You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by bu...@apache.org on 2008/09/04 16:20:34 UTC
DO NOT REPLY [Bug 45744] New: XPath transform and xml-stylesheet
https://issues.apache.org/bugzilla/show_bug.cgi?id=45744
Summary: XPath transform and xml-stylesheet
Product: Security
Version: Java 1.4.1
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: Signature
AssignedTo: security-dev@xml.apache.org
ReportedBy: mlistwan@gmail.com
Created an attachment (id=22525)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=22525)
upp_sign.xml is the signature and out.xml signed xml
There is a problem with verification of signatures having a ds:Reference to an
xml file with with <?xml-stylesheet?> with XPath transform. As you create the
same signature referencing a modified document by omitting <?xml-stylesheet?>
the signature verification succeeds.
I had to solve the problem and had come to conclusion that there is a bug in
org.apache.xml.security.signature.XMLSignatureInput. The source of the problem
is a line this._subNode=doc.getDocumentElement(); in void convertToNodes().
Assigning only root element removes xml-stylesheet. Changing the line to:
this._subNode=doc; seems to fix it.
Attached out.zip has two files that show the situation.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 45744] XPath transform and xml-stylesheet
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45744
--- Comment #4 from Michal Listwan <ml...@gmail.com> 2009-06-18 13:12:12 PST ---
I have no objections.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 45744] XPath transform and xml-stylesheet
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45744
coheigea <co...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #22525|0 |1
is obsolete| |
Attachment #23828|0 |1
is obsolete| |
--- Comment #5 from coheigea <co...@apache.org> 2009-06-19 04:12:41 PST ---
Created an attachment (id=23832)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=23832)
A patch for this issue
See attached for a patch for this issue. It includes the suggested fix to
XMLSignatureInput, as well as a unit test that's derived from the submitted
test-case.
Colm.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 45744] XPath transform and xml-stylesheet
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45744
--- Comment #1 from coheigea <co...@apache.org> 2009-06-18 04:52:20 PST ---
Do you have a test-case for this issue?
Colm.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 45744] XPath transform and xml-stylesheet
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45744
coheigea <co...@apache.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |FIXED
--- Comment #6 from coheigea <co...@apache.org> 2009-07-10 06:32:03 PST ---
Patch applied.
Colm.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 45744] XPath transform and xml-stylesheet
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45744
--- Comment #3 from coheigea <co...@apache.org> 2009-06-18 08:48:59 PST ---
Thanks Michael. I'll create a patch including a test-case for this issue. Do
you have any objections to me adding the test code and signature files to the
project?
Colm.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
DO NOT REPLY [Bug 45744] XPath transform and xml-stylesheet
Posted by bu...@apache.org.
https://issues.apache.org/bugzilla/show_bug.cgi?id=45744
--- Comment #2 from Michal Listwan <ml...@gmail.com> 2009-06-18 06:42:38 PST ---
Created an attachment (id=23828)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=23828)
verification
Attachment verifies the pair (upp_sign.xml and out.xml). As the line is
"this._subNode=doc.getDocumentElement();" verification of reference out.xml
fails. With "this._subNode=doc" verification succeeds.
Signature was created with third party library. It caused an inconsistency that
made me look for this bug.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.