You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Erdem Memisyazici (JIRA)" <ji...@apache.org> on 2016/11/08 20:27:59 UTC
[jira] [Resolved] (SANTUARIO-455) Default Attributes are Not
Canonicalized
[ https://issues.apache.org/jira/browse/SANTUARIO-455?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Erdem Memisyazici resolved SANTUARIO-455.
-----------------------------------------
Resolution: Not A Problem
> Default Attributes are Not Canonicalized
> ----------------------------------------
>
> Key: SANTUARIO-455
> URL: https://issues.apache.org/jira/browse/SANTUARIO-455
> Project: Santuario
> Issue Type: Bug
> Affects Versions: Java 2.0.7
> Reporter: Erdem Memisyazici
> Assignee: Colm O hEigeartaigh
>
> When attempting to validate a document's signature using _XMLSignature.checkSignatureValue_ the canonicalized output of the given Node does not include omitted default attributes as defined by https://www.w3.org/TR/2001/REC-xml-c14n-20010315 Section 3.3 Start and End Tags As the implementations do not seem to be XSD aware (but complies with definition), before comparing digest.
> Given an example from PSKC (RFC-6030) using (http://www.w3.org/2001/10/xml-exc-c14n):
> {code:xml}
> <pskc:ResponseFormat Encoding="DECIMAL" Length="6" />
> {code}
> Should be canonicalized as:
> {code:xml}
> <pskc:ResponseFormat CheckDigits="false" Encoding="DECIMAL" Length="6"></pskc:ResponseFormat>
> {code}
> Given a definition of:
> {code:xml}
> <xs:element name="ResponseFormat" minOccurs="0">
> <xs:complexType>
> <xs:attribute name="Encoding"
> type="pskc:ValueFormatType"
> use="required"/>
> <xs:attribute name="Length"
> type="xs:unsignedInt" use="required"/>
> <xs:attribute name="CheckDigits"
> type="xs:boolean" default="false"/>
> </xs:complexType>
> </xs:element>
> {code}
> Before comparing ds:DigestValue, however this is not so, leading to failing the signature validation.
> The reason why I'm reporting this is, popular tools such as xmlsec (https://www.aleksey.com/xmlsec/) seem to be doing this during signing.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)