Java + canonicalization: unused namespaces prevail

[Jiří Smolík <sm...@602.cz>]

Hello,

apologies if this is already answered somewhere - I haven't been able to find any answer.

I'd like to ask whether it's possible to have a Canonicalizer remove unused namespace declarations from input XML files. More specifically, I'd like to use the Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS algorithm and have it output (e.g.) the following pseudo-XML file:

<Root xmlns="urn:example.com:example.v1">
...
</Root>

whereas it outputs:

<Root xmlns="urn:example.com:example.v1" xmlns:ns2="urn:example.com:example.v2">
...
</Root>

even despite the "ns2" namespace is never used in the XML file.

It probably isn't illegal but I need to sign the canonicalized forms and be able to re-construct them at a later point in time, so I'm worried that a sudden change of behaviour will break my signatures. Is there a way to control this behaviour? If not, might I request its addition?

Thanks,
Jiri

RE: Java + canonicalization: unused namespaces prevail

["Cantor, Scott" <ca...@osu.edu>]

> I'd like to ask whether it's possible to have a Canonicalizer remove unused
> namespace declarations from input XML files

That's what Exclusive C14N does, modulo the fact that it's practically impossible to actually know when namespaces are in fact used in many common protocols (your example is merely a trivial one that doesn't get into the problematic territory, which is primarily when schemas and xsi:type are involved).

In general, you will never end up in a state where signed XML is anything but tremendously brittle, and you shouldn't waste a lot of time trying. But the purpose of Exclusive is to support wrapping scenarios where the signed content is removed from the context and verified in a different or isolated context, but it works no better than "somewhat".

-- Scott