You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by jason marshall <jd...@gmail.com> on 2008/09/04 00:11:37 UTC

Known C14N bugs?

Where can I get a list of the known C14N bugs in XMLSec 1.3.0?

I have a problem where one of my unit tests is incorrectly failing due
to a pattern like the following:


<ds:Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties"
URI="#47b38f3b">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
</ds:Transforms>
<ds:DigestMethod
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
<ds:DigestValue>qZhbpRF5y9PMnNsegBonsB1UTNjt3dE/t4P/NbFvFIE=</ds:DigestValue>
</ds:Reference>

...
<ds:SignatureProperties Id="47b38f3b">
<!-- I'm just a little black raincloud... -->
<ds:SignatureProperty ...


The comment has been programatically added to the SignatureProperties
node to prove that comments aren't included in the digested data.
If I take out the carriage return after the comment, the test passes
as expected.  With the newline, it fails.  My understanding of C14N
without comments is that this code is in error.  Am I right?  Was this
fixed in a later version?

(Is there a newer version that doesn't have any regressions in it?
The general bug history seems to indicate the answer is 'no')

Thanks,


-- 
- Jason

Re: Known C14N bugs?

Posted by Sean Mullan <Se...@Sun.COM>.

jason marshall wrote:
> Where can I get a list of the known C14N bugs in XMLSec 1.3.0?

You can see all the bugs that were fixed in each release here: 
http://santuario.apache.org/changes.html

--Sean

Re: Known C14N bugs?

Posted by jason marshall <jd...@gmail.com>.

Ah, that does appear to be the case.  Thank you.

So I can add comments to a signed node, but only if I don't modify the
whitespace outside the comment.  Which sort of makes the utility of
being able to add/modify comments to a signed node annoying at best
(and sinister at worst, which is exactly why I'm currently reworking
my tests).

Thanks,
Jason

On Wed, Sep 3, 2008 at 3:38 PM, Anli Shundi <as...@tibco.com> wrote:
> I think your interpretation is wrong: whitespace around comments is
> irrelevant only when they're outside the document element (the single root
> element).
>
> See http://www.w3.org/TR/xml-c14n#Example-OutsideDoc
>
> -Anli
>
> jason marshall wrote:
>
> Where can I get a list of the known C14N bugs in XMLSec 1.3.0?
>
> I have a problem where one of my unit tests is incorrectly failing due
> to a pattern like the following:
>
>
> <ds:Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties"
> URI="#47b38f3b">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
> <ds:DigestValue>qZhbpRF5y9PMnNsegBonsB1UTNjt3dE/t4P/NbFvFIE=</ds:DigestValue>
> </ds:Reference>
>
> ...
> <ds:SignatureProperties Id="47b38f3b">
> <!-- I'm just a little black raincloud... -->
> <ds:SignatureProperty ...
>
>
> The comment has been programatically added to the SignatureProperties
> node to prove that comments aren't included in the digested data.
> If I take out the carriage return after the comment, the test passes
> as expected.  With the newline, it fails.  My understanding of C14N
> without comments is that this code is in error.  Am I right?  Was this
> fixed in a later version?
>
> (Is there a newer version that doesn't have any regressions in it?
> The general bug history seems to indicate the answer is 'no')
>
> Thanks,
>
>
> --
> - Jason
>
>



-- 
- Jason

Re: Known C14N bugs?

Posted by Anli Shundi <as...@tibco.com>.

I think your interpretation is wrong: whitespace around comments is 
irrelevant only when they're outside the document element (the single 
root element).

See http://www.w3.org/TR/xml-c14n#Example-OutsideDoc

-Anli

jason marshall wrote:
>
> Where can I get a list of the known C14N bugs in XMLSec 1.3.0?
>
> I have a problem where one of my unit tests is incorrectly failing due
> to a pattern like the following:
>
>
> <ds:Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties"
> URI="#47b38f3b">
> <ds:Transforms>
> <ds:Transform 
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
> <ds:DigestValue>qZhbpRF5y9PMnNsegBonsB1UTNjt3dE/t4P/NbFvFIE=</ds:DigestValue>
> </ds:Reference>
>
> ...
> <ds:SignatureProperties Id="47b38f3b">
> <!-- I'm just a little black raincloud... -->
> <ds:SignatureProperty ...
>
>
> The comment has been programatically added to the SignatureProperties
> node to prove that comments aren't included in the digested data.
> If I take out the carriage return after the comment, the test passes
> as expected.  With the newline, it fails.  My understanding of C14N
> without comments is that this code is in error.  Am I right?  Was this
> fixed in a later version?
>
> (Is there a newer version that doesn't have any regressions in it?
> The general bug history seems to indicate the answer is 'no')
>
> Thanks,
>
>
> --
> - Jason
>