You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Cédric POTHIN <ce...@inovatel.sfr.com> on 2005/02/09 14:52:42 UTC
Exclusive canonicalization problem
I have a problem with the exclusive canonicalizer without comments class in
the xml security 1.2 source code.
I have the following document :
<roap:riHello xmlns:roap="urn:oma:bac:dldrm:roap-1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" sessionId="292241414"
status="Success">
<selectedVersion>1.0</selectedVersion>
<riID>
<keyIdentifier xsi:type="roap:X509SPKIHash">
<hash>sk+4JImZCG+IV4/c+Pw9FeAbhuc=</hash>
</keyIdentifier>
</riID>
<riNonce>316532319</riNonce>
<serverInfo></serverInfo>
<extensions>
<extension xsi:type="roap:CertificateCaching"></extension>
</extensions>
</roap:riHello>
If I canonicalize the previous document using the exclusive without comment
algo
the document I get is the following:
<roap:riHello xmlns:roap="urn:oma:bac:dldrm:roap-1.0" sessionId="1144777697"
status="Success">
<selectedVersion>1.0</selectedVersion>
<riID>
<keyIdentifier xsi:type="roap:X509SPKIHash">
<hash>sk+4JImZCG+IV4/c+Pw9FeAbhuc=</hash>
</keyIdentifier>
</riID>
<riNonce>1061456201</riNonce>
<serverInfo></serverInfo>
<extensions>
<extension xsi:type="roap:CertificateCaching"></extension>
</extensions>
</roap:riHello>
As you can see the xmlns:xsi is removed from the roap:riHello element,
but not added to the keyIdentifier and the extension element.
So If I input the result document in a DOM parser it just said not bound
exception "xsi is not bound".
Well at this point I try to understood the problem and I check the source
code of xml sec 1.2.
I found something very strange:
In the parsing of the doc in the canonicalizerSubTree method there is a call
to the method
handlesAttributes that handles the attributes of the current node of the doc
parsing.
In debugging the method I found that when the parser comes to
<keyIdentifier xsi:type="roap:X509SPKIHash">
for instance then the Attr object in the handlesAttributes method is of
class AttrImpl and not AttrNSImpl
so the call to the Attr.getPrefix() always return null if Attr is instance
of AttrImpl ! Whereas there is actually a prefix that is xsi !!!!
So the attribute namespace is not seen as visiblyUtilized !!!
Do you know why I have a AttrImpl object instance instead of a AttrNSImp
that should
handle the namespace prefix correctly?
Do you think it is a bug in the dom parser or in the xml sec source code or
is it something I don't understand
or something wrong with my document ?
Thank you in advance for any answers.
Cédric