You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Sean Mullan <Se...@Sun.COM> on 2004/08/12 21:28:41 UTC
Bug in Canonicalizer.canonicalizeSubtree
Hi,
There's a new bug (well somewhat recent - it is a regression from the
1.1 release) in Canonicalizer.canonicalizeSubtree(Node) where it leaves
a superfluous default empty namespace definition in the subtree root
node instead of omitting it.
I'm attaching a test program and test xml signature. Run the program as:
java C14NSubTree certj201_enveloping.xml envelopedData
The following c14n output is emitted:
<dsig:Object xmlns="" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
Id="envelopedData"><FOO xmlns="http://www.foo.org/foo">
foo
</FOO></dsig:Object>
The xmlns="" is unnecessary and should be omitted.
I have tried to create a patch but the c14n code is fairly intricate and
probably Raul will be much faster at finding the right fix.
Thanks,
Sean
Re: Bug in Canonicalizer.canonicalizeSubtree
Posted by ra...@r-bg.com.
This bug is fixed in
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30455 I will try to
back ported it tonight.
On 12/08/2004, at 21:28, Sean Mullan wrote:
> Hi,
>
> There's a new bug (well somewhat recent - it is a regression from the
> 1.1 release) in Canonicalizer.canonicalizeSubtree(Node) where it
> leaves a superfluous default empty namespace definition in the subtree
> root node instead of omitting it.
>
> I'm attaching a test program and test xml signature. Run the program
> as:
>
> java C14NSubTree certj201_enveloping.xml envelopedData
>
> The following c14n output is emitted:
>
> <dsig:Object xmlns="" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
> Id="envelopedData"><FOO xmlns="http://www.foo.org/foo">
> foo
> </FOO></dsig:Object>
>
> The xmlns="" is unnecessary and should be omitted.
>
> I have tried to create a patch but the c14n code is fairly intricate
> and probably Raul will be much faster at finding the right fix.
>
> Thanks,
> Sean
> import java.io.FileInputStream;
> import javax.xml.parsers.*;
> import org.w3c.dom.Document;
> import org.w3c.dom.Element;
>
> import org.apache.xml.security.Init;
> import org.apache.xml.security.c14n.Canonicalizer;
> import org.apache.xml.security.utils.IdResolver;
>
> public class C14NSubTree {
>
> public static void main(String[] args) throws Exception {
> FileInputStream fis = new FileInputStream(args[0]);
> DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
> dbf.setNamespaceAware(true);
> DocumentBuilder db = dbf.newDocumentBuilder();
> Document doc = db.parse(fis);
>
> Init.init();
> Element e = IdResolver.getElementById(doc, args[1]);
> Canonicalizer c14n =
> Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
> byte[] bytes = c14n.canonicalizeSubtree(e);
> System.out.println(new String(bytes));
> }
> }
> <?xml version="1.0" encoding="UTF-8"?>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
> <Reference URI="#envelopedData">
> <Transforms><Transform
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
> </Transforms>
> <DigestMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
> <DigestValue>ikRJTZzM7uWpaXtmIcJyTwmt8Qw=</DigestValue>
> </Reference>
> </SignedInfo>
>
> <SignatureValue>dDA7vm8Kss5sLocYMg/
> lWdUDYVsfTQJ8QfmALKDFr3BrARmBZBqAOVffS2Xw/dlYeQBfUWPINv7/
> ciYjUz0xCg==</SignatureValue><KeyInfo>
> <KeyValue>
> <RSAKeyValue>
>
> <Modulus>uHlPl0BIKYNLN6c22IYwxJYYFV6g8Oxk7ZlyiqFi/
> DRbDW3e5b5QBNxUof0QMaCfgYGYQshtTtQH
> 2Ft5PAFZ0Q==</Modulus>
> <Exponent>EQ==</Exponent>
> </RSAKeyValue>
> </KeyValue>
> </KeyInfo>
> <dsig:Object Id="envelopedData" xmlns=""
> xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><FOO
> xmlns="http://www.foo.org/foo">
> foo
> </FOO></dsig:Object></Signature>