You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (Jira)" <ji...@apache.org> on 2020/04/06 08:31:00 UTC
[jira] [Resolved] (SANTUARIO-530) Reference validation always omits
comments for canonicalization
[ https://issues.apache.org/jira/browse/SANTUARIO-530?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved SANTUARIO-530.
-------------------------------------------
Resolution: Not A Problem
> Reference validation always omits comments for canonicalization
> ---------------------------------------------------------------
>
> Key: SANTUARIO-530
> URL: https://issues.apache.org/jira/browse/SANTUARIO-530
> Project: Santuario
> Issue Type: Bug
> Affects Versions: Java 2.1.4
> Reporter: Aleksandr Beliakov
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Attachments: exclusive_with_comments.xml, exclusive_without_comments.xml
>
>
> Hello, I have a problem when validating signature references with canonicalization transforms with comments, like "http://www.w3.org/2001/10/xml-exc-c14n#WithComments" and "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments".
> I use the following code to validate a reference:
> {code:java}
> org.apache.xml.security.signature.Reference.verify();
> {code}
> The problem seems to be in the method Reference.getContentsAfterTransformation(input, os). The thing is that the _input_ variable of XMLSignatureInput.class here has always an attribute "excludeComments=true", and the boolean value never changed depending on a requested transformer.
>
> I attach two signatures one without comments and one with comments, in order to show that the produced result of the method Reference.getContentsAfterTransformation().getBytes() is the same for this two different transforms.
>
> Could you please clarify, is that an expected behavior or a bug?
>
> Best regards,
> Aleksandr.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)