You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by bu...@apache.org on 2008/05/15 02:38:09 UTC

DO NOT REPLY [Bug 44999] New: DOMException is thrown at XMLSignature creation (1.4.2 beta2)

https://issues.apache.org/bugzilla/show_bug.cgi?id=44999

           Summary: DOMException is thrown at XMLSignature creation (1.4.2
                    beta2)
           Product: Security
           Version: unspecified
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: giedrius.noreikis@gmail.com


Description:
------------
After an "upgrade" from version 1.4.1 to 1.4.2beta2, I started receiving an
org.w3c.dom.DOMException when calling public XMLSignature(Document doc, String
BaseURI, String SignatureMethodURI). The stacktrace is:

org.w3c.dom.DOMException: NAMESPACE_ERR: An attempt is made to create or change
an object in a way which is incorrect with regard to namespaces.
        at org.apache.xerces.dom.CoreDocumentImpl.checkNamespaceWF(Unknown
Source)
        at org.apache.xerces.dom.AttrNSImpl.setName(Unknown Source)
        at org.apache.xerces.dom.AttrNSImpl.<init>(Unknown Source)
        at org.apache.xerces.dom.CoreDocumentImpl.createAttributeNS(Unknown
Source)
        at org.apache.xerces.dom.ElementImpl.setAttributeNS(Unknown Source)
        at
org.apache.xml.security.signature.XMLSignature.<init>(XMLSignature.java:206)
        at
org.apache.xml.security.signature.XMLSignature.<init>(XMLSignature.java:149)
...

Cause:
------
Before calling the constructor

public XMLSignature(Document doc, String BaseURI, String SignatureMethodURI)

we set namespace prefix to "" (Constants.setSignatureSpecNSprefix("");) to
disable prefixes. It was ok previously - now the new code at

org.apache.xml.security.signature.XMLSignature, lines 200-208

breaks that:

1. Setting the namespace prefix to "" results in the entry (namespace,
"xmlns:") being added to _prefixMappingsBindings Map
(org.apache.xml.security.utils.ElementProxy:519).
2. XMLSignature constructor gets that prefix (200-201), checks if it is "empty"
(202), gets false and calls this._constructionElement.setAttributeNS() with
that prefix (206), what results in the exception being thrown.

Possible fix:
-------------
In case of "" prefix, ElementProxy.setDefaultPrefix() should put either "xmlns"
or "" to the _prefixMappingsBindings Map.
Or, maybe, different checks should be performed at XMLSignature:200-208 and
similar places, first getting ElementProxy.getDefaultPrefix(namespace); and
then, if it is not empty, calling
ElementProxy.getDefaultPrefixBindings(namespace). Something like in
ElementProxy.createElementForFamily():136-152.

Assignment XMLUtils.xmlnsDsPrefix="xmlns:"+prefix; (ElementProxy:516) should
probably be fixed as well (not sure; however, it seems the variable
xmlnsDsPrefix is not used at all).


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

DO NOT REPLY [Bug 44999] DOMException is thrown at XMLSignature creation (1 .4.2 beta2)

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=44999


sean.mullan@sun.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED




--- Comment #1 from sean.mullan@sun.com  2008-05-15 12:17:14 PST ---
Thanks for catching this regression!

> Possible fix:
> -------------
> In case of "" prefix, ElementProxy.setDefaultPrefix() should put either "xmlns"
> or "" to the _prefixMappingsBindings Map.

My fix puts "xmlns" into the map. It seemed more logical.

> Or, maybe, different checks should be performed at XMLSignature:200-208 and
> similar places, first getting ElementProxy.getDefaultPrefix(namespace); and
> then, if it is not empty, calling
> ElementProxy.getDefaultPrefixBindings(namespace). Something like in
> ElementProxy.createElementForFamily():136-152.

Yes, you could do that, but I chose the mapping fix because that is where the
bug really is.

> Assignment XMLUtils.xmlnsDsPrefix="xmlns:"+prefix; (ElementProxy:516) should
> probably be fixed as well (not sure; however, it seems the variable
> xmlnsDsPrefix is not used at all).

I removed the xmlnsDsPrefix variable.

Incidentally, I found the same problem if you are using the JSR 105 API and set
the namespace prefix to "" using the XMLSignContext.putNamespacePrefix method.
I have fixed that as well. 

Both of these fixes will be in 1.4.2.


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.