uri="#ds-om"> <ds:transforms> <ds:transform algorithm="http://www.w3.org/tr/2001/rec-xml-c14n-20010315"/> </ds:transforms> <ds:digestmethod algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/> <ds:digestvalue>8nzkh.....99alyeu4=</ds:digestvalue> </ds:reference> </ds:signedinfo> <ds:signaturevalue> xswt/8hzsnwewj.....8dhwy+fvckhlg== </ds:signaturevalue> <ds:keyinfo> <ds:x509data> <ds:x509certificate> miid4tccasmgawib....wquq/eiergfyu9znmkfpa== </ds:x509certificate> </ds:x509data> <ds:keyvalue> <ds:rsakeyvalue> <ds:modulus> zsmjlbhhvxfe03peuaq8x.....d4b63mmf8p+3xaymgw== </ds:modulus> <ds:exponent>aqba</ds:exponent> </ds:rsakeyvalue> </ds:keyvalue> </ds:keyinfo> </ds:signature> </soapenv:header> <soapenv:body soap-sec:id="ds-om"> <ns1:servic xmlns:ns1="http://www.foo.es/schemas"> ... </ns1:servic> </soapenv:body> </soapenv:envelope>
when send service i'm working with, replies this:
<soapenv:envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/xmlschema" xmlns:xsi="http://www.w3.org/2001/xmlschema-instance"> <soapenv:body> <soapenv:fault> <faultcode xmlns:ns1="http://www.foo.com/schemas">ns1:digitalsignatureerror</faultcode> <faultstring>the reference uri #ds-om has no xmlsignatureinput</faultstring> <detail> <string/> </detail> </soapenv:fault> </soapenv:body> </soapenv:envelope>
i've googled lot haven't found error. reference bad declared? wrong? idea appreciated.
thanks in advance.
"ds-om" defined "soap-sec:id" - think what's causing problem here, soap-sec:id not proper xml:id or not correctly recognized one. circumvent declare reference
using xpath transform instead:
<ds:reference uri=""> <ds:transforms> <ds:transform algorithm="http://www.w3.org/tr/1999/rec-xpath-19991116"> <ds:xpath xmlns:soapenv="&soapenv;" xmlns:soap-sec="&soap-sec;"> //soapenv:envelope[@soap-sec:id='ds-om'] <ds:xpath> <ds:transform algorithm="http://www.w3.org/tr/2001/rec-xml-c14n-20010315"/> </ds:transforms> .... </ds:reference>
Comments
Post a Comment