You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by tobias <to...@t-systems.com> on 2015/02/09 17:28:47 UTC
Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
With this version I`ve two issues.
Stax signer
- When I set XMLSecurityProperties.setSignaturePosition(1); no signature is
being written, with "0" the signature is written on the top of the file.
Dom Verify
- With this new version 2.0.3 I`m getting an exception, it was working with
2.0.2, but I need the RSA-PSS algorithm support, therefore I want to upgrade
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Invalid
digest of reference #ID_097f0764-9f73-4fb2-b2e0-7de370930288
Another question is, why does that code:
String id = "ID_" + UUID.randomUUID().toString();
elementToSign.setAttributeNS(null, "Id", id);
elementToSign.setIdAttributeNS(null, "Id", true);
transforms = new Transforms(document);
transforms
.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
xmlSignature.addDocument("#" + id, transforms,
"http://www.w3.org/2000/09/xmldsig#sha1");
set the id on the top of the xml document and also to the reference field?
<TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#"
Id="ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed"
TSLTag="http://uri.etsi.org/02231/TSLTag">
<ds:Reference URI="#ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed">
Is that a correct behaviour?
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41687.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
AW: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by tobias <to...@t-systems.com>.
Try to make a test which you can run on your environment. Meanwhile I`m getting an exception, it says that the digest is not correct. What I`m doing wrong? With v2.0.2 it was working? I`m creating my own ID with a UUID class, but it seems that it expects a digest?
2015-02-10 13:20:30.367 [{}] [main] WARN org.apache.xml.security.signature.Reference - Verification failed for URI "#ID_3a0ffc01-e69f-4f2a-8cd8-9a306975ccf2"
2015-02-10 13:20:30.368 [{}] [main] WARN org.apache.xml.security.signature.Reference - Expected Digest: RfHWuW9+Sl4svgiykjBwE3WYSDk=
2015-02-10 13:20:30.368 [{}] [main] WARN org.apache.xml.security.signature.Reference - Actual Digest: oNFY2zAXV5JgidfcPNrG2YUTWZI=
2015-02-10 13:20:30.368 [{}] [main] DEBUG org.apache.xml.security.signature.Manifest - The Reference has Type
Von: Colm O hEigeartaigh-2 [via Apache XML Project] [mailto:ml-node+s6118n41692h27@n7.nabble.com]
Gesendet: Dienstag, 10. Februar 2015 13:06
An: Wolf, Tobias
Betreff: Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Stax signer
- When I set XMLSecurityProperties.setSignaturePosition(1); no signature is
being written, with "0" the signature is written on the top of the file.
I can't reproduce this. With "1", the Signature should be written out after the first child element. Could you create a test-case to reproduce the problem?
Dom Verify
- With this new version 2.0.3 I`m getting an exception, it was working with
2.0.2, but I need the RSA-PSS algorithm support, therefore I want to upgrade
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Invalid
digest of reference #ID_097f0764-9f73-4fb2-b2e0-7de370930288
Could you create a test-case to reproduce the problem?
Another question is, why does that code:
String id = "ID_" + UUID.randomUUID().toString();
elementToSign.setAttributeNS(null, "Id", id);
elementToSign.setIdAttributeNS(null, "Id", true);
transforms = new Transforms(document);
transforms
.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>");
xmlSignature.addDocument("#" + id, transforms,
"http://www.w3.org/2000/09/xmldsig#sha1");
set the id on the top of the xml document and also to the reference field?
<TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#<http://uri.etsi.org/02231/v2>"
Id="ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed"
TSLTag="http://uri.etsi.org/02231/TSLTag">
<ds:Reference URI="#ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed">
Is that a correct behaviour?
Yes, the reference URI points to the Element that is signed (in this case TrustServiceStatusList).
Colm.
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41687.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
________________________________
If you reply to this email, your message will be added to the discussion below:
http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41692.html
To unsubscribe from [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3, click here<http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=41648&code=dG9iaWFzLndvbGZAdC1zeXN0ZW1zLmNvbXw0MTY0OHwxNjQxMTM5MzQ2>.
NAML<http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41693.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by Colm O hEigeartaigh <co...@apache.org>.
I've fixed that, thanks.
Colm.
On Mon, Feb 16, 2015 at 10:56 AM, tobias <to...@t-systems.com> wrote:
> Yes will do. Another thing I found is your are defining algorithm in your
> signature, but your`re not using it. Maybe you want to verify that.
>
>
>
> public static ByteArrayOutputStream signUsingStAX(
>
> InputStream inputStream,
>
> List<QName> namesToSign,
>
> String algorithm,
>
> Key signingKey,
>
> X509Certificate signingCert
>
> ) throws Exception {
>
>
>
> --
> View this message in context:
> http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41716.html
> Sent from the Apache XML - Security - Dev mailing list archive at
> Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by tobias <to...@t-systems.com>.
Yes will do. Another thing I found is your are defining algorithm in your
signature, but your`re not using it. Maybe you want to verify that.
public static ByteArrayOutputStream signUsingStAX(
InputStream inputStream,
List<QName> namesToSign,
String algorithm,
Key signingKey,
X509Certificate signingCert
) throws Exception {
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41716.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by Colm O hEigeartaigh <co...@apache.org>.
You can add transforms when defining the "SecurePart" to be signed, e.g.:
String[] transforms = new String[2];
transforms[0] = "http://www.w3.org/2000/09/xmldsig#enveloped-signature";
transforms[1] = "http://www.w3.org/2001/10/xml-exc-c14n#";
securePart.setTransforms(transforms);
Colm.
On Mon, Feb 16, 2015 at 10:54 AM, tobias <to...@t-systems.com> wrote:
> How can I do the transforms.addTransform(TRANSFORM_ENVELOPED_SIGNATURE); in
> StAX mode?
>
>
>
> --
> View this message in context:
> http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41715.html
> Sent from the Apache XML - Security - Dev mailing list archive at
> Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
Re: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by tobias <to...@t-systems.com>.
How can I do the transforms.addTransform(TRANSFORM_ENVELOPED_SIGNATURE); in
StAX mode?
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41715.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by Colm O hEigeartaigh <co...@apache.org>.
I checked with my testcase using "PurchaseOrder" as the node to sign +
adding the enveloped transform first, and the interop test works fine.
Maybe start from there and try to figure out why your testcase isn't
working?
https://github.com/coheigea/testcases/tree/master/apache/santuario/santuario-xml-signature
Colm.
On Fri, Feb 13, 2015 at 4:46 PM, tobias <to...@t-systems.com> wrote:
> That works! Thank you!
>
>
>
> Another question is when I sign using Stax and verify using Dom I`m
> getting the following exception:
>
>
>
> *org.w3c.dom.DOMException*: NOT_FOUND_ERR: Es wurde versucht, einen
> Knoten in einem Kontext zu referenzieren, in dem er nicht vorhanden ist.
>
>
>
> ------------------------------
> View this message in context: AW: [WARNING : A/V UNSCANNABLE]AW: [WARNING
> : A/V UNSCANNABLE]AW: [VOTE] - Release Apache Santuario - XML Security for
> Java 2.0.3
> <http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41708.html>
> Sent from the Apache XML - Security - Dev mailing list archive
> <http://apache-xml-project.6118.n7.nabble.com/Apache-XML-Security-Dev-f33675.html>
> at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
AW: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by tobias <to...@t-systems.com>.
That works! Thank you!
Another question is when I sign using Stax and verify using Dom I`m getting the following exception:
org.w3c.dom.DOMException: NOT_FOUND_ERR: Es wurde versucht, einen Knoten in einem Kontext zu referenzieren, in dem er nicht vorhanden ist.
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41708.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: [WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by Colm O hEigeartaigh <co...@apache.org>.
Ok the issue here is that you are signing the root Element of the document,
and then appending the Signature to the first child of the Document. So the
Signature is included in the signature verification and hence the failure.
XML Signature has a special transform for this use-case to tell it to
ignore the Signature. So in your "TSLXmlSigner" the transforms should be:
transforms = new Transforms(document);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#");
Colm.
On Fri, Feb 13, 2015 at 7:44 AM, tobias <to...@t-systems.com> wrote:
> I`m sending it again, don`t know what problem it is.
>
>
>
> I'm getting a file not found error with this link:
> http://apache-xml-project.6118.n7.nabble.com/attachment/41697/1/TestTSLAPI.zip
>
> Colm.
>
>
>
>
>
> *TestTSLAPI.zip* (7M) Download Attachment
> <http://apache-xml-project.6118.n7.nabble.com/attachment/41705/0/TestTSLAPI.zip>
>
> ------------------------------
> View this message in context: [WARNING : A/V UNSCANNABLE]AW: [WARNING :
> A/V UNSCANNABLE]AW: [VOTE] - Release Apache Santuario - XML Security for
> Java 2.0.3
> <http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41705.html>
> Sent from the Apache XML - Security - Dev mailing list archive
> <http://apache-xml-project.6118.n7.nabble.com/Apache-XML-Security-Dev-f33675.html>
> at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
[WARNING : A/V UNSCANNABLE]AW: [WARNING : A/V UNSCANNABLE]AW:
[VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by tobias <to...@t-systems.com>.
I`m sending it again, don`t know what problem it is.
I'm getting a file not found error with this link: http://apache-xml-project.6118.n7.nabble.com/attachment/41697/1/TestTSLAPI.zip
Colm.
TestTSLAPI.zip (7M) <http://apache-xml-project.6118.n7.nabble.com/attachment/41705/0/TestTSLAPI.zip>
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41705.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: [WARNING : A/V UNSCANNABLE]AW: [VOTE] - Release Apache Santuario
- XML Security for Java 2.0.3
Posted by Colm O hEigeartaigh <co...@apache.org>.
I'm getting a file not found error with this link:
http://apache-xml-project.6118.n7.nabble.com/attachment/41697/1/TestTSLAPI.zip
Colm.
On Wed, Feb 11, 2015 at 6:01 PM, tobias <to...@t-systems.com> wrote:
> In this package I`ve included everything you need to reproduce the issue.
> Currently the DOM support is enabled to reproduce the issue with the digest
> error. You can easily switch to the Stax support to reproduce the logging
> error.
>
>
>
> mit freundlichen Grüßen
>
> Tobias Wolf
>
>
>
> T-Systems International GmbH
>
> Systems Integration
>
> Horizontal Solutions
>
> Tobias Wolf
>
> Software Architekt
>
> Project Center ECM & ECM Strategy & Architecture Consulting
>
> Dachauer Str. 651, D-80995 München
>
> +49 89 54550 - 2479 (Tel.)
>
> +49 151 168 80 221 (Mobil)
>
> E-Mail: [hidden email]
> <http:///user/SendEmail.jtp?type=node&node=41697&i=0>
>
> Internet: http://www.t-systems.com
>
>
>
> T-Systems International GmbH
>
> Supervisory Board: Thomas Dannenfeldt (Chairman)
>
> Board of Management: Reinhard Clemens (Chairman), Dr. Ferri Abolhassan,
> Dr. Markus Müller, Georg Pepping, Hagen Rickmann, Klaus Werner
>
> Commercial register: Amtsgericht Frankfurt am Main HRB 55933
>
> Registered office: Frankfurt am Main
>
>
>
>
>
>
>
> Notice: This transmittal and/or attachments may be privileged or
> confidential. It is intended solely for the addressee named above. Any
> review, dissemination, or copying is strictly prohibited. If you received
> this transmittal in error, please notify us immediately by reply and
> immediately delete this message and all its attachments. Thank you.
>
>
>
>
>
>
>
> Big changes start small – conserve resources by not printing every e-mail.
>
>
>
> *Von:* Colm O hEigeartaigh-2 [via Apache XML Project] [mailto:[hidden
> email] <http:///user/SendEmail.jtp?type=node&node=41697&i=1>]
> *Gesendet:* Dienstag, 10. Februar 2015 15:07
> *An:* Wolf, Tobias
> *Betreff:* Re: [VOTE] - Release Apache Santuario - XML Security for Java
> 2.0.3
>
>
>
>
>
> You have a load of dependencies that aren't included, i.e. "IMCertUtil".
> Please create a test-case that I can just unzip + run without having to
> change any code.
>
> Colm.
>
>
>
> On Tue, Feb 10, 2015 at 12:50 PM, tobias <[hidden email]
> <http:///user/SendEmail.jtp?type=node&node=41695&i=0>> wrote:
>
> Attached to this mail I send you all needed files including a Junit test
> case. Currently I`m trying to sign with DOM but you can easily switch to
> Stax mode in the class TSLXmlSigner.
>
>
>
> *Von:* Colm O hEigeartaigh-2 [via Apache XML Project] [mailto:[hidden
> email] <http://user/SendEmail.jtp?type=node&node=41694&i=0>]
> *Gesendet:* Dienstag, 10. Februar 2015 13:06
> *An:* Wolf, Tobias
> *Betreff:* Re: [VOTE] - Release Apache Santuario - XML Security for Java
> 2.0.3
>
>
>
>
>
>
> Stax signer
> - When I set XMLSecurityProperties.setSignaturePosition(1); no signature is
> being written, with "0" the signature is written on the top of the file.
>
>
>
> I can't reproduce this. With "1", the Signature should be written out
> after the first child element. Could you create a test-case to reproduce
> the problem?
>
>
>
> Dom Verify
> - With this new version 2.0.3 I`m getting an exception, it was working with
> 2.0.2, but I need the RSA-PSS algorithm support, therefore I want to
> upgrade
> Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Invalid
> digest of reference #ID_097f0764-9f73-4fb2-b2e0-7de370930288
>
>
> Could you create a test-case to reproduce the problem?
>
>
> Another question is, why does that code:
>
> String id = "ID_" +
> UUID.randomUUID().toString();
> elementToSign.setAttributeNS(null, "Id",
> id);
> elementToSign.setIdAttributeNS(null, "Id",
> true);
>
> transforms = new Transforms(document);
> transforms
> .addTransform("
> http://www.w3.org/2001/10/xml-exc-c14n#
> <http://www.w3.org/2001/10/xml-exc-c14n>");
> xmlSignature.addDocument("#" + id,
> transforms,
> "
> http://www.w3.org/2000/09/xmldsig#sha1");
>
> set the id on the top of the xml document and also to the reference field?
>
> <TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#
> <http://uri.etsi.org/02231/v2>"
> Id="ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed"
> TSLTag="http://uri.etsi.org/02231/TSLTag">
> <ds:Reference URI="#ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed">
>
> Is that a correct behaviour?
>
>
>
> Yes, the reference URI points to the Element that is signed (in this case
> TrustServiceStatusList).
>
> Colm.
>
>
>
>
>
>
> --
> View this message in context:
> http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41687.html
> Sent from the Apache XML - Security - Dev mailing list archive at
> Nabble.com.
>
>
>
>
>
> --
>
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
> ------------------------------
>
> *If you reply to this email, your message will be added to the discussion
> below:*
>
>
> http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41692.html
>
> To unsubscribe from [VOTE] - Release Apache Santuario - XML Security for
> Java 2.0.3, click here.
> NAML
> <http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
>
> [image:
> http://apache-xml-project.6118.n7.nabble.com/images/icon_attachment.gif]
> *TSLXmlSigner.java* (23K) Download Attachment
> <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/0/TSLXmlSigner.java>
> [image:
> http://apache-xml-project.6118.n7.nabble.com/images/icon_attachment.gif]
> *test.xml* (210 bytes) Download Attachment
> <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/1/test.xml>
> [image:
> http://apache-xml-project.6118.n7.nabble.com/images/icon_attachment.gif]
> *TestTSLXmlSigner.java* (1K) Download Attachment
> <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/2/TestTSLXmlSigner.java>
> [image:
> http://apache-xml-project.6118.n7.nabble.com/images/icon_attachment.gif]
> *tsl_xml_sign.der* (1K) Download Attachment
> <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/3/tsl_xml_sign.der>
> [image:
> http://apache-xml-project.6118.n7.nabble.com/images/icon_attachment.gif]
> *tsl_xml_sign.crt* (1K) Download Attachment
> <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/4/tsl_xml_sign.crt>
>
>
> ------------------------------
>
> View this message in context: AW: [VOTE] - Release Apache Santuario - XML
> Security for Java 2.0.3
> <http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41694.html>
> Sent from the Apache XML - Security - Dev mailing list archive
> <http://apache-xml-project.6118.n7.nabble.com/Apache-XML-Security-Dev-f33675.html>
> at Nabble.com.
>
>
>
>
>
> --
>
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
> ------------------------------
>
> *If you reply to this email, your message will be added to the discussion
> below:*
>
>
> http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41695.html
>
> To unsubscribe from [VOTE] - Release Apache Santuario - XML Security for
> Java 2.0.3, click here.
> NAML
> <http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
> *TestTSLAPI.zip* (7M) Download Attachment
> <http://apache-xml-project.6118.n7.nabble.com/attachment/41697/1/TestTSLAPI.zip>
>
> ------------------------------
> View this message in context: [WARNING : A/V UNSCANNABLE]AW: [VOTE] -
> Release Apache Santuario - XML Security for Java 2.0.3
> <http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41697.html>
> Sent from the Apache XML - Security - Dev mailing list archive
> <http://apache-xml-project.6118.n7.nabble.com/Apache-XML-Security-Dev-f33675.html>
> at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
[WARNING : A/V UNSCANNABLE]AW: [VOTE] - Release Apache Santuario -
XML Security for Java 2.0.3
Posted by tobias <to...@t-systems.com>.
In this package I`ve included everything you need to reproduce the issue. Currently the DOM support is enabled to reproduce the issue with the digest error. You can easily switch to the Stax support to reproduce the logging error.
mit freundlichen Grüßen
Tobias Wolf
T-Systems International GmbH
Systems Integration
Horizontal Solutions
Tobias Wolf
Software Architekt
Project Center ECM & ECM Strategy & Architecture Consulting
Dachauer Str. 651, D-80995 München
+49 89 54550 - 2479 (Tel.)
+49 151 168 80 221 (Mobil)
E-Mail: tobias.wolf@t-systems.com
Internet: http://www.t-systems.com
T-Systems International GmbH
Supervisory Board: Thomas Dannenfeldt (Chairman)
Board of Management: Reinhard Clemens (Chairman), Dr. Ferri Abolhassan, Dr. Markus Müller, Georg Pepping, Hagen Rickmann, Klaus Werner
Commercial register: Amtsgericht Frankfurt am Main HRB 55933
Registered office: Frankfurt am Main
Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.
Big changes start small – conserve resources by not printing every e-mail.
Von: Colm O hEigeartaigh-2 [via Apache XML Project] [mailto:ml-node+s6118n41695h20@n7.nabble.com]
Gesendet: Dienstag, 10. Februar 2015 15:07
An: Wolf, Tobias
Betreff: Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
You have a load of dependencies that aren't included, i.e. "IMCertUtil". Please create a test-case that I can just unzip + run without having to change any code.
Colm.
On Tue, Feb 10, 2015 at 12:50 PM, tobias <[hidden email]</user/SendEmail.jtp?type=node&node=41695&i=0>> wrote:
Attached to this mail I send you all needed files including a Junit test case. Currently I`m trying to sign with DOM but you can easily switch to Stax mode in the class TSLXmlSigner.
Von: Colm O hEigeartaigh-2 [via Apache XML Project] [mailto:[hidden email]<http://user/SendEmail.jtp?type=node&node=41694&i=0>]
Gesendet: Dienstag, 10. Februar 2015 13:06
An: Wolf, Tobias
Betreff: Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Stax signer
- When I set XMLSecurityProperties.setSignaturePosition(1); no signature is
being written, with "0" the signature is written on the top of the file.
I can't reproduce this. With "1", the Signature should be written out after the first child element. Could you create a test-case to reproduce the problem?
Dom Verify
- With this new version 2.0.3 I`m getting an exception, it was working with
2.0.2, but I need the RSA-PSS algorithm support, therefore I want to upgrade
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Invalid
digest of reference #ID_097f0764-9f73-4fb2-b2e0-7de370930288
Could you create a test-case to reproduce the problem?
Another question is, why does that code:
String id = "ID_" + UUID.randomUUID().toString();
elementToSign.setAttributeNS(null, "Id", id);
elementToSign.setIdAttributeNS(null, "Id", true);
transforms = new Transforms(document);
transforms
.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>");
xmlSignature.addDocument("#" + id, transforms,
"http://www.w3.org/2000/09/xmldsig#sha1");
set the id on the top of the xml document and also to the reference field?
<TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#<http://uri.etsi.org/02231/v2>"
Id="ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed"
TSLTag="http://uri.etsi.org/02231/TSLTag">
<ds:Reference URI="#ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed">
Is that a correct behaviour?
Yes, the reference URI points to the Element that is signed (in this case TrustServiceStatusList).
Colm.
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41687.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
________________________________
If you reply to this email, your message will be added to the discussion below:
http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41692.html
To unsubscribe from [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3, click here.
NAML<http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
[cid:image001.png@01D0454E.E3ED26C0]TSLXmlSigner.java (23K) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/0/TSLXmlSigner.java>
[cid:image001.png@01D0454E.E3ED26C0]test.xml (210 bytes) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/1/test.xml>
[cid:image001.png@01D0454E.E3ED26C0]TestTSLXmlSigner.java (1K) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/2/TestTSLXmlSigner.java>
[cid:image001.png@01D0454E.E3ED26C0]tsl_xml_sign.der (1K) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/3/tsl_xml_sign.der>
[cid:image001.png@01D0454E.E3ED26C0]tsl_xml_sign.crt (1K) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/4/tsl_xml_sign.crt>
________________________________
View this message in context: AW: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3<http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41694.html>
Sent from the Apache XML - Security - Dev mailing list archive<http://apache-xml-project.6118.n7.nabble.com/Apache-XML-Security-Dev-f33675.html> at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
________________________________
If you reply to this email, your message will be added to the discussion below:
http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41695.html
To unsubscribe from [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3, click here<http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=41648&code=dG9iaWFzLndvbGZAdC1zeXN0ZW1zLmNvbXw0MTY0OHwxNjQxMTM5MzQ2>.
NAML<http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
image001.png (2K) <http://apache-xml-project.6118.n7.nabble.com/attachment/41697/0/image001.png>
TestTSLAPI.zip (7M) <http://apache-xml-project.6118.n7.nabble.com/attachment/41697/1/TestTSLAPI.zip>
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41697.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
[WARNING : A/V UNSCANNABLE]AW: [VOTE] - Release Apache Santuario -
XML Security for Java 2.0.3
Posted by tobias <to...@t-systems.com>.
In this package I`ve included everything you need to reproduce the issue.
mit freundlichen Grüßen
Tobias Wolf
T-Systems International GmbH
Systems Integration
Horizontal Solutions
Tobias Wolf
Software Architekt
Project Center ECM & ECM Strategy & Architecture Consulting
Dachauer Str. 651, D-80995 München
+49 89 54550 - 2479 (Tel.)
+49 151 168 80 221 (Mobil)
E-Mail: tobias.wolf@t-systems.com
Internet: http://www.t-systems.com
T-Systems International GmbH
Supervisory Board: Thomas Dannenfeldt (Chairman)
Board of Management: Reinhard Clemens (Chairman), Dr. Ferri Abolhassan, Dr. Markus Müller, Georg Pepping, Hagen Rickmann, Klaus Werner
Commercial register: Amtsgericht Frankfurt am Main HRB 55933
Registered office: Frankfurt am Main
Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.
Big changes start small – conserve resources by not printing every e-mail.
Von: Colm O hEigeartaigh-2 [via Apache XML Project] [mailto:ml-node+s6118n41695h20@n7.nabble.com]
Gesendet: Dienstag, 10. Februar 2015 15:07
An: Wolf, Tobias
Betreff: Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
You have a load of dependencies that aren't included, i.e. "IMCertUtil". Please create a test-case that I can just unzip + run without having to change any code.
Colm.
On Tue, Feb 10, 2015 at 12:50 PM, tobias <[hidden email]</user/SendEmail.jtp?type=node&node=41695&i=0>> wrote:
Attached to this mail I send you all needed files including a Junit test case. Currently I`m trying to sign with DOM but you can easily switch to Stax mode in the class TSLXmlSigner.
Von: Colm O hEigeartaigh-2 [via Apache XML Project] [mailto:[hidden email]<http://user/SendEmail.jtp?type=node&node=41694&i=0>]
Gesendet: Dienstag, 10. Februar 2015 13:06
An: Wolf, Tobias
Betreff: Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Stax signer
- When I set XMLSecurityProperties.setSignaturePosition(1); no signature is
being written, with "0" the signature is written on the top of the file.
I can't reproduce this. With "1", the Signature should be written out after the first child element. Could you create a test-case to reproduce the problem?
Dom Verify
- With this new version 2.0.3 I`m getting an exception, it was working with
2.0.2, but I need the RSA-PSS algorithm support, therefore I want to upgrade
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Invalid
digest of reference #ID_097f0764-9f73-4fb2-b2e0-7de370930288
Could you create a test-case to reproduce the problem?
Another question is, why does that code:
String id = "ID_" + UUID.randomUUID().toString();
elementToSign.setAttributeNS(null, "Id", id);
elementToSign.setIdAttributeNS(null, "Id", true);
transforms = new Transforms(document);
transforms
.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>");
xmlSignature.addDocument("#" + id, transforms,
"http://www.w3.org/2000/09/xmldsig#sha1");
set the id on the top of the xml document and also to the reference field?
<TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#<http://uri.etsi.org/02231/v2>"
Id="ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed"
TSLTag="http://uri.etsi.org/02231/TSLTag">
<ds:Reference URI="#ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed">
Is that a correct behaviour?
Yes, the reference URI points to the Element that is signed (in this case TrustServiceStatusList).
Colm.
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41687.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
________________________________
If you reply to this email, your message will be added to the discussion below:
http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41692.html
To unsubscribe from [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3, click here.
NAML<http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
[cid:image001.png@01D0454E.E3ED26C0]TSLXmlSigner.java (23K) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/0/TSLXmlSigner.java>
[cid:image001.png@01D0454E.E3ED26C0]test.xml (210 bytes) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/1/test.xml>
[cid:image001.png@01D0454E.E3ED26C0]TestTSLXmlSigner.java (1K) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/2/TestTSLXmlSigner.java>
[cid:image001.png@01D0454E.E3ED26C0]tsl_xml_sign.der (1K) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/3/tsl_xml_sign.der>
[cid:image001.png@01D0454E.E3ED26C0]tsl_xml_sign.crt (1K) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/4/tsl_xml_sign.crt>
________________________________
View this message in context: AW: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3<http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41694.html>
Sent from the Apache XML - Security - Dev mailing list archive<http://apache-xml-project.6118.n7.nabble.com/Apache-XML-Security-Dev-f33675.html> at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
________________________________
If you reply to this email, your message will be added to the discussion below:
http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41695.html
To unsubscribe from [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3, click here<http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=41648&code=dG9iaWFzLndvbGZAdC1zeXN0ZW1zLmNvbXw0MTY0OHwxNjQxMTM5MzQ2>.
NAML<http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
image001.png (2K) <http://apache-xml-project.6118.n7.nabble.com/attachment/41696/0/image001.png>
TestTSLAPI.zip (7M) <http://apache-xml-project.6118.n7.nabble.com/attachment/41696/1/TestTSLAPI.zip>
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41696.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by Colm O hEigeartaigh <co...@apache.org>.
You have a load of dependencies that aren't included, i.e. "IMCertUtil".
Please create a test-case that I can just unzip + run without having to
change any code.
Colm.
On Tue, Feb 10, 2015 at 12:50 PM, tobias <to...@t-systems.com> wrote:
> Attached to this mail I send you all needed files including a Junit test
> case. Currently I`m trying to sign with DOM but you can easily switch to
> Stax mode in the class TSLXmlSigner.
>
>
>
> *Von:* Colm O hEigeartaigh-2 [via Apache XML Project] [mailto:[hidden
> email] <http:///user/SendEmail.jtp?type=node&node=41694&i=0>]
> *Gesendet:* Dienstag, 10. Februar 2015 13:06
> *An:* Wolf, Tobias
> *Betreff:* Re: [VOTE] - Release Apache Santuario - XML Security for Java
> 2.0.3
>
>
>
>
>
>
> Stax signer
> - When I set XMLSecurityProperties.setSignaturePosition(1); no signature is
> being written, with "0" the signature is written on the top of the file.
>
>
>
> I can't reproduce this. With "1", the Signature should be written out
> after the first child element. Could you create a test-case to reproduce
> the problem?
>
>
>
> Dom Verify
> - With this new version 2.0.3 I`m getting an exception, it was working with
> 2.0.2, but I need the RSA-PSS algorithm support, therefore I want to
> upgrade
> Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Invalid
> digest of reference #ID_097f0764-9f73-4fb2-b2e0-7de370930288
>
>
> Could you create a test-case to reproduce the problem?
>
>
> Another question is, why does that code:
>
> String id = "ID_" +
> UUID.randomUUID().toString();
> elementToSign.setAttributeNS(null, "Id",
> id);
> elementToSign.setIdAttributeNS(null, "Id",
> true);
>
> transforms = new Transforms(document);
> transforms
> .addTransform("
> http://www.w3.org/2001/10/xml-exc-c14n#
> <http://www.w3.org/2001/10/xml-exc-c14n>");
> xmlSignature.addDocument("#" + id,
> transforms,
> "
> http://www.w3.org/2000/09/xmldsig#sha1");
>
> set the id on the top of the xml document and also to the reference field?
>
> <TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#
> <http://uri.etsi.org/02231/v2>"
> Id="ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed"
> TSLTag="http://uri.etsi.org/02231/TSLTag">
> <ds:Reference URI="#ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed">
>
> Is that a correct behaviour?
>
>
>
> Yes, the reference URI points to the Element that is signed (in this case
> TrustServiceStatusList).
>
> Colm.
>
>
>
>
>
>
> --
> View this message in context:
> http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41687.html
> Sent from the Apache XML - Security - Dev mailing list archive at
> Nabble.com.
>
>
>
>
>
> --
>
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>
>
> ------------------------------
>
> *If you reply to this email, your message will be added to the discussion
> below:*
>
>
> http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41692.html
>
> To unsubscribe from [VOTE] - Release Apache Santuario - XML Security for
> Java 2.0.3, click here.
> NAML
> <http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
>
> *TSLXmlSigner.java* (23K) Download Attachment
> <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/0/TSLXmlSigner.java>
> *test.xml* (210 bytes) Download Attachment
> <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/1/test.xml>
> *TestTSLXmlSigner.java* (1K) Download Attachment
> <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/2/TestTSLXmlSigner.java>
> *tsl_xml_sign.der* (1K) Download Attachment
> <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/3/tsl_xml_sign.der>
> *tsl_xml_sign.crt* (1K) Download Attachment
> <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/4/tsl_xml_sign.crt>
>
> ------------------------------
> View this message in context: AW: [VOTE] - Release Apache Santuario - XML
> Security for Java 2.0.3
> <http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41694.html>
> Sent from the Apache XML - Security - Dev mailing list archive
> <http://apache-xml-project.6118.n7.nabble.com/Apache-XML-Security-Dev-f33675.html>
> at Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
AW: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by tobias <to...@t-systems.com>.
Attached to this mail I send you all needed files including a Junit test case. Currently I`m trying to sign with DOM but you can easily switch to Stax mode in the class TSLXmlSigner.
Von: Colm O hEigeartaigh-2 [via Apache XML Project] [mailto:ml-node+s6118n41692h27@n7.nabble.com]
Gesendet: Dienstag, 10. Februar 2015 13:06
An: Wolf, Tobias
Betreff: Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Stax signer
- When I set XMLSecurityProperties.setSignaturePosition(1); no signature is
being written, with "0" the signature is written on the top of the file.
I can't reproduce this. With "1", the Signature should be written out after the first child element. Could you create a test-case to reproduce the problem?
Dom Verify
- With this new version 2.0.3 I`m getting an exception, it was working with
2.0.2, but I need the RSA-PSS algorithm support, therefore I want to upgrade
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Invalid
digest of reference #ID_097f0764-9f73-4fb2-b2e0-7de370930288
Could you create a test-case to reproduce the problem?
Another question is, why does that code:
String id = "ID_" + UUID.randomUUID().toString();
elementToSign.setAttributeNS(null, "Id", id);
elementToSign.setIdAttributeNS(null, "Id", true);
transforms = new Transforms(document);
transforms
.addTransform("http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>");
xmlSignature.addDocument("#" + id, transforms,
"http://www.w3.org/2000/09/xmldsig#sha1");
set the id on the top of the xml document and also to the reference field?
<TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#<http://uri.etsi.org/02231/v2>"
Id="ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed"
TSLTag="http://uri.etsi.org/02231/TSLTag">
<ds:Reference URI="#ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed">
Is that a correct behaviour?
Yes, the reference URI points to the Element that is signed (in this case TrustServiceStatusList).
Colm.
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41687.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com
________________________________
If you reply to this email, your message will be added to the discussion below:
http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41692.html
To unsubscribe from [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3, click here<http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=41648&code=dG9iaWFzLndvbGZAdC1zeXN0ZW1zLmNvbXw0MTY0OHwxNjQxMTM5MzQ2>.
NAML<http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>
TSLXmlSigner.java (23K) <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/0/TSLXmlSigner.java>
test.xml (210 bytes) <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/1/test.xml>
TestTSLXmlSigner.java (1K) <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/2/TestTSLXmlSigner.java>
tsl_xml_sign.der (1K) <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/3/tsl_xml_sign.der>
tsl_xml_sign.crt (1K) <http://apache-xml-project.6118.n7.nabble.com/attachment/41694/4/tsl_xml_sign.crt>
--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41694.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.
Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3
Posted by Colm O hEigeartaigh <co...@apache.org>.
>
> Stax signer
> - When I set XMLSecurityProperties.setSignaturePosition(1); no signature is
> being written, with "0" the signature is written on the top of the file.
>
I can't reproduce this. With "1", the Signature should be written out after
the first child element. Could you create a test-case to reproduce the
problem?
>
> Dom Verify
> - With this new version 2.0.3 I`m getting an exception, it was working with
> 2.0.2, but I need the RSA-PSS algorithm support, therefore I want to
> upgrade
> Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Invalid
> digest of reference #ID_097f0764-9f73-4fb2-b2e0-7de370930288
>
Could you create a test-case to reproduce the problem?
> Another question is, why does that code:
>
> String id = "ID_" +
> UUID.randomUUID().toString();
> elementToSign.setAttributeNS(null, "Id",
> id);
> elementToSign.setIdAttributeNS(null, "Id",
> true);
>
> transforms = new Transforms(document);
> transforms
> .addTransform("
> http://www.w3.org/2001/10/xml-exc-c14n#");
> xmlSignature.addDocument("#" + id,
> transforms,
> "
> http://www.w3.org/2000/09/xmldsig#sha1");
>
> set the id on the top of the xml document and also to the reference field?
>
> <TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#"
> Id="ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed"
> TSLTag="http://uri.etsi.org/02231/TSLTag">
> <ds:Reference URI="#ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed">
>
> Is that a correct behaviour?
>
Yes, the reference URI points to the Element that is signed (in this case
TrustServiceStatusList).
Colm.
>
>
>
> --
> View this message in context:
> http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41687.html
> Sent from the Apache XML - Security - Dev mailing list archive at
> Nabble.com.
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com