Validator does not work behind a proxy

[hassanNS]

I cannot figure out the root of this problem (it is most likely in some library that the Validator.java class imports), but the xsd-schema-validator does not work in an environment with no internet connection. This is in collaboration with Samlify. The command

var validator = spawn(JAVA, [
      '-Dfile.encoding=UTF-8',
      '-classpath',
      [ BASE_DIR, cwd ].join(CLASSPATH_SEPARATOR),
      'support.XMLValidator',
      input.file ? '-file=' + xml.file : '-stdin',
      '-schema=' + schema
    ], { cwd: cwd });

is the one that is failing.

If I hard code my proxies into this command, then it works. Is it possible to rewrite this and do validation with xmllint? Or simply to figure out why this is happening?

[nikku]

How exactly do you hardcode your proxies?

[nikku]

Is it possible to rewrite this and do validation with xmllint?

Unfortunately xmllint is/was very limited in terms of feature set at the time of writing this library. This is why we use Java under the hood which ships with solid XML validation that works against complex XML schemes, too.

[hassanNS]

How exactly do you hardcode your proxies?

var validator = spawn(JAVA, [
      '-Dfile.encoding=UTF-8',
      '-Dhttp.proxyHost=proxy.inbcu.com',
      '-Dhttps.proxyHost=proxy.inbcu.com',
      '-classpath',
      [ BASE_DIR, cwd ].join(CLASSPATH_SEPARATOR),
      'support.XMLValidator',
      input.file ? '-file=' + xml.file : '-stdin',
      '-schema=' + schema
    ], { cwd: cwd });

like this. But we're deploying in an environment that has no proxy access whatsoever, and unfortunately xsd is erroring out

[hassanNS]

Is there somewhere in the java code or any of the libraries you import that is making an http request? Internet connectivity isn't a requirement if all the schemas I am validating against are available locally right? The error I get when there is no internet connectivity is ds:Signature not found (I am validating a saml response for sso), and I'm using the samlify library which uses xsd for validation. Thanks for the quick reply btw

[nikku]

How does the XML you're validating look like? How does the schema look like? Based on what you describe the error should be easily reproducible on a local machine with internet access switched of.

[hassanNS]

Here is the xml it is trying to validate https://gist.github.com/hassanNS/c5a093b16f719ffa7b6bf4b0c76c9400

Here is the schema it is using https://gist.github.com/hassanNS/bc776dbfcbea87513e92fb37ad51e8a5

Here is the full command that is failing

java -Dfile.encoding=UTF-8  -classpath /root/angular_project/Hub-MAC-Dashboard/server/node_modules/xsd-schema-validator:/root/angular_project/Hub-MAC-Dashboard/server/node_modules/samlify/build/schemas support.XMLValidator -schema=/root/angular_project/Hub-MAC-Dashboard/server/node_modules/samlify/build/schemas/saml-schema-protocol-2.0.xsd -stdin < res.xml

[nikku]

How do the contents of the linked files look like:

    <import namespace="urn:oasis:names:tc:SAML:2.0:assertion"
        schemaLocation="saml-schema-assertion-2.0.xsd"/>
    <import namespace="http://www.w3.org/2000/09/xmldsig#"
        schemaLocation="xmldsig-core-schema.xsd"/>

[hassanNS]

Is it because the namespace is a url? I changed the namespaces to be files and it still didn't work. The schemas are all located locally.

[hassanNS]

As you can see here in the samlify schemas folder https://github.com/tngan/samlify

[nikku]

Could you provide me with a repository that I can checkout and npm start to reproduce the issue without an internet connection?

[hassanNS]

Hmm ... I'm not sure if I can. Are you not able to reproduce it on your end w/ the given schema file? The way I tested this that I copied the schemas folder from samlify, and then ran the java command from within that folder (because it contains all the locally referenced schemas). I'm 90% sure the issue w/ the Validator.java file

[hassanNS]

looks like samlify fixed it!