Replies: 1 comment
-
|
You might already know that since you use |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Here is the structure of my XML:
environment:
xmlsec1 1.2.34 (openssl)
Ubuntu 64 22.10
Resume:
The first three signatures work perfectly in three individual calls.
When I go to sign the complete batch, which has 3 signatures inside, the xmlsec1 program shows an error.
It seems that instead of signing AT33, it is trying to sign rps1.
I don't know if is a BUG or wrong parameters.
I read all FAQ and make a lot or tests.
input file is attached.
line command:
xmlsec1 --sign --pkcs12 file.pfx --pwd XXXXXX --id-attr:Id LoteRps --crypto openssl --node-xpath "//[local-name()='EnviarLoteRpsEnvio']//[local-name()='LoteRps'][@id='AT33']/." --output orig_signed.xml orig.txt
unc=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=350:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=BR/O=ICP-Brasil/ST=RS/L=CANOAS/OU=AC DIGITAL MULTIPLA G1/OU=34461810000167/OU=videoconferencia/OU=Certificado PJ A1/CN=ATAM INFORMATICA LTDA:18429542000140; issuer=/C=BR/O=ICP-Brasil/OU=AC DIGITAL MAIS/CN=AC DIGITAL MULTIPLA G1; err=20; msg=unable to get local issuer certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=BR/O=ICP-Brasil/ST=RS/L=CANOAS/OU=AC DIGITAL MULTIPLA G1/OU=34461810000167/OU=videoconferencia/OU=Certificado PJ A1/CN=ATAM INFORMATICA LTDA:18429542000140; issuer=/C=BR/O=ICP-Brasil/OU=AC DIGITAL MAIS/CN=AC DIGITAL MULTIPLA G1; err=20; msg=unable to get local issuer certificate
func=xmlSecXPathDataExecute:file=xpath.c:line=246:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 library function failed:expr=xpointer(id('rps1')); xml error: 0: NULL
func=xmlSecXPathDataListExecute:file=xpath.c:line=330:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed:
func=xmlSecTransformXPathExecute:file=xpath.c:line=430:obj=xpointer:subj=xmlSecXPathDataListExecute:error=1:xmlsec library function failed:
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2108:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1044:obj=xpointer:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:
func=xmlSecTransformCtxExecute:file=transforms.c:line=1092:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed:
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1409:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessReferences:file=xmldsig.c:line=752:obj=Reference:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=517:obj=unknown:subj=xmlSecDSigCtxProcessReferences:error=1:xmlsec library function failed:
func=xmlSecDSigCtxSign:file=xmldsig.c:line=291:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed:
Error: signature failed
with --print-debug
xmlsec1 --sign --pkcs12 file.pfx --pwd XXXXX --id-attr:Id LoteRps --crypto openssl --print-debug --node-xpath "//[local-name()='EnviarLoteRpsEnvio']//[local-name()='LoteRps'][@id='AT33']/." --output orig_signed.xml orig.txt
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=350:obj=x509-store:subj=unknown:error=71:certificate verification failed:X509_verify_cert: subject=/C=BR/O=ICP-Brasil/ST=RS/L=CANOAS/OU=AC DIGITAL MULTIPLA G1/OU=34461810000167/OU=videoconferencia/OU=Certificado PJ A1/CN=ATAM INFORMATICA LTDA:18429542000140; issuer=/C=BR/O=ICP-Brasil/OU=AC DIGITAL MAIS/CN=AC DIGITAL MULTIPLA G1; err=20; msg=unable to get local issuer certificate
func=xmlSecOpenSSLX509StoreVerify:file=x509vfy.c:line=389:obj=x509-store:subj=unknown:error=71:certificate verification failed:subject=/C=BR/O=ICP-Brasil/ST=RS/L=CANOAS/OU=AC DIGITAL MULTIPLA G1/OU=34461810000167/OU=videoconferencia/OU=Certificado PJ A1/CN=ATAM INFORMATICA LTDA:18429542000140; issuer=/C=BR/O=ICP-Brasil/OU=AC DIGITAL MAIS/CN=AC DIGITAL MULTIPLA G1; err=20; msg=unable to get local issuer certificate
func=xmlSecXPathDataExecute:file=xpath.c:line=246:obj=unknown:subj=xmlXPtrEval:error=5:libxml2 library function failed:expr=xpointer(id('rps1')); xml error: 0: NULL
func=xmlSecXPathDataListExecute:file=xpath.c:line=330:obj=unknown:subj=xmlSecXPathDataExecute:error=1:xmlsec library function failed:
func=xmlSecTransformXPathExecute:file=xpath.c:line=430:obj=xpointer:subj=xmlSecXPathDataListExecute:error=1:xmlsec library function failed:
func=xmlSecTransformDefaultPushXml:file=transforms.c:line=2108:obj=xpointer:subj=xmlSecTransformExecute:error=1:xmlsec library function failed:
func=xmlSecTransformCtxXmlExecute:file=transforms.c:line=1044:obj=xpointer:subj=xmlSecTransformPushXml:error=1:xmlsec library function failed:
func=xmlSecTransformCtxExecute:file=transforms.c:line=1092:obj=unknown:subj=xmlSecTransformCtxXmlExecute:error=1:xmlsec library function failed:
func=xmlSecDSigReferenceCtxProcessNode:file=xmldsig.c:line=1409:obj=unknown:subj=xmlSecTransformCtxExecute:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessReferences:file=xmldsig.c:line=752:obj=Reference:subj=xmlSecDSigReferenceCtxProcessNode:error=1:xmlsec library function failed:
func=xmlSecDSigCtxProcessSignatureNode:file=xmldsig.c:line=517:obj=unknown:subj=xmlSecDSigCtxProcessReferences:error=1:xmlsec library function failed:
func=xmlSecDSigCtxSign:file=xmldsig.c:line=291:obj=unknown:subj=xmlSecDSigCtxProcessSignatureNode:error=1:xmlsec library function failed:
Error: signature failed
= SIGNATURE CONTEXT
== Status: unknown
== flags: 0x00000000
== flags2: 0x00000000
== Key Info Read Ctx:
= KEY INFO READ CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: rsa
==== keyType: 0x00000002
==== keyUsage: 0x00000001
==== keyBitsSize: 0
=== list size: 0
== Key Info Write Ctx:
= KEY INFO WRITE CONTEXT
== flags: 0x00000000
== flags2: 0x00000000
== enabled key data: all
== RetrievalMethod level (cur/max): 0/1
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
== EncryptedKey level (cur/max): 0/1
=== KeyReq:
==== keyId: NULL
==== keyType: 0x00000001
==== keyUsage: 0xffffffff
==== keyBitsSize: 0
=== list size: 0
== Signature Transform Ctx:
== TRANSFORMS CTX (status=0)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri: NULL
=== uri xpointer expr: NULL
=== Transform: exc-c14n (href=http://www.w3.org/2001/10/xml-exc-c14n#)
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
== Signature Method:
=== Transform: rsa-sha1 (href=http://www.w3.org/2000/09/xmldsig#rsa-sha1)
== Signature Key:
== KEY
=== method: RSAKeyValue
=== key type: Private
=== key usage: -1
=== rsa key: size = 2048
=== list size: 1
=== X509 Data:
==== Key Certificate:
==== Subject Name: /C=BR/O=ICP-Brasil/ST=RS/L=CANOAS/OU=AC DIGITAL MULTIPLA G1/OU=34461810000167/OU=videoconferencia/OU=Certificado PJ A1/CN=ATAM INFORMATICA LTDA:18429542000140
==== Issuer Name: /C=BR/O=ICP-Brasil/OU=AC DIGITAL MAIS/CN=AC DIGITAL MULTIPLA G1
==== Issuer Serial: 9943098ECA966BE0
==== Certificate:
==== Subject Name: /C=BR/O=ICP-Brasil/OU=AC DIGITAL MAIS/CN=AC DIGITAL MULTIPLA G1
==== Issuer Name: /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v5/CN=AC DIGITAL MAIS
==== Issuer Serial: 9EF8B0136D835E8F
==== Certificate:
==== Subject Name: /C=BR/O=ICP-Brasil/OU=Autoridade Certificadora Raiz Brasileira v5/CN=AC DIGITAL MAIS
==== Issuer Name: /C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao - ITI/CN=Autoridade Certificadora Raiz Brasileira v5
==== Issuer Serial: E0875B6ACA4FCCBD
==== Certificate:
==== Subject Name: /C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao - ITI/CN=Autoridade Certificadora Raiz Brasileira v5
==== Issuer Name: /C=BR/O=ICP-Brasil/OU=Instituto Nacional de Tecnologia da Informacao - ITI/CN=Autoridade Certificadora Raiz Brasileira v5
==== Issuer Serial: 1
==== Certificate:
==== Subject Name: /C=BR/O=ICP-Brasil/ST=RS/L=CANOAS/OU=AC DIGITAL MULTIPLA G1/OU=34461810000167/OU=videoconferencia/OU=Certificado PJ A1/CN=ATAM INFORMATICA LTDA:18429542000140
==== Issuer Name: /C=BR/O=ICP-Brasil/OU=AC DIGITAL MAIS/CN=AC DIGITAL MULTIPLA G1
==== Issuer Serial: 9943098ECA966BE0
== SignedInfo References List:
=== list size: 1
= REFERENCE CALCULATION CONTEXT
== Status: unknown
== URI: "#rps1"
== Reference Transform Ctx:
== TRANSFORMS CTX (status=1)
== flags: 0x00000000
== flags2: 0x00000000
== enabled transforms: all
=== uri:
=== uri xpointer expr: #rps1
=== Transform: xpointer (href=http://www.w3.org/2001/04/xmldsig-more/xptr)
=== Transform: enveloped-signature (href=http://www.w3.org/2000/09/xmldsig#enveloped-signature)
=== Transform: c14n (href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315)
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
=== Transform: base64 (href=http://www.w3.org/2000/09/xmldsig#base64)
=== Transform: membuf-transform (href=NULL)
== Digest Method:
=== Transform: sha1 (href=http://www.w3.org/2000/09/xmldsig#sha1)
== Manifest References List:
=== list size: 0
orig.txt
Beta Was this translation helpful? Give feedback.
All reactions