You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Clement Pellerin (Created) (JIRA)" <ji...@apache.org> on 2012/03/26 22:44:28 UTC
[jira] [Created] (SANTUARIO-308) Canonicalizer error when
encrypting multiple elements
Canonicalizer error when encrypting multiple elements
-----------------------------------------------------
Key: SANTUARIO-308
URL: https://issues.apache.org/jira/browse/SANTUARIO-308
Project: Santuario
Issue Type: Bug
Components: Java
Affects Versions: Java 1.5.1, Java 1.4.5
Reporter: Clement Pellerin
Assignee: Colm O hEigeartaigh
When we are encrypting multiple elements like this:
for (int i = 0; i < elems.length; i++) {
cipher.doFinal(doc, elem[i])
}
We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
The input document:
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
becomes:
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
I would much rather obtain the same output as the original, but I'm not sure if the XML Encryption spec allows this.
Here <elem>22</elem> is encrypted first, and I believe is the element canonicalized correctly.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (SANTUARIO-308) Canonicalizer error when encrypting
multiple elements
Posted by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed SANTUARIO-308.
-----------------------------------------
> Canonicalizer error when encrypting multiple elements
> -----------------------------------------------------
>
> Key: SANTUARIO-308
> URL: https://issues.apache.org/jira/browse/SANTUARIO-308
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.4.5, Java 1.5.1
> Reporter: Clement Pellerin
> Assignee: Colm O hEigeartaigh
> Fix For: Java 1.5.2
>
> Attachments: TestExtraXmlns.java
>
>
> When we are encrypting multiple elements like this:
> for (int i = 0; i < elems.length; i++) {
> cipher.doFinal(doc, elems[i])
> }
> We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
> The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
> The input document:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
> becomes:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
> The XML Encryption spec says the encrypted subtree must be serialized following the rules of the XML 1.0 spec and the characters converted to bytes in UTF-8. The XML Encryption spec does not mandate a specific canonicalization. In fact, it warns in section 4.3.3 that Inclusive XML and Exclusive XML both have problems. (See SANTUARIO-309). Here the first Element encrypted is <elem>22</elem>, but I would not conclude it is serialized better than the subsequent elements.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (SANTUARIO-308) Canonicalizer error when
encrypting multiple elements
Posted by "Colm O hEigeartaigh (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved SANTUARIO-308.
-------------------------------------------
Resolution: Fixed
> Canonicalizer error when encrypting multiple elements
> -----------------------------------------------------
>
> Key: SANTUARIO-308
> URL: https://issues.apache.org/jira/browse/SANTUARIO-308
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.4.5, Java 1.5.1
> Reporter: Clement Pellerin
> Assignee: Colm O hEigeartaigh
> Fix For: Java 1.5.2
>
> Attachments: TestExtraXmlns.java
>
>
> When we are encrypting multiple elements like this:
> for (int i = 0; i < elems.length; i++) {
> cipher.doFinal(doc, elems[i])
> }
> We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
> The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
> The input document:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
> becomes:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
> The XML Encryption spec says the encrypted subtree must be serialized following the rules of the XML 1.0 spec and the characters converted to bytes in UTF-8. The XML Encryption spec does not mandate a specific canonicalization. In fact, it warns in section 4.3.3 that Inclusive XML and Exclusive XML both have problems. (See SANTUARIO-309). Here the first Element encrypted is <elem>22</elem>, but I would not conclude it is serialized better than the subsequent elements.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SANTUARIO-308) Canonicalizer error when
encrypting multiple elements
Posted by "Colm O hEigeartaigh (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated SANTUARIO-308:
------------------------------------------
Fix Version/s: Java 1.5.2
> Canonicalizer error when encrypting multiple elements
> -----------------------------------------------------
>
> Key: SANTUARIO-308
> URL: https://issues.apache.org/jira/browse/SANTUARIO-308
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.4.5, Java 1.5.1
> Reporter: Clement Pellerin
> Assignee: Colm O hEigeartaigh
> Fix For: Java 1.5.2
>
> Attachments: TestExtraXmlns.java
>
>
> When we are encrypting multiple elements like this:
> for (int i = 0; i < elems.length; i++) {
> cipher.doFinal(doc, elems[i])
> }
> We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
> The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
> The input document:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
> becomes:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
> The XML Encryption spec says the encrypted subtree must be serialized following the rules of the XML 1.0 spec and the characters converted to bytes in UTF-8. The XML Encryption spec does not mandate a specific canonicalization. In fact, it warns in section 4.3.3 that Inclusive XML and Exclusive XML both have problems. (See SANTUARIO-309). Here the first Element encrypted is <elem>22</elem>, but I would not conclude it is serialized better than the subsequent elements.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SANTUARIO-308) Canonicalizer error when
encrypting multiple elements
Posted by "Clement Pellerin (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Clement Pellerin updated SANTUARIO-308:
---------------------------------------
Description:
When we are encrypting multiple elements like this:
for (int i = 0; i < elems.length; i++) {
cipher.doFinal(doc, elems[i])
}
We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
The input document:
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
becomes:
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
I would much rather obtain the same output as the original, but I'm not sure if the XML Encryption spec allows this.
Here <elem>22</elem> is encrypted first, and I believe is the element canonicalized correctly.
was:
When we are encrypting multiple elements like this:
for (int i = 0; i < elems.length; i++) {
cipher.doFinal(doc, elem[i])
}
We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
The input document:
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
becomes:
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
I would much rather obtain the same output as the original, but I'm not sure if the XML Encryption spec allows this.
Here <elem>22</elem> is encrypted first, and I believe is the element canonicalized correctly.
> Canonicalizer error when encrypting multiple elements
> -----------------------------------------------------
>
> Key: SANTUARIO-308
> URL: https://issues.apache.org/jira/browse/SANTUARIO-308
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.4.5, Java 1.5.1
> Reporter: Clement Pellerin
> Assignee: Colm O hEigeartaigh
> Attachments: TestExtraXmlns.java
>
>
> When we are encrypting multiple elements like this:
> for (int i = 0; i < elems.length; i++) {
> cipher.doFinal(doc, elems[i])
> }
> We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
> The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
> The input document:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
> becomes:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
> I would much rather obtain the same output as the original, but I'm not sure if the XML Encryption spec allows this.
> Here <elem>22</elem> is encrypted first, and I believe is the element canonicalized correctly.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SANTUARIO-308) Canonicalizer error when
encrypting multiple elements
Posted by "Anli Shundi (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13241332#comment-13241332 ]
Anli Shundi commented on SANTUARIO-308:
---------------------------------------
One more problem is that when encrypting only the content and it starts with a comment then C14N considers it as outside the document element and appends newlines to it. This becomes a problem if the same element is signed before with C14NOmmitComments. Verification fails because there's a newline on decryption. The fix would be for the employed C14N to turn off the logic of checking for document element and prepending or appending newlines for comments.
> Canonicalizer error when encrypting multiple elements
> -----------------------------------------------------
>
> Key: SANTUARIO-308
> URL: https://issues.apache.org/jira/browse/SANTUARIO-308
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.4.5, Java 1.5.1
> Reporter: Clement Pellerin
> Assignee: Colm O hEigeartaigh
> Attachments: TestExtraXmlns.java
>
>
> When we are encrypting multiple elements like this:
> for (int i = 0; i < elems.length; i++) {
> cipher.doFinal(doc, elems[i])
> }
> We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
> The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
> The input document:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
> becomes:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
> I would much rather obtain the same output as the original, but I'm not sure if the XML Encryption spec allows this.
> Here <elem>22</elem> is encrypted first, and I believe is the element canonicalized correctly.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SANTUARIO-308) Canonicalizer error when
encrypting multiple elements
Posted by "Colm O hEigeartaigh (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13241349#comment-13241349 ]
Colm O hEigeartaigh commented on SANTUARIO-308:
-----------------------------------------------
Hi Anli,
That sounds like a separate issue - could you open another JIRA (& attach a test-case if possible)?
Colm.
> Canonicalizer error when encrypting multiple elements
> -----------------------------------------------------
>
> Key: SANTUARIO-308
> URL: https://issues.apache.org/jira/browse/SANTUARIO-308
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.4.5, Java 1.5.1
> Reporter: Clement Pellerin
> Assignee: Colm O hEigeartaigh
> Attachments: TestExtraXmlns.java
>
>
> When we are encrypting multiple elements like this:
> for (int i = 0; i < elems.length; i++) {
> cipher.doFinal(doc, elems[i])
> }
> We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
> The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
> The input document:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
> becomes:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
> I would much rather obtain the same output as the original, but I'm not sure if the XML Encryption spec allows this.
> Here <elem>22</elem> is encrypted first, and I believe is the element canonicalized correctly.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SANTUARIO-308) Canonicalizer error when
encrypting multiple elements
Posted by "Clement Pellerin (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13241483#comment-13241483 ]
Clement Pellerin commented on SANTUARIO-308:
--------------------------------------------
Anli's comment is another justification for the solution proposed for SANTUARIO-309.
> Canonicalizer error when encrypting multiple elements
> -----------------------------------------------------
>
> Key: SANTUARIO-308
> URL: https://issues.apache.org/jira/browse/SANTUARIO-308
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.4.5, Java 1.5.1
> Reporter: Clement Pellerin
> Assignee: Colm O hEigeartaigh
> Attachments: TestExtraXmlns.java
>
>
> When we are encrypting multiple elements like this:
> for (int i = 0; i < elems.length; i++) {
> cipher.doFinal(doc, elems[i])
> }
> We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
> The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
> The input document:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
> becomes:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
> I would much rather obtain the same output as the original, but I'm not sure if the XML Encryption spec allows this.
> Here <elem>22</elem> is encrypted first, and I believe is the element canonicalized correctly.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SANTUARIO-308) Canonicalizer error when
encrypting multiple elements
Posted by "Clement Pellerin (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Clement Pellerin updated SANTUARIO-308:
---------------------------------------
Description:
When we are encrypting multiple elements like this:
for (int i = 0; i < elems.length; i++) {
cipher.doFinal(doc, elems[i])
}
We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
The input document:
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
becomes:
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
The XML Encryption spec says the encrypted subtree must be serialized following the rules of the XML 1.0 spec and the characters converted to bytes in UTF-8. The XML Encryption spec does not mandate a specific canonicalization. In fact, it warns in section 4.3.3 that Inclusive XML and Exclusive XML both have problems. (See SANTUARIO-309). Here the first Element encrypted is <elem>22</elem>, but I would not conclude it is serialized better than the subsequent elements.
was:
When we are encrypting multiple elements like this:
for (int i = 0; i < elems.length; i++) {
cipher.doFinal(doc, elems[i])
}
We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
The input document:
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
becomes:
<?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
I would much rather obtain the same output as the original, but I'm not sure if the XML Encryption spec allows this.
Here <elem>22</elem> is encrypted first, and I believe is the element canonicalized correctly.
> Canonicalizer error when encrypting multiple elements
> -----------------------------------------------------
>
> Key: SANTUARIO-308
> URL: https://issues.apache.org/jira/browse/SANTUARIO-308
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.4.5, Java 1.5.1
> Reporter: Clement Pellerin
> Assignee: Colm O hEigeartaigh
> Attachments: TestExtraXmlns.java
>
>
> When we are encrypting multiple elements like this:
> for (int i = 0; i < elems.length; i++) {
> cipher.doFinal(doc, elems[i])
> }
> We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
> The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
> The input document:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
> becomes:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
> The XML Encryption spec says the encrypted subtree must be serialized following the rules of the XML 1.0 spec and the characters converted to bytes in UTF-8. The XML Encryption spec does not mandate a specific canonicalization. In fact, it warns in section 4.3.3 that Inclusive XML and Exclusive XML both have problems. (See SANTUARIO-309). Here the first Element encrypted is <elem>22</elem>, but I would not conclude it is serialized better than the subsequent elements.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SANTUARIO-308) Canonicalizer error when
encrypting multiple elements
Posted by "Clement Pellerin (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-308?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Clement Pellerin updated SANTUARIO-308:
---------------------------------------
Attachment: TestExtraXmlns.java
> Canonicalizer error when encrypting multiple elements
> -----------------------------------------------------
>
> Key: SANTUARIO-308
> URL: https://issues.apache.org/jira/browse/SANTUARIO-308
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.4.5, Java 1.5.1
> Reporter: Clement Pellerin
> Assignee: Colm O hEigeartaigh
> Attachments: TestExtraXmlns.java
>
>
> When we are encrypting multiple elements like this:
> for (int i = 0; i < elems.length; i++) {
> cipher.doFinal(doc, elem[i])
> }
> We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
> The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
> The input document:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
> becomes:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
> I would much rather obtain the same output as the original, but I'm not sure if the XML Encryption spec allows this.
> Here <elem>22</elem> is encrypted first, and I believe is the element canonicalized correctly.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SANTUARIO-308) Canonicalizer error when
encrypting multiple elements
Posted by "Clement Pellerin (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-308?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13245478#comment-13245478 ]
Clement Pellerin commented on SANTUARIO-308:
--------------------------------------------
A patch that fixes this problem was uploaded in SANTUARIO-309. Notice this will only fix the default canonicalizer. The bug will still be exercised if the user explicitly selects the old canonicalizer on the XMLCipher constructor. This is a minor bug problably not worth fixing because of all the other problems with standard canonicalization algorithms when used as the serialization for XML Encryption.
> Canonicalizer error when encrypting multiple elements
> -----------------------------------------------------
>
> Key: SANTUARIO-308
> URL: https://issues.apache.org/jira/browse/SANTUARIO-308
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.4.5, Java 1.5.1
> Reporter: Clement Pellerin
> Assignee: Colm O hEigeartaigh
> Attachments: TestExtraXmlns.java
>
>
> When we are encrypting multiple elements like this:
> for (int i = 0; i < elems.length; i++) {
> cipher.doFinal(doc, elems[i])
> }
> We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()
> The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.
> The input document:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>
> becomes:
> <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>
> The XML Encryption spec says the encrypted subtree must be serialized following the rules of the XML 1.0 spec and the characters converted to bytes in UTF-8. The XML Encryption spec does not mandate a specific canonicalization. In fact, it warns in section 4.3.3 that Inclusive XML and Exclusive XML both have problems. (See SANTUARIO-309). Here the first Element encrypted is <elem>22</elem>, but I would not conclude it is serialized better than the subsequent elements.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira