You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by tobias <to...@t-systems.com> on 2015/02/10 16:26:58 UTC

[WARNING : A/V UNSCANNABLE]AW: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3

In this package I`ve included everything you need to reproduce the issue.

mit freundlichen Grüßen
Tobias Wolf

T-Systems International GmbH
Systems Integration
Horizontal Solutions
Tobias Wolf
Software Architekt
Project Center ECM & ECM Strategy & Architecture Consulting
Dachauer Str. 651, D-80995 München
+49 89 54550 - 2479 (Tel.)
+49 151 168 80 221 (Mobil)
E-Mail: tobias.wolf@t-systems.com
Internet: http://www.t-systems.com

T-Systems International GmbH
Supervisory Board: Thomas Dannenfeldt (Chairman)
Board of Management: Reinhard Clemens (Chairman), Dr. Ferri Abolhassan, Dr. Markus Müller, Georg Pepping, Hagen Rickmann, Klaus Werner
Commercial register: Amtsgericht Frankfurt am Main HRB 55933
Registered office: Frankfurt am Main



Notice: This transmittal and/or attachments may be privileged or confidential. It is intended solely for the addressee named above. Any review, dissemination, or copying is strictly prohibited. If you received this transmittal in error, please notify us immediately by reply and immediately delete this message and all its attachments. Thank you.



Big changes start small – conserve resources by not printing every e-mail.

Von: Colm O hEigeartaigh-2 [via Apache XML Project] [mailto:ml-node+s6118n41695h20@n7.nabble.com]
Gesendet: Dienstag, 10. Februar 2015 15:07
An: Wolf, Tobias
Betreff: Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3


You have a load of dependencies that aren't included, i.e. "IMCertUtil". Please create a test-case that I can just unzip + run without having to change any code.

Colm.

On Tue, Feb 10, 2015 at 12:50 PM, tobias <[hidden email]</user/SendEmail.jtp?type=node&node=41695&i=0>> wrote:
Attached to this mail I send you all needed files including a Junit test case. Currently I`m trying to sign with DOM but you can easily switch to Stax mode in the class TSLXmlSigner.

Von: Colm O hEigeartaigh-2 [via Apache XML Project] [mailto:[hidden email]<http://user/SendEmail.jtp?type=node&node=41694&i=0>]
Gesendet: Dienstag, 10. Februar 2015 13:06
An: Wolf, Tobias
Betreff: Re: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3



Stax signer
- When I set XMLSecurityProperties.setSignaturePosition(1); no signature is
being written, with "0" the signature is written on the top of the file.

I can't reproduce this. With "1", the Signature should be written out after the first child element. Could you create a test-case to reproduce the problem?


Dom Verify
- With this new version 2.0.3 I`m getting an exception, it was working with
2.0.2, but I need the RSA-PSS algorithm support, therefore I want to upgrade
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Invalid
digest of reference #ID_097f0764-9f73-4fb2-b2e0-7de370930288

 Could you create a test-case to reproduce the problem?

Another question is, why does that code:

                                String id = "ID_" + UUID.randomUUID().toString();
                                elementToSign.setAttributeNS(null, "Id", id);
                                elementToSign.setIdAttributeNS(null, "Id", true);

                                transforms = new Transforms(document);
                                transforms
                                                .addTransform("http://www.w3.org/2001/10/xml-exc-c14n#<http://www.w3.org/2001/10/xml-exc-c14n>");
                                xmlSignature.addDocument("#" + id, transforms,
                                                "http://www.w3.org/2000/09/xmldsig#sha1");

set the id on the top of the xml document and also to the reference field?

<TrustServiceStatusList xmlns="http://uri.etsi.org/02231/v2#<http://uri.etsi.org/02231/v2>"
Id="ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed"
TSLTag="http://uri.etsi.org/02231/TSLTag">
<ds:Reference URI="#ID_90de3bdd-f5dd-4b66-af7f-39ad07dc2eed">

Is that a correct behaviour?

Yes, the reference URI points to the Element that is signed (in this case TrustServiceStatusList).

Colm.




--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41687.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

________________________________
If you reply to this email, your message will be added to the discussion below:
http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41692.html
To unsubscribe from [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3, click here.
NAML<http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>

[cid:image001.png@01D0454E.E3ED26C0]TSLXmlSigner.java (23K) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/0/TSLXmlSigner.java>
[cid:image001.png@01D0454E.E3ED26C0]test.xml (210 bytes) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/1/test.xml>
[cid:image001.png@01D0454E.E3ED26C0]TestTSLXmlSigner.java (1K) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/2/TestTSLXmlSigner.java>
[cid:image001.png@01D0454E.E3ED26C0]tsl_xml_sign.der (1K) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/3/tsl_xml_sign.der>
[cid:image001.png@01D0454E.E3ED26C0]tsl_xml_sign.crt (1K) Download Attachment<http://apache-xml-project.6118.n7.nabble.com/attachment/41694/4/tsl_xml_sign.crt>

________________________________
View this message in context: AW: [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3<http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41694.html>
Sent from the Apache XML - Security - Dev mailing list archive<http://apache-xml-project.6118.n7.nabble.com/Apache-XML-Security-Dev-f33675.html> at Nabble.com.



--
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

________________________________
If you reply to this email, your message will be added to the discussion below:
http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41695.html
To unsubscribe from [VOTE] - Release Apache Santuario - XML Security for Java 2.0.3, click here<http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=unsubscribe_by_code&node=41648&code=dG9iaWFzLndvbGZAdC1zeXN0ZW1zLmNvbXw0MTY0OHwxNjQxMTM5MzQ2>.
NAML<http://apache-xml-project.6118.n7.nabble.com/template/NamlServlet.jtp?macro=macro_viewer&id=instant_html%21nabble%3Aemail.naml&base=nabble.naml.namespaces.BasicNamespace-nabble.view.web.template.NabbleNamespace-nabble.view.web.template.NodeNamespace&breadcrumbs=notify_subscribers%21nabble%3Aemail.naml-instant_emails%21nabble%3Aemail.naml-send_instant_email%21nabble%3Aemail.naml>


image001.png (2K) <http://apache-xml-project.6118.n7.nabble.com/attachment/41696/0/image001.png>
TestTSLAPI.zip (7M) <http://apache-xml-project.6118.n7.nabble.com/attachment/41696/1/TestTSLAPI.zip>




--
View this message in context: http://apache-xml-project.6118.n7.nabble.com/VOTE-Release-Apache-Santuario-XML-Security-for-Java-2-0-3-tp41648p41696.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.