You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Anli Shundi (Commented) (JIRA)" <ji...@apache.org> on 2012/03/29 18:00:33 UTC

[jira] [Commented] (SANTUARIO-308) Canonicalizer error when encrypting multiple elements

    [ https://issues.apache.org/jira/browse/SANTUARIO-308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13241332#comment-13241332 ] 

Anli Shundi commented on SANTUARIO-308:
---------------------------------------

One more problem is that when encrypting only the content and it starts with a comment then C14N considers it as outside the document element and appends newlines to it.  This becomes a problem if the same element is signed before with C14NOmmitComments.  Verification fails because there's a newline on decryption.  The fix would be for the employed C14N to turn off the logic of checking for document element and prepending or appending newlines for comments.
                
> Canonicalizer error when encrypting multiple elements
> -----------------------------------------------------
>
>                 Key: SANTUARIO-308
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-308
>             Project: Santuario
>          Issue Type: Bug
>          Components: Java
>    Affects Versions: Java 1.4.5, Java 1.5.1
>            Reporter: Clement Pellerin
>            Assignee: Colm O hEigeartaigh
>         Attachments: TestExtraXmlns.java
>
>
> When we are encrypting multiple elements like this:
> for (int i = 0; i < elems.length; i++) {
>   cipher.doFinal(doc, elems[i])
> }
> We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
> The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
> The input document:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
> becomes:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
> I would much rather obtain the same output as the original, but I'm not sure if the XML Encryption spec allows this.
> Here <elem>22</elem> is encrypted first, and I believe is the element canonicalized correctly.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira