You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Colm O hEigeartaigh <co...@apache.org> on 2015/07/01 15:14:06 UTC

Re: Santuario with Java STAX-API ID in wrong namespace

Hi,

> Is it at least possible to define a custom namespace for the ID?

No, as far as I know.

> Is the ID included during the calculation of the signature?

Yes.

Colm.

On Thu, Jun 25, 2015 at 10:25 AM, etlam nahkcip <
malte.pickhan@googlemail.com> wrote:

> No, since the schema is hold by a foreign service not maintained by me.
>
> Is it at least possible to define a custom namespace for the ID?
> Is the ID included during the calculation of the signature?
>
> 2015-06-25 10:52 GMT+02:00 Colm O hEigeartaigh <co...@apache.org>:
>
>>
>> This is how XML Signature references content that is signed in the same
>> document. Can you amend your schema with something like:
>>
>> <attribute name="Id" type="ID" use="optional"/>
>>
>> Colm.
>>
>>
>> On Thu, Jun 25, 2015 at 7:59 AM, etlam nahkcip <
>> malte.pickhan@googlemail.com> wrote:
>>
>>> Hi,
>>>
>>> I am trying to sign a XML-Message with help of Apache Santuario.
>>>
>>> What I'd like to achieve is having an Enveloped Signature.
>>>
>>> This is working so far, what's an Issue though, is that Santuario is
>>> putting an ID field into the elements.
>>> This ID field is not assigned to a namespace, which in my usacese leads
>>> to an invalid XML, since it can't be verified with the given XSD.
>>>
>>> Even with the demo which is provided on
>>> https://github.com/coheigea/testcases/tree/master/apache/santuario/santuario-xml-signature
>>>
>>> I can't see that there is a namespace assigned to the ID.
>>>
>>> Example Output:
>>>
>>> <PurchaseOrder xmlns="urn:example:po">
>>>     <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
>>>         Id="Gaedee093-cfca-400c-b436-89dc426c0418">
>>>         <dsig:SignedInfo>
>>>             <dsig:CanonicalizationMethod
>>>                 Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>>>             <dsig:SignatureMethod Algorithm="
>>> http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>>>             <dsig:Reference URI="#G5ee3b986-92b3-4c05-a23d-268dd04c4d8a">
>>>                 <dsig:Transforms>
>>>                     <dsig:Transform Algorithm="
>>> http://www.w3.org/2001/10/xml-exc-c14n#" />
>>>                 </dsig:Transforms>
>>>                 <dsig:DigestMethod Algorithm="
>>> http://www.w3.org/2000/09/xmldsig#sha1" />
>>>                 <dsig:DigestValue>DigestValue</dsig:DigestValue>
>>>             </dsig:Reference>
>>>         </dsig:SignedInfo>
>>>         <dsig:SignatureValue>SignatureValue</dsig:SignatureValue>
>>>         <dsig:KeyInfo Id="G18aed097-5cbc-48da-94ff-fdfca5a0b3b9">
>>>             <dsig:X509Data>
>>>                 <dsig:X509Certificate>CertValue</dsig:X509Certificate>
>>>             </dsig:X509Data>
>>>         </dsig:KeyInfo>
>>>     </dsig:Signature>
>>>     <Items>
>>>         <Item Code="001-001-001" Quantity="1">
>>>             spade
>>>         </Item>
>>>         <Item Code="001-001-002" Quantity="1">
>>>             shovel
>>>         </Item>
>>>     </Items>
>>>     <ShippingAddress>
>>>         Dig PLC, 1 First Ave, Dublin 1, Ireland
>>>     </ShippingAddress>
>>>     <PaymentInfo Id="G5ee3b986-92b3-4c05-a23d-268dd04c4d8a">
>>>         <BillingAddress>
>>>             Dig PLC, 1 First Ave, Dublin 1, Ireland
>>>         </BillingAddress>
>>>         <CreditCard Type="Amex">
>>>             <Name>Foo B Baz</Name>
>>>             <Number>1234 567890 12345</Number>
>>>             <Expires Month="1" Year="2005" />
>>>         </CreditCard>
>>>     </PaymentInfo>
>>> </PurchaseOrder>
>>>
>>> Is there any way to exclude the ID or to assign it to a namespace?
>>>
>>> Best Regards
>>>
>>
>>
>>
>> --
>> Colm O hEigeartaigh
>>
>> Talend Community Coder
>> http://coders.talend.com
>>
>
>


-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com