You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2012/07/28 02:05:34 UTC
[jira] [Resolved] (SANTUARIO-333) Would like support for more than
just SHA1 digest algorithm when verifying XML signature.
[ https://issues.apache.org/jira/browse/SANTUARIO-333?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Cantor resolved SANTUARIO-333.
------------------------------------
Resolution: Invalid
This isn't a bug, and the Java library already supports SHA-256. If you have an issue with your code, you should use the mailing list for that, not Jira.
> Would like support for more than just SHA1 digest algorithm when verifying XML signature.
> -----------------------------------------------------------------------------------------
>
> Key: SANTUARIO-333
> URL: https://issues.apache.org/jira/browse/SANTUARIO-333
> Project: Santuario
> Issue Type: Improvement
> Components: Java
> Environment: xmlsec-1.4.7
> xmlsec-1.5.2
> Reporter: Martin Wickline
> Assignee: Colm O hEigeartaigh
>
> Cannot currently validate XML signature block like this:
> {code:xml}
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo>
> <ds:CanonicalizationMethod
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> <ds:SignatureMethod
> Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
> <ds:Reference
> URI="#_ed26c646-8529-49ac-bff4-d1ecceea5f80">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
> <ds:DigestValue>sst8O6+//mimM6mZzPuyUrAeslMi3YmE+TkZ8Rei5J8=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>WViuWk2gpIvuCOxBG/zsPiXEWmoAdaRrnTEhXuKn3EERZbRMCKQ0S9kiwV/Gh0yM1WdCqthESmfEtWCk2WZHns86+mQsh1XVar6lpiyyUjjM++Rn6n4pdRFZ5MBVI2MUAc5MHaCh2AF/bz8p1cm+wPcvD8Fm6jnPfTxtYxfRMNU=</ds:SignatureValue>
> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
> <ds:X509Data>
> <ds:X509Certificate>...blah...</ds:X509Certificate>
> </ds:X509Data>
> </KeyInfo>
> </ds:Signature>
> {code}
> The only DigestMethod Algorithm currently supported is SHA1. This produces an exception and stack trace like:
> org.apache.xml.security.signature.MissingResourceFailureException: The Reference for URI #_ed26c646-8529-49ac-bff4-d1ecceea5f80 has no XMLSignatureInput
> Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Element AttributeValue has a relative namespace: tn="xs"
> Original Exception was org.apache.xml.security.signature.ReferenceNotInitializedException: Element AttributeValue has a relative namespace: tn="xs"
> Original Exception was org.apache.xml.security.signature.XMLSignatureException: Element AttributeValue has a relative namespace: tn="xs"
> Original Exception was org.apache.xml.security.transforms.TransformationException: Element AttributeValue has a relative namespace: tn="xs"
> Original Exception was org.apache.xml.security.c14n.CanonicalizationException: Element AttributeValue has a relative namespace: tn="xs"
> Original Exception was org.apache.xml.security.c14n.CanonicalizationException: Element AttributeValue has a relative namespace: tn="xs"
> Original Exception was org.apache.xml.security.c14n.CanonicalizationException: Element AttributeValue has a relative namespace: tn="xs"
> However, the element by that ID is actually found and resolved.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira