You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Scott Cantor (JIRA)" <ji...@apache.org> on 2010/12/07 19:34:15 UTC
[jira] Updated: (SANTUARIO-190) Bug in canonicalization from an
XPathNodeList
[ https://issues.apache.org/jira/browse/SANTUARIO-190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Scott Cantor updated SANTUARIO-190:
-----------------------------------
Fix Version/s: C++ 1.6.0
> Bug in canonicalization from an XPathNodeList
> ---------------------------------------------
>
> Key: SANTUARIO-190
> URL: https://issues.apache.org/jira/browse/SANTUARIO-190
> Project: Santuario
> Issue Type: Bug
> Components: C++
> Affects Versions: C++ 1.5.1
> Environment: Operating System: Linux
> Platform: PC
> Reporter: John Keeping
> Assignee: XML Security Developers Mailing List
> Fix For: C++ 1.6.0
>
> Attachments: test.cpp, test.xml
>
>
> When canonicalizing a subsection of an XML file using a XSECC14n20010315 canonicalizer, if the section is set via setXPathMap and the elements in the XPath set have no namespace prefix but are in a namespace defined on a parent element in the original document then the canonicalized output is incorrect.
> For example, given the following XML:
> <Document xmlns="http://www.example.com/document">
> <Data id="data1">
> <FileName>image.jpeg</FileName>
> <FileType>image/jpeg</FileType>
> </Data>
> </Document>
> if an enveloped signature transform is applied to #data1 (ignoring for now the lack of signature there...), the result of canonicalization with xml-security-c is:
> <Data xmlns="http://www.example.com/document" id="data1">
> <FileName xmlns="http://www.example.com/document">image.jpeg</FileName>
> <FileType xmlns="http://www.example.com/document">image/jpeg</FileType>
> </Data>
> but it should be:
> <Data xmlns="http://www.example.com/document" id="data1">
> <FileName>image.jpeg</FileName>
> <FileType>image/jpeg</FileType>
> </Data>
> I will attach a test program and sample file which demonstrate this.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.