You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2015/07/01 15:14:06 UTC
Re: Santuario with Java STAX-API ID in wrong namespace
Hi,
> Is it at least possible to define a custom namespace for the ID?
No, as far as I know.
> Is the ID included during the calculation of the signature?
Yes.
Colm.
On Thu, Jun 25, 2015 at 10:25 AM, etlam nahkcip <
malte.pickhan@googlemail.com> wrote:
> No, since the schema is hold by a foreign service not maintained by me.
>
> Is it at least possible to define a custom namespace for the ID?
> Is the ID included during the calculation of the signature?
>
> 2015-06-25 10:52 GMT+02:00 Colm O hEigeartaigh <co...@apache.org>:
>
>>
>> This is how XML Signature references content that is signed in the same
>> document. Can you amend your schema with something like:
>>
>> <attribute name="Id" type="ID" use="optional"/>
>>
>> Colm.
>>
>>
>> On Thu, Jun 25, 2015 at 7:59 AM, etlam nahkcip <
>> malte.pickhan@googlemail.com> wrote:
>>
>>> Hi,
>>>
>>> I am trying to sign a XML-Message with help of Apache Santuario.
>>>
>>> What I'd like to achieve is having an Enveloped Signature.
>>>
>>> This is working so far, what's an Issue though, is that Santuario is
>>> putting an ID field into the elements.
>>> This ID field is not assigned to a namespace, which in my usacese leads
>>> to an invalid XML, since it can't be verified with the given XSD.
>>>
>>> Even with the demo which is provided on
>>> https://github.com/coheigea/testcases/tree/master/apache/santuario/santuario-xml-signature
>>>
>>> I can't see that there is a namespace assigned to the ID.
>>>
>>> Example Output:
>>>
>>> <PurchaseOrder xmlns="urn:example:po">
>>> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
>>> Id="Gaedee093-cfca-400c-b436-89dc426c0418">
>>> <dsig:SignedInfo>
>>> <dsig:CanonicalizationMethod
>>> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>>> <dsig:SignatureMethod Algorithm="
>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>>> <dsig:Reference URI="#G5ee3b986-92b3-4c05-a23d-268dd04c4d8a">
>>> <dsig:Transforms>
>>> <dsig:Transform Algorithm="
>>> http://www.w3.org/2001/10/xml-exc-c14n#" />
>>> </dsig:Transforms>
>>> <dsig:DigestMethod Algorithm="
>>> http://www.w3.org/2000/09/xmldsig#sha1" />
>>> <dsig:DigestValue>DigestValue</dsig:DigestValue>
>>> </dsig:Reference>
>>> </dsig:SignedInfo>
>>> <dsig:SignatureValue>SignatureValue</dsig:SignatureValue>
>>> <dsig:KeyInfo Id="G18aed097-5cbc-48da-94ff-fdfca5a0b3b9">
>>> <dsig:X509Data>
>>> <dsig:X509Certificate>CertValue</dsig:X509Certificate>
>>> </dsig:X509Data>
>>> </dsig:KeyInfo>
>>> </dsig:Signature>
>>> <Items>
>>> <Item Code="001-001-001" Quantity="1">
>>> spade
>>> </Item>
>>> <Item Code="001-001-002" Quantity="1">
>>> shovel
>>> </Item>
>>> </Items>
>>> <ShippingAddress>
>>> Dig PLC, 1 First Ave, Dublin 1, Ireland
>>> </ShippingAddress>
>>> <PaymentInfo Id="G5ee3b986-92b3-4c05-a23d-268dd04c4d8a">
>>> <BillingAddress>
>>> Dig PLC, 1 First Ave, Dublin 1, Ireland
>>> </BillingAddress>
>>> <CreditCard Type="Amex">
>>> <Name>Foo B Baz</Name>
>>> <Number>1234 567890 12345</Number>
>>> <Expires Month="1" Year="2005" />
>>> </CreditCard>
>>> </PaymentInfo>
>>> </PurchaseOrder>
>>>
>>> Is there any way to exclude the ID or to assign it to a namespace?
>>>
>>> Best Regards
>>>
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>
--
Colm O hEigeartaigh
Talend Community Coder
http://coders.talend.com