You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Eric Tournier <er...@keynectis.com> on 2007/05/03 14:30:07 UTC
RE: Namespaces
Berin, Sean,
Many thanks for your help and your suggestions :) It really helps me to understand my problem and the working solution is :
1- set the dsig prefix to "" and the enc prefix to "xenc" while signing ;
2- set the dsig prefix to "ds" and the enc prefix to "" while encrypting.
I know this is a workaround because I should modify my API to support namespaces :))
Eric
> -----Message d'origine-----
> De : Sean.Mullan@Sun.COM [mailto:Sean.Mullan@Sun.COM]
> Envoyé : mercredi 25 avril 2007 22:58
> À : security-dev@xml.apache.org
> Objet : Re: Namespaces
>
> I assume you are using the Apache XML Security APIs and not
> the standard JSR 105 API. In that case, try calling the
> following static methods before you sign/encrypt your data:
>
> to set the dsig prefix to "":
>
> org.apache.xml.security.utils.Constants.setSignatureSpecNSprefix("");
>
> to set the enc prefix to "":
>
> org.apache.xml.security.utils.ElementProxy.setPrefix(org.apach
> e.xml.security.encryption.EncryptionConstants.EncryptionSpecNS,
> "");
>
> Let me know if that works.
>
> --Sean
>
> Berin Lautenbach wrote:
> > OK - first up I'm not an expert on the Java library, more
> on the C++
> > library.
> >
> > The two examples you sent through are completely separate -
> one is for
> > sig and one encryption. So my guess is that in your situation you
> > could set the namespace prefix to "" for the dsig namespace
> when you
> > are doing a signature and to "" for the xenc namespace when you are
> > doing encryption. I.e. do one or the other - not both. If
> you need
> > to do both encryption and signature in one document, I'm not sure
> > whether the library will let you do that easily. I know you can't
> > have both namespaces as the default, but maybe you can
> switch between
> > each other as the default depending on what you are trying to do.
> >
> > Hopefully someone else can comment in that case.
> >
> > As a side note - namespace support is mandatory according
> to the spec.
> > What is optional is the use of "dsig" as the namespace
> prefix. So in
> > reality a compliant implementation needs to support the use of a
> > prefix for the signature and encryption namespaces.
> >
> > Cheers,
> > Berin
> >
> > Eric Tournier wrote:
> >> Hi Berin :)
> >>
> >> I hope your baby goes well and let you sleep :)
> >>
> >> Was the previously posted XML useful ? I checked the W3
> XMLEnc and
> >> XMLDSig references and found that thes two namespaces were
> optional
> >> (§1.3), so could you help me to configure XMLSecurity classe to
> >> produce signed XML without ds: then produce with this doc
> a encrypted
> >> XML without xenc: ?
> >>
> >> Thanks in advance
> >> Eric
> >>
> >>> -----Message d'origine-----
> >>> De : Berin Lautenbach [mailto:berin@wingsofhermes.org] Envoyé :
> >>> mercredi 18 avril 2007 14:05
> >>> À : security-dev@xml.apache.org
> >>> Objet : Re: Namespaces
> >>>
> >>> Can you post a signature from the implementation you use
> to see what
> >>> it looks like?
> >>>
> >>> Cheers,
> >>> Berin
> >>>
> >>> Eric Tournier wrote:
> >>>> Hi Berin :)
> >>>>
> >>>> I'm using a home-made XML Encryption implementation but
> >>> unfortunately I'm not the developer of it. This
> implementation does
> >>> not support ds: and xenc: prefixes, so I try not to have them. In
> >>> order to test interoperability of it with well-known API,
> I'm trying
> >>> to encrypt a XML document with XML Security and decrypt
> the result
> >>> with my implementation, and vice-versa.
> >>>> My intent is not to have two different namespaces as the
> >>> default namespace for the Signature element, but trying
> not to have
> >>> any of the ds: and xenc: prefix into the final encrypted
> then signed
> >>> XML document : element <Signature instead of <ds:Signature and
> >>> <CipherValue instead of <xenc:CipherValue.
> >>>> Thanks for your help
> >>>>
> >>>> Eric
> >>>>
> >>>>> -----Message d'origine-----
> >>>>> De : Berin Lautenbach [mailto:berin@wingsofhermes.org] Envoyé :
> >>>>> mercredi 18 avril 2007 11:36 À :
> >>> security-dev@xml.apache.org Objet :
> >>>>> Re: Namespaces
> >>>>>
> >>>>> As far as I can see - effectively your trying to have two
> >>> different
> >>>>> namespaces as the default namespace for the Signature
> >>> element. Which
> >>>>> can't really be done. Or am I misreading your intent?
> >>>>>
> >>>>> Why do you not want the namespaces? Both specs exist inside a
> >>>>> specific namespace, so you can't not use them.
> >>>>>
> >>>>> Cheers,
> >>>>> Berin
> >>>>>
> >>>>> Eric Tournier wrote:
> >>>>>> Hi :)
> >>>>>>
> >>>>>> I wish to encrypt then sign a XML document without the
> >>> 'ds;' and
> >>>>>> 'xenc:' namespaces. Unfortunately, I can only suppress on
> >>> of these
> >>>>>> namespaces :| The following code throws
> >>>>> XmlSecurityException always on
> >>>>>> the second line independent from its nature
> >>>>>> (EncryptionConstants.setEncryptionSpecNSprefixor or
> >>>>>> Constants.setSignatureSpecNSprefix) :
> >>>>>> (...)
> >>>>>> static
> >>>>>> {
> >>>>>> org.apache.xml.security.Init.init();
> >>>>>> JCA.setProvider();
> >>>>>> }
> >>>>>>
> >>>>>> public XMLSecurityResource() throws XMLSecurityException
> >>>>>> {
> >>>>>> // Suppression du namespace 'xenc:'
> >>>>>> EncryptionConstants.setEncryptionSpecNSprefix("");
> >>>>>> // Suppression du namespace 'ds:'
> >>>>>> Constants.setSignatureSpecNSprefix("");
> >>>>>> }
> >>>>>> (...)
> >>>>>>
> >>>>>> Could someone tell me how to resolve this ?
> >>>>>> Thanks
> >>>>>> Eric
> >>>>>>
> >>>>>> Eric TOURNIER
> >>>>>> Ingénieur concepteur objet senior - Expertise technique
> >>>>>> Java/J2EE/XML/AOP - Spring/Hibernate/Maven
> >>>>>> ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
> >>>>>> STERIA
> >>>>>> Département Banque, Assurance et Finance 46, rue Camille
> >>>>> Desmoulins -
> >>>>>> 92782 Issy-Les-Moulineaux Cedex 9 Tél : 01 53 94 22 94 -
> >>>>> Mob : 06 17
> >>>>>> 98 32 51 eric.tournier@steria.com
> >>> <ma...@steria.com>
> >>>>>> //
> >>>>
> >>
> >>
>
>
>