drzk21632 2019-05-13 08:31
浏览 227
已采纳

使用xmldsig(RobRichards \ XMLSecLibs)签名的XML文件,但XSD验证失败


I installed the RobRichards\XMLSecLibs PHP library to sign my XML files. These files have to be generated according to a XSD file we have

...
<xs:element name="Lote">
    <xs:complexType>
      <xs:sequence>
        <xs:element name="Cabecera" type="LoteCabecera"/>
        <xs:element name="Registro" type="RegistroCJD" minOccurs="0" maxOccurs="unbounded"/>
        <xs:any namespace="http://www.w3.org/2000/09/xmldsig#" minOccurs="0"/>
      </xs:sequence>
    </xs:complexType>
  </xs:element>
...

so, in my PHP code I wrote this:

// Create a new Security object
$objDSig = new XMLSecurityDSig();
// Use the c14n exclusive canonicalization
$objDSig->setCanonicalMethod(XMLSecurityDSig::EXC_C14N);
// Sign using SHA-256
$objDSig->addReference(
    $doc,
    XMLSecurityDSig::SHA256,
    array('http://www.w3.org/2000/09/xmldsig#enveloped-signature')
    );

// Create a new (private) Security key
$objKey = new XMLSecurityKey(XMLSecurityKey::RSA_SHA256, array('type'=>'private'));
/*
 If key has a passphrase, set it using
 $objKey->passphrase = '<passphrase>';
 */
// Load the private key
$objKey->loadKey($key_path, TRUE);

// Sign the XML file
$objDSig->sign($objKey);

// Add the associated public key to the signature
$objDSig->add509Cert(file_get_contents($certificate_path));

// Append the signature to the XML
$objDSig->appendSignature($doc->documentElement);

and the resulting XML file is:

<?xml version="1.0" encoding="UTF-8"?>
<ns1:Lote xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:ns1="http://coljuegos.gov.co/Online/data/v1.0" xsi:schemaLocation="http://coljuegos.gov.co/Online/data/v1.0 copia_lavoro.xsd">
    <ns1:Cabecera>
    </ns1:Cabecera>
    <ns1:Registro>
    </ns1:Registro>
    <ns1:Registro>
    </ns1:Registro>
    ...
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
        <ds:SignedInfo>
            <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
            <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
            <ds:Reference>
                <ds:Transforms>
                    <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
                    <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
                </ds:Transforms>
                <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
                <ds:DigestValue>+LkHWYVOxJ48k/2TPizuFoHINBc=</ds:DigestValue>
            </ds:Reference>
        </ds:SignedInfo>
        <ds:SignatureValue>C/2buRFmei...66OpXg==</ds:SignatureValue>
        <ds:KeyInfo>
            <ds:X509Data>
                <ds:X509Certificate>MIID9TCCAt2...gR0Nf1</ds:X509Certificate>
            </ds:X509Data>
        </ds:KeyInfo>
    </ds:Signature>
</ns1:Lote>

and when I try to validate this file I get the following error:

XML error "Element '{http://www.w3.org/2000/09/xmldsig#}Signature': No matching global element declaration available, but demanded by the strict wildcard." [2] (Code 1845)

How can I fix this? Is there something I can change in my code to make this XML valid? Because, since I received this XSD from an external authority, it should be untouchable

  • 写回答

1条回答 默认 最新

  • dongwo8827523 2019-05-16 14:35
    关注

    I found the solution on another question: XSD Signature issue

    Basically, my validator are not able to reach the remote XSD so the only way I have to solve this is to download a copy of that XSD file and modify the XSD file in order to look for the schema definition in a local directory, instead of look for it online.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论

报告相同问题?

悬赏问题

  • ¥15 请问各位,如何在Jetson nano主控板的Ubuntu系统中安装PyQt5
  • ¥15 MAC安装佳能LBP2900驱动的网盘提取码
  • ¥400 微信停车小程序谁懂的来
  • ¥15 ATAC测序到底用什么peak文件做Diffbind差异分析
  • ¥15 安装ubantu过程中第一个vfat 文件挂载失败
  • ¥20 GZ::CTF如何兼容一些靶机?
  • ¥15 etcd集群部署问题
  • ¥20 谁可以帮我一下问一下各位
  • ¥15 为何重叠加权后love图的SMD与svyCreateTableOne函数绘制基线表的不一致
  • ¥150 求 《小魔指》街机游戏机整合模拟软件