You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Manjesh Kumar (JIRA)" <ji...@apache.org> on 2017/09/29 13:40:00 UTC

[jira] [Comment Edited] (SANTUARIO-478) Property XMLOutputFactory.IS_REPAIRING_NAMESPACES should be FALSE by default

    [ https://issues.apache.org/jira/browse/SANTUARIO-478?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16185838#comment-16185838 ] 

Manjesh Kumar edited comment on SANTUARIO-478 at 9/29/17 1:39 PM:
------------------------------------------------------------------

Sorry [~coheigea] , i forgot to attache the test case.

Scenario - We have the input xml file with below root element 
{code:xml} 
<Message xmlns="urn:tch" xmlns:head="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 " xmlns:if="urn:iso:std:iso:20022:tech:xsd:camt.028.001.06">
{code}

{{urn:tch}} represents the name space.

After sign, it change into below 
{code:xml}
<sp_0:Message xmlns="urn:tch" xmlns:head="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:if="urn:iso:std:iso:20022:tech:xsd:camt.028.001.06" xmlns:sp_0="urn:tch" >
{code}

So here you can see there is a extra {{xmlns:sp_0="urn:tch"}} added by stax api in the signed file. Hence signature validation fails.

but it works fine if we sign the file with name space alias just lie below
{code:xml} 
<p:Message xmlns:p="urn:tch" xmlns:head="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 " xmlns:if="urn:iso:std:iso:20022:tech:xsd:camt.028.001.06">
{code}





was (Author: manjeshk):
Sorry [~coheigea] , i forgot to attache the test case.

Scenario - We have the input xml file with below root element 
{code:xml} 
<Message xmlns="urn:tch" xmlns:head="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 " xmlns:if="urn:iso:std:iso:20022:tech:xsd:camt.028.001.06">
{code}

{{urn:tch}} represents the name space.

After sign, it change into below 
{code:xml}
<sp_0:Message xmlns="urn:tch" xmlns:head="urn:iso:std:iso:20022:tech:xsd:head.001.001.01" xmlns:if="urn:iso:std:iso:20022:tech:xsd:camt.028.001.06" xmlns:sp_0="urn:tch" >
{code}

So here you can see there is a extra {{xmlns:sp_0="urn:tch"}} added by sign service.

but it works fine if we sign the file with name space alias just lie below
{code:xml} 
<p:Message xmlns:p="urn:tch" xmlns:head="urn:iso:std:iso:20022:tech:xsd:head.001.001.01 " xmlns:if="urn:iso:std:iso:20022:tech:xsd:camt.028.001.06">
{code}




> Property XMLOutputFactory.IS_REPAIRING_NAMESPACES should be FALSE by default
> ----------------------------------------------------------------------------
>
>                 Key: SANTUARIO-478
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-478
>             Project: Santuario
>          Issue Type: Wish
>            Reporter: Manjesh Kumar
>            Assignee: Colm O hEigeartaigh
>
> In the org.apache.xml.security.stax.ext.XMLSecurityConstants static initilizer block 
> following is set
> xmlOutputFactory.setProperty(XMLOutputFactory.IS_REPAIRING_NAMESPACES, true);
> because of this the xml is getting updated after it is signed and which ultimately fails the signature validation (Invalid digest of reference). 



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)