You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Cédric POTHIN <ce...@inovatel.sfr.com> on 2005/02/09 14:52:42 UTC

Exclusive canonicalization problem

I have a problem with the exclusive canonicalizer without comments class in

the xml security 1.2 source code.

 

I have the following document :

 

<roap:riHello xmlns:roap="urn:oma:bac:dldrm:roap-1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" sessionId="292241414"
status="Success">

  <selectedVersion>1.0</selectedVersion>

 <riID>

    <keyIdentifier xsi:type="roap:X509SPKIHash">

      <hash>sk+4JImZCG+IV4/c+Pw9FeAbhuc=</hash>

    </keyIdentifier>

  </riID>

  <riNonce>316532319</riNonce>

  <serverInfo></serverInfo>

  <extensions>

    <extension xsi:type="roap:CertificateCaching"></extension>

  </extensions>

</roap:riHello>

 

If I canonicalize the previous document using the exclusive without comment
algo

the document I get is the following:

 

<roap:riHello xmlns:roap="urn:oma:bac:dldrm:roap-1.0" sessionId="1144777697"
status="Success">

  <selectedVersion>1.0</selectedVersion>

  <riID>

    <keyIdentifier xsi:type="roap:X509SPKIHash">

       <hash>sk+4JImZCG+IV4/c+Pw9FeAbhuc=</hash>

    </keyIdentifier>

   </riID>

  <riNonce>1061456201</riNonce>

  <serverInfo></serverInfo>

  <extensions>

     <extension xsi:type="roap:CertificateCaching"></extension>

  </extensions>

</roap:riHello>

 

As you can see the xmlns:xsi is removed from the roap:riHello element,

but not added to the keyIdentifier and the extension element.

 

So If I input the result document in a DOM parser it just said not bound

exception "xsi is not bound".

 

 

Well at this point I try to understood the problem and I check the source
code of xml sec 1.2.

 

I found something very strange:

 

In the parsing of the doc in the canonicalizerSubTree method there is a call
to the method 

handlesAttributes that handles the attributes of the current node of the doc
parsing.

In debugging the method I found that when the parser comes to
<keyIdentifier xsi:type="roap:X509SPKIHash">

for instance then the Attr object in the handlesAttributes method is of
class AttrImpl and not AttrNSImpl

so the call to the Attr.getPrefix() always return null if Attr is instance
of AttrImpl ! Whereas there is actually a prefix that is xsi !!!!

So the attribute namespace is not seen as visiblyUtilized !!!

 

Do you know why I have a AttrImpl object instance instead of a AttrNSImp
that should

handle the namespace prefix correctly?

 

Do you think it is a bug in the dom parser or in the  xml sec source code or
is it something I don't understand 

or something wrong with my document ?

 

Thank you in advance for any answers.

 

Cédric