You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Clement Pellerin (Commented) (JIRA)" <ji...@apache.org> on 2012/04/03 18:44:23 UTC

[jira] [Commented] (SANTUARIO-308) Canonicalizer error when encrypting multiple elements

    [ https://issues.apache.org/jira/browse/SANTUARIO-308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13245478#comment-13245478 ] 

Clement Pellerin commented on SANTUARIO-308:
--------------------------------------------

A patch that fixes this problem was uploaded in SANTUARIO-309. Notice this will only fix the default canonicalizer. The bug will still be exercised if the user explicitly selects the old canonicalizer on the XMLCipher constructor. This is a minor bug problably not worth fixing because of all the other problems with standard canonicalization algorithms when used as the serialization for XML Encryption.
                
> Canonicalizer error when encrypting multiple elements
> -----------------------------------------------------
>
>                 Key: SANTUARIO-308
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-308
>             Project: Santuario
>          Issue Type: Bug
>          Components: Java
>    Affects Versions: Java 1.4.5, Java 1.5.1
>            Reporter: Clement Pellerin
>            Assignee: Colm O hEigeartaigh
>         Attachments: TestExtraXmlns.java
>
>
> When we are encrypting multiple elements like this:
> for (int i = 0; i < elems.length; i++) {
>   cipher.doFinal(doc, elems[i])
> }
> We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
> The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
> The input document:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
> becomes:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
> The XML Encryption spec says the encrypted subtree must be serialized following the rules of the XML 1.0 spec and the characters converted to bytes in UTF-8. The XML Encryption spec does not mandate a specific canonicalization. In fact, it warns in section 4.3.3 that Inclusive XML and Exclusive XML both have problems. (See SANTUARIO-309). Here the first Element encrypted is <elem>22</elem>, but I would not conclude it is serialized better than the subsequent elements.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira