You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Skip Walker <sk...@skipwalker.com> on 2005/03/29 23:47:48 UTC
Java XML C14n interop with .Net
I'm relatively new to most of this stuff.
Does anyone have any experience with the Java XML Security package and .Net C# interopability?
I'm trying to get xml, canonicalized using the XML Security package in Java, to be canonicalized in the same way the .Net XmlDsigC14NWithCommentsTransform canonicalizes XML, or vice versa. I need to do this for some custom signature stuff I need to do on the xml.
I can't seem to get the canonicalized xml to match up. There appear to be issues with the namespaces.
With an example message of
<soap:Envelope
xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
xmlns:xsd='http://www.w3.org/2001/XMLSchema'
xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'
xmlns:soapenc='http://schemas.xmlsoap.org/soap/encoding/'
soap:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/'>
<soap:Body>
<n:getRate xmlns:n='urn:xmethods-CurrencyExchange'>
<country1 xsi:type='xsd:string'>usa</country1>
<country2 xsi:type='xsd:string'>japan</country2>
</n:getRate>
</soap:Body>
<!-- test comment -->
<testElement c='3' b='2' a='1'>
test crapola
</testElement>
</soap:Envelope>
I'm using the Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS in java to produce
<soap:Envelope soap="http://schemas.xmlsoap.org/soap/envelope/" soapenc="http://schemas.xmlsoap.org/soap/encoding/" xsd="http://www.w3.org/2001/XMLSchema" xsi="http://www.w3.org/2001/XMLSchema-instance" http://schemas.xmlsoap.org/soap/envelope/:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><n:getRate n="urn:xmethods-CurrencyExchange"><country1 http://www.w3.org/2001/XMLSchema-instance:type="xsd:string">usa</country1><country2 http://www.w3.org/2001/XMLSchema-instance:type="xsd:string">japan</country2></n:getRate></soap:Body><!-- test comment --><testElement a="1" b="2" c="3">
test crapola
</testElement></soap:Envelope>
But using the XmlDsigC14NWithCommentsTransform in .Net C# to produce
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><n:getRate xmlns:n="urn:xmethods-CurrencyExchange"><country1 xsi:type="xsd:string">usa</country1><country2 xsi:type="xsd:string">japan</country2></n:getRate></soap:Body><!-- test comment --><testElement a="1" b="2" c="3">
test crapola
</testElement></soap:Envelope>
If anyone can help, I would appreciate it.
Thanks,
Skip
RE: Java XML C14n interop with .Net
Posted by Scott Cantor <ca...@osu.edu>.
> It was my understanding that if I could start with an XML file or String,
> use one of the xml parsers to load the file into a Document, and then
> produce a canonical version of the xml String using an algorithm implement
> in the Apache XML Security package. I also assumed that I could load,
> using C# .NET, the same original XML file, run the same
> canonicalization algorithm as was used in the XML Security package in C#
> (specifically the XmlDsigC14NWithCommentsTransform) and produce the same
> canonical xml String as the Apache Java package produced.
In the abstract, yes. But if there's a step happening during the parse that
causes the DOM to end up slightly different in a significant way, the input
to the c14n will not be the same. Whitespace is the most common example
because c14n does not do anything special to remove or normalize it beyond
the rules that all XML parsers follow, but some parsers (especially
validating ones) can collapse or change it in special ways.
> I think what you're saying is that this isn't guaranteed to work if my
> parsers are by default collapsing whitespace or doing other data
> normalization.
Usually collapse isn't the default or even that common, but if your input
XML has whitespace, and the c14n isn't outputting that whitespace, that's a
sign of a problem somewhere, I'd say. Start by leaving out all whitespace
(you're going to have to anyway, leaving it in is just asking to have verify
problems), and see what happens. Then you can explore why it's causing a
problem.
> Should this work if all of the DOMs are set to do no data
> normalization etc?
Normalization commonly happens because of the collapse-ws setting, or
because you're schema validating. Validation can usually happen without data
normalization, but by default they go together.
Apart from that, I don't know.
> Also, what are these 
 that appear in both the Glue and C#
> canonicalization output?
I didn't notice that. I don't know of anything in the process that produces
line feed entities.
-- Scott
RE: Java XML C14n interop with .Net
Posted by Skip Walker <sk...@skipwalker.com>.
Okay, I'm not sure I fully understood, and please excuse my ignorance on a
lot of these matters.
It was my understanding that if I could start with an XML file or String,
use one of the xml parsers to load the file into a Document, and then
produce a canonical version of the xml String using an algorithm implement
in the Apache XML Security package. I also assumed that I could load, using
C# .NET, the same original XML file, run the same canonicalization algorithm
as was used in the XML Security package in C# (specifically the
XmlDsigC14NWithCommentsTransform) and produce the same canonical xml String
as the Apache Java package produced.
I was able to accomplish this using the basic Glue 5.0.2/ElectricXML parser
and the XmlDocument object in C#.
I think what you're saying is that this isn't guaranteed to work if my
parsers are by default collapsing whitespace or doing other data
normalization.
Should this work if all of the DOMs are set to do no data normalization etc?
Also, what are these 
 that appear in both the Glue and C#
canonicalization output?
Also, so I don't have to ask to many dumb questions, is there one resource
that can help me get a handle on these issues.
Thanks,
Skip
Skip Walker
skip@gossamer-group.com
Gossamer Group
Bldg #2, Suite 410
4807 Spicewood Springs Rd.
Austin, TX 78759
(512) 342-2600 Fax (512) 342-2612
-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu]
Sent: Wednesday, March 30, 2005 12:34 PM
To: security-dev@xml.apache.org; skipwork@skipwalker.com
Subject: RE: Java XML C14n interop with .Net
> The canonicalizer produces output that is nothing like the canonicalized
> form produced by .NET and the Glue input based canonicalization:
They look pretty much the same except for whitespace, but whitespace is
significant. If the XML contains whitespace, c14n doesn't remove it. My
guess is the DOM created by the parsers is different in each case. Different
DOMs mean different c14n octet streams.
You can't set your parser to collapse whitespace, normalize data, etc. if
you want to sign things.
It's common to fool yourself into thinking you can if the parser is the
same, because you're talking to yourself, but once you cross languages, you
can't rely on that and you have to follow the XML rules.
-- Scott
Re: Java XML C14n interop with .Net
Posted by Raul Benito <ra...@gmail.com>.
This is something I've never worried about. But I think you can edit
your XML files with an editor that let you select how to encode end of
line if just \n like unix does or \n\r like windows does. I'm also
sure you can investigate how java handles the CR/LF headache. But
above this I cannot help you more. If you happen to find a solution,
can you post to the list for further generations ;)/
Regards
On Apr 1, 2005 6:34 PM, Skip Walker <sk...@skipwalker.com> wrote:
> Raul, thanks for the second pair of eyes. I figured there was something
> stupid causing the problem.
>
> The bug with the namespace aware issue resolved. I still have the issue
> with the 
 entities. The C# canonicalizer adds these apparently on any
> document that contains some sort of line feed. Is there any more thoughts
> on these line feed things.
>
> Thanks,
> Skip
>
> Skip Walker
> skip@gossamer-group.com
> Gossamer Group
> Bldg #2, Suite 410
> 4807 Spicewood Springs Rd.
> Austin, TX 78759
> (512) 342-2600 Fax (512) 342-2612
>
> -----Original Message-----
> From: Raul Benito [mailto:raul.benito.garcia@gmail.com]
> Sent: Thursday, March 31, 2005 11:09 PM
> To: security-dev@xml.apache.org; skipwork@skipwalker.com
> Subject: Re: Java XML C14n interop with .Net
>
> Ok,
>
> You have a bug in your code. You are using a parser non namespaceaware,
> you have this:
> DocumentBuilderFactory factory =
> DocumentBuilderFactory.newInstance();
> factory.setValidating(false);
> factory.setNamespaceAware(true);
>
> DocumentBuilder builder = factory.newInstance().
> newDocumentBuilder();
> Take a look of the last line you are obtaining a new factory that by
> default is not name space aware, please write this and everything
> should work:
> DocumentBuilder builder = factory.newDocumentBuilder();
> Regards,
>
> On Mar 31, 2005 11:45 PM, Skip Walker <sk...@skipwalker.com> wrote:
> > Outputting the dom via the serializer before running the canonicalizer,
> and
> > comparing it with the output after the canonicalizer, it appears that the
> > canonicalizer is having no effect. See below.
> >
> > I'm attaching my test class and test files. Would someone please check if
> > they have similar results, or check to see if I'm making some stupid
> > mistake.
> >
> > The class needs glue 5.0.2 to run the glue test, or at least the
> ElectricXML
> > bundled with it, but one can comment that section out easily, and just run
> > the JAXP test.
> >
> > _______
> >
> > Serializing Doc before Canonicalization:
> >
> > <?xml version="1.0"?>
> > <soap:Envelope
> > soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> > <soap:Body>
> > <n:getRate xmlns:n="urn:xmethods-CurrencyExchange">
> > <country1 xsi:type="xsd:string">usa</country1>
> > <country2 xsi:type="xsd:string">japan</country2>
> > </n:getRate>
> > </soap:Body>
> >
> > <!-- test comment -->
> > <testElement a="1" b="2" c="3">
> > test crapola
> > </testElement>
> > </soap:Envelope>
> >
> > Canonicalized XML written to file: c14n-jaxp.xml
> >
> > <soap:Envelope
> > soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
> > xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> > xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> > xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> > <soap:Body>
> > <n:getRate xmlns:n="urn:xmethods-CurrencyExchange">
> > <country1 xsi:type="xsd:string">usa</country1>
> > <country2 xsi:type="xsd:string">japan</country2>
> > </n:getRate>
> > </soap:Body>
> >
> > <!-- test comment -->
> > <testElement a="1" b="2" c="3">
> > test crapola
> > </testElement>
> > </soap:Envelope>
> >
> > ________
> >
> > Skip Walker
> > skip@gossamer-group.com
> > Gossamer Group
> > Bldg #2, Suite 410
> > 4807 Spicewood Springs Rd.
> > Austin, TX 78759
> > (512) 342-2600 Fax (512) 342-2612
> >
> > -----Original Message-----
> > From: Raul Benito [mailto:raul.benito.garcia@gmail.com]
> > Sent: Thursday, March 31, 2005 2:04 PM
> > To: security-dev@xml.apache.org
> > Subject: Re: Java XML C14n interop with .Net
> >
> > I'll think you are still having problems with your dom, but it is
> > really weird as if your program is really what you have shown it
> > should work, correctly. Anyway can you tell me what's the output of
> > the following lines in your example:
> > XMLSerializer ser=new XMLSerializer();
> > ser.setOutputByteStream(System.out);
> > ser.serialize(doc);
> > Regards,
> >
> > Raul
> >
> > On Thu, 31 Mar 2005 14:45:32 -0500, Scott Cantor <ca...@osu.edu> wrote:
> > > > For some reason, in my little test case, the canonicalizer renders a
> > > > different result with the DOM from the JAXP api then from the Glue
> api.
> > > > Apparently, the result from the JAXP DOM, produces something wrong, as
> > far
> > > > as the soap:encodingStyle attribute goes.
> > >
> > > I guess a first sanity check would be to compare the DOMs in a piecemeal
> > > fashion. Literally spit out a property-based display for every single
> node
> > > in the tree with the node type, name, NS, and hex value.
> > >
> > > If those match, well, hmm. If not, at least that explains something.
> > >
> > > But the thing I don't get is that your JAXP DOM c14n output just doesn't
> > > seem to be canonical, at least not unless the DOMs are really different.
> > >
> > > -- Scott
> > >
> > >
> >
> > --
> > http://r-bg.com
> >
> >
> >
>
> --
> http://r-bg.com
>
>
--
http://r-bg.com
RE: Java XML C14n interop with .Net
Posted by Skip Walker <sk...@skipwalker.com>.
Raul, thanks for the second pair of eyes. I figured there was something
stupid causing the problem.
The bug with the namespace aware issue resolved. I still have the issue
with the 
 entities. The C# canonicalizer adds these apparently on any
document that contains some sort of line feed. Is there any more thoughts
on these line feed things.
Thanks,
Skip
Skip Walker
skip@gossamer-group.com
Gossamer Group
Bldg #2, Suite 410
4807 Spicewood Springs Rd.
Austin, TX 78759
(512) 342-2600 Fax (512) 342-2612
-----Original Message-----
From: Raul Benito [mailto:raul.benito.garcia@gmail.com]
Sent: Thursday, March 31, 2005 11:09 PM
To: security-dev@xml.apache.org; skipwork@skipwalker.com
Subject: Re: Java XML C14n interop with .Net
Ok,
You have a bug in your code. You are using a parser non namespaceaware,
you have this:
DocumentBuilderFactory factory =
DocumentBuilderFactory.newInstance();
factory.setValidating(false);
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newInstance().
newDocumentBuilder();
Take a look of the last line you are obtaining a new factory that by
default is not name space aware, please write this and everything
should work:
DocumentBuilder builder = factory.newDocumentBuilder();
Regards,
On Mar 31, 2005 11:45 PM, Skip Walker <sk...@skipwalker.com> wrote:
> Outputting the dom via the serializer before running the canonicalizer,
and
> comparing it with the output after the canonicalizer, it appears that the
> canonicalizer is having no effect. See below.
>
> I'm attaching my test class and test files. Would someone please check if
> they have similar results, or check to see if I'm making some stupid
> mistake.
>
> The class needs glue 5.0.2 to run the glue test, or at least the
ElectricXML
> bundled with it, but one can comment that section out easily, and just run
> the JAXP test.
>
> _______
>
> Serializing Doc before Canonicalization:
>
> <?xml version="1.0"?>
> <soap:Envelope
> soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soap:Body>
> <n:getRate xmlns:n="urn:xmethods-CurrencyExchange">
> <country1 xsi:type="xsd:string">usa</country1>
> <country2 xsi:type="xsd:string">japan</country2>
> </n:getRate>
> </soap:Body>
>
> <!-- test comment -->
> <testElement a="1" b="2" c="3">
> test crapola
> </testElement>
> </soap:Envelope>
>
> Canonicalized XML written to file: c14n-jaxp.xml
>
> <soap:Envelope
> soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soap:Body>
> <n:getRate xmlns:n="urn:xmethods-CurrencyExchange">
> <country1 xsi:type="xsd:string">usa</country1>
> <country2 xsi:type="xsd:string">japan</country2>
> </n:getRate>
> </soap:Body>
>
> <!-- test comment -->
> <testElement a="1" b="2" c="3">
> test crapola
> </testElement>
> </soap:Envelope>
>
> ________
>
> Skip Walker
> skip@gossamer-group.com
> Gossamer Group
> Bldg #2, Suite 410
> 4807 Spicewood Springs Rd.
> Austin, TX 78759
> (512) 342-2600 Fax (512) 342-2612
>
> -----Original Message-----
> From: Raul Benito [mailto:raul.benito.garcia@gmail.com]
> Sent: Thursday, March 31, 2005 2:04 PM
> To: security-dev@xml.apache.org
> Subject: Re: Java XML C14n interop with .Net
>
> I'll think you are still having problems with your dom, but it is
> really weird as if your program is really what you have shown it
> should work, correctly. Anyway can you tell me what's the output of
> the following lines in your example:
> XMLSerializer ser=new XMLSerializer();
> ser.setOutputByteStream(System.out);
> ser.serialize(doc);
> Regards,
>
> Raul
>
> On Thu, 31 Mar 2005 14:45:32 -0500, Scott Cantor <ca...@osu.edu> wrote:
> > > For some reason, in my little test case, the canonicalizer renders a
> > > different result with the DOM from the JAXP api then from the Glue
api.
> > > Apparently, the result from the JAXP DOM, produces something wrong, as
> far
> > > as the soap:encodingStyle attribute goes.
> >
> > I guess a first sanity check would be to compare the DOMs in a piecemeal
> > fashion. Literally spit out a property-based display for every single
node
> > in the tree with the node type, name, NS, and hex value.
> >
> > If those match, well, hmm. If not, at least that explains something.
> >
> > But the thing I don't get is that your JAXP DOM c14n output just doesn't
> > seem to be canonical, at least not unless the DOMs are really different.
> >
> > -- Scott
> >
> >
>
> --
> http://r-bg.com
>
>
>
--
http://r-bg.com
Re: Java XML C14n interop with .Net
Posted by Raul Benito <ra...@gmail.com>.
Ok,
You have a bug in your code. You are using a parser non namespaceaware,
you have this:
DocumentBuilderFactory factory =
DocumentBuilderFactory.newInstance();
factory.setValidating(false);
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newInstance().
newDocumentBuilder();
Take a look of the last line you are obtaining a new factory that by
default is not name space aware, please write this and everything
should work:
DocumentBuilder builder = factory.newDocumentBuilder();
Regards,
On Mar 31, 2005 11:45 PM, Skip Walker <sk...@skipwalker.com> wrote:
> Outputting the dom via the serializer before running the canonicalizer, and
> comparing it with the output after the canonicalizer, it appears that the
> canonicalizer is having no effect. See below.
>
> I'm attaching my test class and test files. Would someone please check if
> they have similar results, or check to see if I'm making some stupid
> mistake.
>
> The class needs glue 5.0.2 to run the glue test, or at least the ElectricXML
> bundled with it, but one can comment that section out easily, and just run
> the JAXP test.
>
> _______
>
> Serializing Doc before Canonicalization:
>
> <?xml version="1.0"?>
> <soap:Envelope
> soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soap:Body>
> <n:getRate xmlns:n="urn:xmethods-CurrencyExchange">
> <country1 xsi:type="xsd:string">usa</country1>
> <country2 xsi:type="xsd:string">japan</country2>
> </n:getRate>
> </soap:Body>
>
> <!-- test comment -->
> <testElement a="1" b="2" c="3">
> test crapola
> </testElement>
> </soap:Envelope>
>
> Canonicalized XML written to file: c14n-jaxp.xml
>
> <soap:Envelope
> soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <soap:Body>
> <n:getRate xmlns:n="urn:xmethods-CurrencyExchange">
> <country1 xsi:type="xsd:string">usa</country1>
> <country2 xsi:type="xsd:string">japan</country2>
> </n:getRate>
> </soap:Body>
>
> <!-- test comment -->
> <testElement a="1" b="2" c="3">
> test crapola
> </testElement>
> </soap:Envelope>
>
> ________
>
> Skip Walker
> skip@gossamer-group.com
> Gossamer Group
> Bldg #2, Suite 410
> 4807 Spicewood Springs Rd.
> Austin, TX 78759
> (512) 342-2600 Fax (512) 342-2612
>
> -----Original Message-----
> From: Raul Benito [mailto:raul.benito.garcia@gmail.com]
> Sent: Thursday, March 31, 2005 2:04 PM
> To: security-dev@xml.apache.org
> Subject: Re: Java XML C14n interop with .Net
>
> I'll think you are still having problems with your dom, but it is
> really weird as if your program is really what you have shown it
> should work, correctly. Anyway can you tell me what's the output of
> the following lines in your example:
> XMLSerializer ser=new XMLSerializer();
> ser.setOutputByteStream(System.out);
> ser.serialize(doc);
> Regards,
>
> Raul
>
> On Thu, 31 Mar 2005 14:45:32 -0500, Scott Cantor <ca...@osu.edu> wrote:
> > > For some reason, in my little test case, the canonicalizer renders a
> > > different result with the DOM from the JAXP api then from the Glue api.
> > > Apparently, the result from the JAXP DOM, produces something wrong, as
> far
> > > as the soap:encodingStyle attribute goes.
> >
> > I guess a first sanity check would be to compare the DOMs in a piecemeal
> > fashion. Literally spit out a property-based display for every single node
> > in the tree with the node type, name, NS, and hex value.
> >
> > If those match, well, hmm. If not, at least that explains something.
> >
> > But the thing I don't get is that your JAXP DOM c14n output just doesn't
> > seem to be canonical, at least not unless the DOMs are really different.
> >
> > -- Scott
> >
> >
>
> --
> http://r-bg.com
>
>
>
--
http://r-bg.com
RE: Java XML C14n interop with .Net
Posted by Skip Walker <sk...@skipwalker.com>.
Outputting the dom via the serializer before running the canonicalizer, and
comparing it with the output after the canonicalizer, it appears that the
canonicalizer is having no effect. See below.
I'm attaching my test class and test files. Would someone please check if
they have similar results, or check to see if I'm making some stupid
mistake.
The class needs glue 5.0.2 to run the glue test, or at least the ElectricXML
bundled with it, but one can comment that section out easily, and just run
the JAXP test.
_______
Serializing Doc before Canonicalization:
<?xml version="1.0"?>
<soap:Envelope
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Body>
<n:getRate xmlns:n="urn:xmethods-CurrencyExchange">
<country1 xsi:type="xsd:string">usa</country1>
<country2 xsi:type="xsd:string">japan</country2>
</n:getRate>
</soap:Body>
<!-- test comment -->
<testElement a="1" b="2" c="3">
test crapola
</testElement>
</soap:Envelope>
Canonicalized XML written to file: c14n-jaxp.xml
<soap:Envelope
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<soap:Body>
<n:getRate xmlns:n="urn:xmethods-CurrencyExchange">
<country1 xsi:type="xsd:string">usa</country1>
<country2 xsi:type="xsd:string">japan</country2>
</n:getRate>
</soap:Body>
<!-- test comment -->
<testElement a="1" b="2" c="3">
test crapola
</testElement>
</soap:Envelope>
________
Skip Walker
skip@gossamer-group.com
Gossamer Group
Bldg #2, Suite 410
4807 Spicewood Springs Rd.
Austin, TX 78759
(512) 342-2600 Fax (512) 342-2612
-----Original Message-----
From: Raul Benito [mailto:raul.benito.garcia@gmail.com]
Sent: Thursday, March 31, 2005 2:04 PM
To: security-dev@xml.apache.org
Subject: Re: Java XML C14n interop with .Net
I'll think you are still having problems with your dom, but it is
really weird as if your program is really what you have shown it
should work, correctly. Anyway can you tell me what's the output of
the following lines in your example:
XMLSerializer ser=new XMLSerializer();
ser.setOutputByteStream(System.out);
ser.serialize(doc);
Regards,
Raul
On Thu, 31 Mar 2005 14:45:32 -0500, Scott Cantor <ca...@osu.edu> wrote:
> > For some reason, in my little test case, the canonicalizer renders a
> > different result with the DOM from the JAXP api then from the Glue api.
> > Apparently, the result from the JAXP DOM, produces something wrong, as
far
> > as the soap:encodingStyle attribute goes.
>
> I guess a first sanity check would be to compare the DOMs in a piecemeal
> fashion. Literally spit out a property-based display for every single node
> in the tree with the node type, name, NS, and hex value.
>
> If those match, well, hmm. If not, at least that explains something.
>
> But the thing I don't get is that your JAXP DOM c14n output just doesn't
> seem to be canonical, at least not unless the DOMs are really different.
>
> -- Scott
>
>
--
http://r-bg.com
Re: Java XML C14n interop with .Net
Posted by Raul Benito <ra...@gmail.com>.
I'll think you are still having problems with your dom, but it is
really weird as if your program is really what you have shown it
should work, correctly. Anyway can you tell me what's the output of
the following lines in your example:
XMLSerializer ser=new XMLSerializer();
ser.setOutputByteStream(System.out);
ser.serialize(doc);
Regards,
Raul
On Thu, 31 Mar 2005 14:45:32 -0500, Scott Cantor <ca...@osu.edu> wrote:
> > For some reason, in my little test case, the canonicalizer renders a
> > different result with the DOM from the JAXP api then from the Glue api.
> > Apparently, the result from the JAXP DOM, produces something wrong, as far
> > as the soap:encodingStyle attribute goes.
>
> I guess a first sanity check would be to compare the DOMs in a piecemeal
> fashion. Literally spit out a property-based display for every single node
> in the tree with the node type, name, NS, and hex value.
>
> If those match, well, hmm. If not, at least that explains something.
>
> But the thing I don't get is that your JAXP DOM c14n output just doesn't
> seem to be canonical, at least not unless the DOMs are really different.
>
> -- Scott
>
>
--
http://r-bg.com
RE: Java XML C14n interop with .Net
Posted by Scott Cantor <ca...@osu.edu>.
> For some reason, in my little test case, the canonicalizer renders a
> different result with the DOM from the JAXP api then from the Glue api.
> Apparently, the result from the JAXP DOM, produces something wrong, as far
> as the soap:encodingStyle attribute goes.
I guess a first sanity check would be to compare the DOMs in a piecemeal
fashion. Literally spit out a property-based display for every single node
in the tree with the node type, name, NS, and hex value.
If those match, well, hmm. If not, at least that explains something.
But the thing I don't get is that your JAXP DOM c14n output just doesn't
seem to be canonical, at least not unless the DOMs are really different.
-- Scott
RE: Java XML C14n interop with .Net
Posted by Skip Walker <sk...@skipwalker.com>.
Okay, my apologies for the confusion. I know the canonicalization is not
done by the XML parser. In my tests for both the Glue case, and what I was
calling the javax.xml, I'm simply parsing my test file using the particular
API to create the DOM, and then using the apache java xml security api to
perform the canonicalization.
So, in the glue case, I perform the following:
electric.xml.Document doc = new electric.xml.Document(file);
Canonicalizer c14n =
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
byte[] bytes = c14n.canonicalizeSubtree(doc.getRoot());
// ... write bytes to file
The output from this code matches in all my tests the output from the C#
canonicalizer (with PreserveWhitespace set to false). This is the output
that includes the 
For the JAXP api, I do the following
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
factory.setValidating(false);
factory.setNamespaceAware(true);
DocumentBuilder builder = factory.newInstance().
newDocumentBuilder();
Document doc = builder.parse(file);
Canonicalizer c14n =
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
byte[] bytes = c14n.canonicalizeSubtree(doc);
// ... write bytes to file
The result of this code is a file with the whitespace preserved, no 
entities, and the soap:encodingStyle attribute comes first in the
soap:Envelope element.
For some reason, in my little test case, the canonicalizer renders a
different result with the DOM from the JAXP api then from the Glue api.
Apparently, the result from the JAXP DOM, produces something wrong, as far
as the soap:encodingStyle attribute goes.
What I meant by library (again I wasn't very clear) was in regards to the
libraries I'm using in my test. I just downloaded the latest Xerces 2.6.2,
and put that first in the classpath to see if that might somehow be an
issue. This didn't resolve the issue. There may be something else to this
idea though.
Skip Walker
skip@gossamer-group.com
Gossamer Group
Bldg #2, Suite 410
4807 Spicewood Springs Rd.
Austin, TX 78759
(512) 342-2600 Fax (512) 342-2612
-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu]
Sent: Thursday, March 31, 2005 11:19 AM
To: security-dev@xml.apache.org; skipwork@skipwalker.com
Subject: RE: Java XML C14n interop with .Net
> Using my test xml file, both Glue and .NET C# both produce all of these
> 
 elements, while the javax.xml apis produce no 
 entities.
Hmm. Reading the spec, it does say that text nodes get changed such that
"all #xD characters are replaced by 
". So, heh, you're right. Guess I
never noticed, SAML doesn't generally contain linefeeds.
But when you say javax.xml, what do you mean? That API doesn't do c14n, it's
the xmlsec code that does that. Or do you just mean you parsed the document
with JAXP? That should be ok, but I'd have to guess that the difference must
be in that step. A whitespace collapse setting is the only thing that makes
any sense to me.
> The Glue and .NET C# begin
>
> <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" ...
>
> But the javax.xml begins differently
>
> <soap:Envelope
> soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
Again, this isn't javax.xml, that doesn't have any influence on the c14n
step except for maybe building the input DOM. But, the spec says that
namespace declarations come before other attributes. So the latter would be
wrong.
> So the whitespace issue isn't my only problem. Could this be
> a library issue?
Well, I'm not sure you're canonicalizing here in the Java case. I know they
have interop tests and so forth, so the c14n code isn't *that* broken.
-- Scott
RE: Java XML C14n interop with .Net
Posted by Scott Cantor <ca...@osu.edu>.
> Using my test xml file, both Glue and .NET C# both produce all of these
> 
 elements, while the javax.xml apis produce no 
 entities.
Hmm. Reading the spec, it does say that text nodes get changed such that
"all #xD characters are replaced by 
". So, heh, you're right. Guess I
never noticed, SAML doesn't generally contain linefeeds.
But when you say javax.xml, what do you mean? That API doesn't do c14n, it's
the xmlsec code that does that. Or do you just mean you parsed the document
with JAXP? That should be ok, but I'd have to guess that the difference must
be in that step. A whitespace collapse setting is the only thing that makes
any sense to me.
> The Glue and .NET C# begin
>
> <soap:Envelope
> xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" ...
>
> But the javax.xml begins differently
>
> <soap:Envelope
> soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
Again, this isn't javax.xml, that doesn't have any influence on the c14n
step except for maybe building the input DOM. But, the spec says that
namespace declarations come before other attributes. So the latter would be
wrong.
> So the whitespace issue isn't my only problem. Could this be
> a library issue?
Well, I'm not sure you're canonicalizing here in the Java case. I know they
have interop tests and so forth, so the c14n code isn't *that* broken.
-- Scott
RE: Java XML C14n interop with .Net
Posted by Skip Walker <sk...@skipwalker.com>.
Hmm, well I'm still stuck.
Using my test xml file, both Glue and .NET C# both produce all of these

 elements, while the javax.xml apis produce no 
 entities. If I
modify my test xml file to be entirely on one line, this eliminates the line
feed problem, but it exposed another problem.
My test message begins like the following
<soap:Envelope xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance' ...
The Glue and .NET C# begin
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" ...
But the javax.xml begins differently
<soap:Envelope
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"
So the whitespace issue isn't my only problem. Could this be a library
issue?
Skip Walker
skip@gossamer-group.com
Gossamer Group
Bldg #2, Suite 410
4807 Spicewood Springs Rd.
Austin, TX 78759
(512) 342-2600 Fax (512) 342-2612
-----Original Message-----
From: Scott Cantor [mailto:cantor.2@osu.edu]
Sent: Wednesday, March 30, 2005 12:34 PM
To: security-dev@xml.apache.org; skipwork@skipwalker.com
Subject: RE: Java XML C14n interop with .Net
> The canonicalizer produces output that is nothing like the canonicalized
> form produced by .NET and the Glue input based canonicalization:
They look pretty much the same except for whitespace, but whitespace is
significant. If the XML contains whitespace, c14n doesn't remove it. My
guess is the DOM created by the parsers is different in each case. Different
DOMs mean different c14n octet streams.
You can't set your parser to collapse whitespace, normalize data, etc. if
you want to sign things.
It's common to fool yourself into thinking you can if the parser is the
same, because you're talking to yourself, but once you cross languages, you
can't rely on that and you have to follow the XML rules.
-- Scott
RE: Java XML C14n interop with .Net
Posted by Scott Cantor <ca...@osu.edu>.
> The canonicalizer produces output that is nothing like the canonicalized
> form produced by .NET and the Glue input based canonicalization:
They look pretty much the same except for whitespace, but whitespace is
significant. If the XML contains whitespace, c14n doesn't remove it. My
guess is the DOM created by the parsers is different in each case. Different
DOMs mean different c14n octet streams.
You can't set your parser to collapse whitespace, normalize data, etc. if
you want to sign things.
It's common to fool yourself into thinking you can if the parser is the
same, because you're talking to yourself, but once you cross languages, you
can't rely on that and you have to follow the XML rules.
-- Scott
RE: Java XML C14n interop with .Net
Posted by Skip Walker <sk...@skipwalker.com>.
Thanks Raul, your suggestion led me to solve one problem.
I was using an old version of Glue/ElectricXML (2.3.1) as input to the
canonicalizer. Apparently, there is some sort of problem with the DOM in
that old version. Swapping in Glue 5.0.2 to produce the DOM, the xml
security canonicalizer produced output that exactly matches the .NET
canonicalizer.
I'm having a problem that is corollary to this. Instead of using
Glue/ElectricXML to produce the xml Document to canonicalize I'm trying to
use the javax.xml.* APIs, since I may not be able to easily upgrade the glue
version. I can't get the output from this input form to match the
canonicalization done by .NET, and now the updated Glue/ElectricXML.
I am not too familiar with the javax.xml APIs, but I'm using the following
code to canonicalize the same document as before:
Document doc = DocumentBuilderFactory.newInstance().
newDocumentBuilder().parse(f);
Init.init();
Canonicalizer c14n =
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
byte[] bytes = c14n.canonicalizeSubtree(doc);
// ... write to file ...
The canonicalizer produces output that is nothing like the canonicalized
form produced by .NET and the Glue input based canonicalization:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/">
<soap:Body>
<n:getRate xmlns:n="urn:xmethods-CurrencyExchange">
<country1 xsi:type="xsd:string">usa</country1>
<country2 xsi:type="xsd:string">japan</country2>
</n:getRate>
</soap:Body>
<!-- test comment -->
<testElement a="1" b="2" c="3">
test crapola
</testElement>
</soap:Envelope>
Nothing like the results from .NET and Glue:
<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><n
:getRate xmlns:n="urn:xmethods-CurrencyExchange"><country1
xsi:type="xsd:string">usa</country1><country2
xsi:type="xsd:string">japan</country2></n:getRate></soap:Body><!-- test
comment --><testElement a="1" b="2" c="3">
test crapola
</testElement></soap:Envelope>
Any help on this is very much appreciated.
Thanks
Skip Walker
skip@gossamer-group.com
Gossamer Group
Bldg #2, Suite 410
4807 Spicewood Springs Rd.
Austin, TX 78759
(512) 342-2600 Fax (512) 342-2612
-----Original Message-----
From: Raul Benito [mailto:raul.benito.garcia@gmail.com]
Sent: Wednesday, March 30, 2005 4:16 AM
To: security-dev@xml.apache.org
Subject: Re: Java XML C14n interop with .Net
The java output looks weird perhaps your DOM tree is not well constracted.
Can you just plain serializae your DOM tree to se what really has.
On Tue, 29 Mar 2005 15:47:48 -0600, Skip Walker <sk...@skipwalker.com>
wrote:
>
> I'm relatively new to most of this stuff.
>
> Does anyone have any experience with the Java XML Security package and
.Net
> C# interopability?
>
> I'm trying to get xml, canonicalized using the XML Security package in
Java,
> to be canonicalized in the same way the .Net
> XmlDsigC14NWithCommentsTransform canonicalizes XML, or vice versa. I need
> to do this for some custom signature stuff I need to do on the xml.
>
> I can't seem to get the canonicalized xml to match up. There appear to be
> issues with the namespaces.
>
> With an example message of
>
> <soap:Envelope
> xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
> xmlns:xsd='http://www.w3.org/2001/XMLSchema'
> xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'
> xmlns:soapenc='http://schemas.xmlsoap.org/soap/encoding/'
> soap:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/'>
> <soap:Body>
> <n:getRate xmlns:n='urn:xmethods-CurrencyExchange'>
> <country1 xsi:type='xsd:string'>usa</country1>
> <country2 xsi:type='xsd:string'>japan</country2>
> </n:getRate>
> </soap:Body>
>
> <!-- test comment -->
> <testElement c='3' b='2' a='1'>
> test crapola
> </testElement>
> </soap:Envelope>
>
> I'm using the Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS in java to produce
>
> <soap:Envelope soap="http://schemas.xmlsoap.org/soap/envelope/"
> soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> xsd="http://www.w3.org/2001/XMLSchema"
> xsi="http://www.w3.org/2001/XMLSchema-instance"
>
http://schemas.xmlsoap.org/soap/envelope/:encodingStyle="http://schemas.xmls
oap.org/soap/encoding/"><soap:Body><n:getRate
> n="urn:xmethods-CurrencyExchange"><country1
>
http://www.w3.org/2001/XMLSchema-instance:type="xsd:string">usa</country1><c
ountry2
>
http://www.w3.org/2001/XMLSchema-instance:type="xsd:string">japan</country2>
</n:getRate></soap:Body><!--
> test comment --><testElement a="1" b="2" c="3">
> test crapola
> </testElement></soap:Envelope>
>
> But using the XmlDsigC14NWithCommentsTransform in .Net C# to produce
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
>
soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><n
:getRate
> xmlns:n="urn:xmethods-CurrencyExchange"><country1
> xsi:type="xsd:string">usa</country1><country2
> xsi:type="xsd:string">japan</country2></n:getRate></soap:Body><!-- test
> comment --><testElement a="1" b="2" c="3">
> test crapola
> </testElement></soap:Envelope>
>
> If anyone can help, I would appreciate it.
>
> Thanks,
>
> Skip
>
>
--
http://r-bg.com
Re: Java XML C14n interop with .Net
Posted by Raul Benito <ra...@gmail.com>.
The java output looks weird perhaps your DOM tree is not well constracted.
Can you just plain serializae your DOM tree to se what really has.
On Tue, 29 Mar 2005 15:47:48 -0600, Skip Walker <sk...@skipwalker.com> wrote:
>
> I'm relatively new to most of this stuff.
>
> Does anyone have any experience with the Java XML Security package and .Net
> C# interopability?
>
> I'm trying to get xml, canonicalized using the XML Security package in Java,
> to be canonicalized in the same way the .Net
> XmlDsigC14NWithCommentsTransform canonicalizes XML, or vice versa. I need
> to do this for some custom signature stuff I need to do on the xml.
>
> I can't seem to get the canonicalized xml to match up. There appear to be
> issues with the namespaces.
>
> With an example message of
>
> <soap:Envelope
> xmlns:xsi='http://www.w3.org/2001/XMLSchema-instance'
> xmlns:xsd='http://www.w3.org/2001/XMLSchema'
> xmlns:soap='http://schemas.xmlsoap.org/soap/envelope/'
> xmlns:soapenc='http://schemas.xmlsoap.org/soap/encoding/'
> soap:encodingStyle='http://schemas.xmlsoap.org/soap/encoding/'>
> <soap:Body>
> <n:getRate xmlns:n='urn:xmethods-CurrencyExchange'>
> <country1 xsi:type='xsd:string'>usa</country1>
> <country2 xsi:type='xsd:string'>japan</country2>
> </n:getRate>
> </soap:Body>
>
> <!-- test comment -->
> <testElement c='3' b='2' a='1'>
> test crapola
> </testElement>
> </soap:Envelope>
>
> I'm using the Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS in java to produce
>
> <soap:Envelope soap="http://schemas.xmlsoap.org/soap/envelope/"
> soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> xsd="http://www.w3.org/2001/XMLSchema"
> xsi="http://www.w3.org/2001/XMLSchema-instance"
> http://schemas.xmlsoap.org/soap/envelope/:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><n:getRate
> n="urn:xmethods-CurrencyExchange"><country1
> http://www.w3.org/2001/XMLSchema-instance:type="xsd:string">usa</country1><country2
> http://www.w3.org/2001/XMLSchema-instance:type="xsd:string">japan</country2></n:getRate></soap:Body><!--
> test comment --><testElement a="1" b="2" c="3">
> test crapola
> </testElement></soap:Envelope>
>
> But using the XmlDsigC14NWithCommentsTransform in .Net C# to produce
>
> <soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
> xmlns:soapenc="http://schemas.xmlsoap.org/soap/encoding/"
> xmlns:xsd="http://www.w3.org/2001/XMLSchema"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> soap:encodingStyle="http://schemas.xmlsoap.org/soap/encoding/"><soap:Body><n:getRate
> xmlns:n="urn:xmethods-CurrencyExchange"><country1
> xsi:type="xsd:string">usa</country1><country2
> xsi:type="xsd:string">japan</country2></n:getRate></soap:Body><!-- test
> comment --><testElement a="1" b="2" c="3">
> test crapola
> </testElement></soap:Envelope>
>
> If anyone can help, I would appreciate it.
>
> Thanks,
>
> Skip
>
>
--
http://r-bg.com