You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Aleksandr Beliakov (Jira)" <ji...@apache.org> on 2020/04/02 09:52:00 UTC
[jira] [Created] (SANTUARIO-530) Reference validation always omits
comments for canonicalization
Aleksandr Beliakov created SANTUARIO-530:
--------------------------------------------
Summary: Reference validation always omits comments for canonicalization
Key: SANTUARIO-530
URL: https://issues.apache.org/jira/browse/SANTUARIO-530
Project: Santuario
Issue Type: Bug
Affects Versions: Java 2.1.4
Reporter: Aleksandr Beliakov
Assignee: Colm O hEigeartaigh
Attachments: exclusive_with_comments.xml, exclusive_without_comments.xml
Hello, I have a problem when validating signature references with canonicalization transforms with comments, like "http://www.w3.org/2001/10/xml-exc-c14n#WithComments" and "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments".
I use the following code to validate a reference:
{code:java}
org.apache.xml.security.signature.Reference.verify();
{code}
The problem seems to be in the method Reference.getContentsAfterTransformation(input, os). The thing is that the _input_ variable of XMLSignatureInput.class here has always an attribute "excludeComments=true", and the boolean value never changed depending on a requested transformer.
I attach two signatures one without comments and one with comments, in order to show that the produced result of the method Reference.getContentsAfterTransformation().getBytes() is the same for this two different transforms.
Could you please clarify, is that an expected behavior or a bug?
Best regards,
Aleksandr.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)