You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by "Da Cruz Pinto, Juan M" <ju...@intel.com> on 2007/05/28 21:42:49 UTC
c14n test vectors
Hi Everybody,
Are there any unit tests in the code to test c14n interoperability? I've
been trying to test the "merlin-c14n-three" test vectors, but some of
the tests inside it are failing.
My environment:
- XML Security 1.4.1 library
- Using XMLUtils.circumventBug2650(document) to spread
namespaces declaration.
- Using XMLUtils.createDSctx(...) to create a namespace
context.
- Using XPathAPI.selectNodeList(document, xpath, nsc) to select
the XPath node-set.
- Using Canonicalizer.canonicalizeXPathNodeSet(NodeList) to
canonicalize the XPath node-set.
The tests (of merlin-c14n-three) that are failing are 03, 10, 18 & 19.
I'm quite sure I'm doing something wrong... but don't now what.
Thanks in advanced!
Marcelo.
RE: c14n test vectors
Posted by "Da Cruz Pinto, Juan M" <ju...@intel.com>.
Hi Sean!
Thanks for your answer!
I'm already calling XMLUtils.circumventBug2650(Document) before
canonicalizing (to solve the bug in Xalan). (Check my environment in my
first e-mail, in this same thread). I'm still trying to understand what
else could I be doing wrong. Any other ideas?
Again, thanks for your answer,
Marcelo.
-----Original Message-----
From: Sean.Mullan@Sun.COM [mailto:Sean.Mullan@Sun.COM]
Sent: Wednesday, May 30, 2007 13:27
To: security-dev@xml.apache.org
Subject: Re: c14n test vectors
Since you are canonicalizing XPath node-sets, try calling
XMLUtils.circumventBug2650(Document) before you canonicalize to work
around a bug in Xalan. See my other email for details.
--Sean
Da Cruz Pinto, Juan M wrote:
> Raul,
>
> Thanks for your answer!
> I've been looking at the code of that class, and I noticed that a
> signature verification is done, and then the c14n parts are extracted
> from the XMLSignature object, using something similar to
>
signature.getSignedInfo().item(i).getContentsAfterTransformation().getBy
> tes().
>
> What I'm trying to do is to perform plain c14n with out the signature
> verification, so I created a command line that allows you to
> canonicalize an XML document, and with filtering capabilities: you can
> use an XPath expression to select an XPath-node set
> (canonicalizeXPathNodeSet method[1]) or to select a node for doing
> subtree c14n (canonicalizeSubtree method[2]). In the case of the Y4
test
> verctors, [1] is useful for c14ning each of the SignedInfo references,
> and [2] is useful for c14ning the SignedInfo element (the entire
> subtree) itself.
>
> With this approach, I was hopping to get the same results, just by
using
> the 9 XPath expressions inside "Signature.xml", each of them with the
> three combinations of algorithms: inclusive, exclusive, and exclusive
> with "#default" in the inlcusive namespace prefix list.
>
> I must be doing something wrong when I filter with the xpath
expressions
> (only when using "canonicalizeXpathNodeSet", because subtree c14n is
> working just fine for me), but don't now what yet...
>
> Thanks for your time!
> Marcelo.
>
> -----Original Message-----
> From: raul.benito.garcia@gmail.com
[mailto:raul.benito.garcia@gmail.com]
> On Behalf Of Raul Benito
> Sent: Tuesday, May 29, 2007 10:38
> To: security-dev@xml.apache.org
> Subject: Re: c14n test vectors
>
> We have this test vector in our test suite. And they are passing, can
> you look at this data:
> xml-se/data/interop/c14n/Y4
>
> And the test code
>
xml-sec/src_unitTests/org/apache/xml/security/test/c14n/implementations/
> ExclusiveC14NInterop.java
>
>
> Regards,
>
> Raul
>
> On 5/29/07, Da Cruz Pinto, Juan M <ju...@intel.com>
> wrote:
>> Hi Raul,
>>
>> I'm attaching the files which where different in my case (for
>> merlin-c14n-three). Again, I'm still trying to figure out what I did
>> wrong, but the steps I did where quite simple.
>>
>> I'm also attaching a file called "xpaths01.txt" which holds the XPath
>> expressions used to filter the XML content. Each of the 9 XPath
>> expressions is used for the tests from 00 to 26 (they repeat for
>> inclusive, exclusive & exclusive with inclusive prefix list... which
> are
>> the first 27 tests). The last test (c14n-27.txt) just canonicalizes
> the
>> entire SignedInfo subtree.
>>
>> Thanks in advanced,
>> Marcelo.
>>
>>
>>
>> -----Original Message-----
>> From: raul.benito.garcia@gmail.com
> [mailto:raul.benito.garcia@gmail.com]
>> On Behalf Of Raul Benito
>> Sent: Tuesday, May 29, 2007 05:07
>> To: security-dev@xml.apache.org
>> Subject: Re: c14n test vectors
>>
>> Hi Marcelo,
>>
>> It is strange, I think that Merlin interop test is our unittest
suite.
>>
>> Can you send the differences?
>>
>> Regards,
>>
>> Raul
>>
>>
>> On 5/28/07, Da Cruz Pinto, Juan M <ju...@intel.com>
>> wrote:
>>>
>>>
>>>
>>> Hi Everybody,
>>>
>>>
>>>
>>> Are there any unit tests in the code to test c14n interoperability?
>> I've
>>> been trying to test the "merlin-c14n-three" test vectors, but some
> of
>> the
>>> tests inside it are failing.
>>>
>>> My environment:
>>>
>>> - XML Security 1.4.1 library
>>>
>>> - Using XMLUtils.circumventBug2650(document) to spread
>> namespaces
>>> declaration.
>>>
>>> - Using XMLUtils.createDSctx(...) to create a namespace
>> context.
>>> - Using XPathAPI.selectNodeList(document, xpath, nsc) to
>> select the
>>> XPath node-set.
>>>
>>> - Using
>>> Canonicalizer.canonicalizeXPathNodeSet(NodeList) to
>>> canonicalize the XPath node-set.
>>>
>>>
>>>
>>> The tests (of merlin-c14n-three) that are failing are 03, 10, 18 &
> 19.
>> I'm
>>> quite sure I'm doing something wrong... but don't now what.
>>>
>>>
>>>
>>> Thanks in advanced!
>>>
>>> Marcelo.
>>
>> --
>> http://r-bg.com
>>
>>
>
>
Re: c14n test vectors
Posted by Sean Mullan <Se...@Sun.COM>.
Since you are canonicalizing XPath node-sets, try calling
XMLUtils.circumventBug2650(Document) before you canonicalize to work
around a bug in Xalan. See my other email for details.
--Sean
Da Cruz Pinto, Juan M wrote:
> Raul,
>
> Thanks for your answer!
> I've been looking at the code of that class, and I noticed that a
> signature verification is done, and then the c14n parts are extracted
> from the XMLSignature object, using something similar to
> signature.getSignedInfo().item(i).getContentsAfterTransformation().getBy
> tes().
>
> What I'm trying to do is to perform plain c14n with out the signature
> verification, so I created a command line that allows you to
> canonicalize an XML document, and with filtering capabilities: you can
> use an XPath expression to select an XPath-node set
> (canonicalizeXPathNodeSet method[1]) or to select a node for doing
> subtree c14n (canonicalizeSubtree method[2]). In the case of the Y4 test
> verctors, [1] is useful for c14ning each of the SignedInfo references,
> and [2] is useful for c14ning the SignedInfo element (the entire
> subtree) itself.
>
> With this approach, I was hopping to get the same results, just by using
> the 9 XPath expressions inside "Signature.xml", each of them with the
> three combinations of algorithms: inclusive, exclusive, and exclusive
> with "#default" in the inlcusive namespace prefix list.
>
> I must be doing something wrong when I filter with the xpath expressions
> (only when using "canonicalizeXpathNodeSet", because subtree c14n is
> working just fine for me), but don't now what yet...
>
> Thanks for your time!
> Marcelo.
>
> -----Original Message-----
> From: raul.benito.garcia@gmail.com [mailto:raul.benito.garcia@gmail.com]
> On Behalf Of Raul Benito
> Sent: Tuesday, May 29, 2007 10:38
> To: security-dev@xml.apache.org
> Subject: Re: c14n test vectors
>
> We have this test vector in our test suite. And they are passing, can
> you look at this data:
> xml-se/data/interop/c14n/Y4
>
> And the test code
> xml-sec/src_unitTests/org/apache/xml/security/test/c14n/implementations/
> ExclusiveC14NInterop.java
>
>
> Regards,
>
> Raul
>
> On 5/29/07, Da Cruz Pinto, Juan M <ju...@intel.com>
> wrote:
>> Hi Raul,
>>
>> I'm attaching the files which where different in my case (for
>> merlin-c14n-three). Again, I'm still trying to figure out what I did
>> wrong, but the steps I did where quite simple.
>>
>> I'm also attaching a file called "xpaths01.txt" which holds the XPath
>> expressions used to filter the XML content. Each of the 9 XPath
>> expressions is used for the tests from 00 to 26 (they repeat for
>> inclusive, exclusive & exclusive with inclusive prefix list... which
> are
>> the first 27 tests). The last test (c14n-27.txt) just canonicalizes
> the
>> entire SignedInfo subtree.
>>
>> Thanks in advanced,
>> Marcelo.
>>
>>
>>
>> -----Original Message-----
>> From: raul.benito.garcia@gmail.com
> [mailto:raul.benito.garcia@gmail.com]
>> On Behalf Of Raul Benito
>> Sent: Tuesday, May 29, 2007 05:07
>> To: security-dev@xml.apache.org
>> Subject: Re: c14n test vectors
>>
>> Hi Marcelo,
>>
>> It is strange, I think that Merlin interop test is our unittest suite.
>>
>> Can you send the differences?
>>
>> Regards,
>>
>> Raul
>>
>>
>> On 5/28/07, Da Cruz Pinto, Juan M <ju...@intel.com>
>> wrote:
>>>
>>>
>>>
>>> Hi Everybody,
>>>
>>>
>>>
>>> Are there any unit tests in the code to test c14n interoperability?
>> I've
>>> been trying to test the "merlin-c14n-three" test vectors, but some
> of
>> the
>>> tests inside it are failing.
>>>
>>> My environment:
>>>
>>> - XML Security 1.4.1 library
>>>
>>> - Using XMLUtils.circumventBug2650(document) to spread
>> namespaces
>>> declaration.
>>>
>>> - Using XMLUtils.createDSctx(...) to create a namespace
>> context.
>>> - Using XPathAPI.selectNodeList(document, xpath, nsc) to
>> select the
>>> XPath node-set.
>>>
>>> - Using
>>> Canonicalizer.canonicalizeXPathNodeSet(NodeList) to
>>> canonicalize the XPath node-set.
>>>
>>>
>>>
>>> The tests (of merlin-c14n-three) that are failing are 03, 10, 18 &
> 19.
>> I'm
>>> quite sure I'm doing something wrong... but don't now what.
>>>
>>>
>>>
>>> Thanks in advanced!
>>>
>>> Marcelo.
>>
>> --
>> http://r-bg.com
>>
>>
>
>
RE: c14n test vectors
Posted by "Da Cruz Pinto, Juan M" <ju...@intel.com>.
Raul,
Thanks for your answer!
I've been looking at the code of that class, and I noticed that a
signature verification is done, and then the c14n parts are extracted
from the XMLSignature object, using something similar to
signature.getSignedInfo().item(i).getContentsAfterTransformation().getBy
tes().
What I'm trying to do is to perform plain c14n with out the signature
verification, so I created a command line that allows you to
canonicalize an XML document, and with filtering capabilities: you can
use an XPath expression to select an XPath-node set
(canonicalizeXPathNodeSet method[1]) or to select a node for doing
subtree c14n (canonicalizeSubtree method[2]). In the case of the Y4 test
verctors, [1] is useful for c14ning each of the SignedInfo references,
and [2] is useful for c14ning the SignedInfo element (the entire
subtree) itself.
With this approach, I was hopping to get the same results, just by using
the 9 XPath expressions inside "Signature.xml", each of them with the
three combinations of algorithms: inclusive, exclusive, and exclusive
with "#default" in the inlcusive namespace prefix list.
I must be doing something wrong when I filter with the xpath expressions
(only when using "canonicalizeXpathNodeSet", because subtree c14n is
working just fine for me), but don't now what yet...
Thanks for your time!
Marcelo.
-----Original Message-----
From: raul.benito.garcia@gmail.com [mailto:raul.benito.garcia@gmail.com]
On Behalf Of Raul Benito
Sent: Tuesday, May 29, 2007 10:38
To: security-dev@xml.apache.org
Subject: Re: c14n test vectors
We have this test vector in our test suite. And they are passing, can
you look at this data:
xml-se/data/interop/c14n/Y4
And the test code
xml-sec/src_unitTests/org/apache/xml/security/test/c14n/implementations/
ExclusiveC14NInterop.java
Regards,
Raul
On 5/29/07, Da Cruz Pinto, Juan M <ju...@intel.com>
wrote:
> Hi Raul,
>
> I'm attaching the files which where different in my case (for
> merlin-c14n-three). Again, I'm still trying to figure out what I did
> wrong, but the steps I did where quite simple.
>
> I'm also attaching a file called "xpaths01.txt" which holds the XPath
> expressions used to filter the XML content. Each of the 9 XPath
> expressions is used for the tests from 00 to 26 (they repeat for
> inclusive, exclusive & exclusive with inclusive prefix list... which
are
> the first 27 tests). The last test (c14n-27.txt) just canonicalizes
the
> entire SignedInfo subtree.
>
> Thanks in advanced,
> Marcelo.
>
>
>
> -----Original Message-----
> From: raul.benito.garcia@gmail.com
[mailto:raul.benito.garcia@gmail.com]
> On Behalf Of Raul Benito
> Sent: Tuesday, May 29, 2007 05:07
> To: security-dev@xml.apache.org
> Subject: Re: c14n test vectors
>
> Hi Marcelo,
>
> It is strange, I think that Merlin interop test is our unittest suite.
>
> Can you send the differences?
>
> Regards,
>
> Raul
>
>
> On 5/28/07, Da Cruz Pinto, Juan M <ju...@intel.com>
> wrote:
> >
> >
> >
> >
> > Hi Everybody,
> >
> >
> >
> > Are there any unit tests in the code to test c14n interoperability?
> I've
> > been trying to test the "merlin-c14n-three" test vectors, but some
of
> the
> > tests inside it are failing.
> >
> > My environment:
> >
> > - XML Security 1.4.1 library
> >
> > - Using XMLUtils.circumventBug2650(document) to spread
> namespaces
> > declaration.
> >
> > - Using XMLUtils.createDSctx(...) to create a namespace
> context.
> >
> > - Using XPathAPI.selectNodeList(document, xpath, nsc) to
> select the
> > XPath node-set.
> >
> > - Using
> > Canonicalizer.canonicalizeXPathNodeSet(NodeList) to
> > canonicalize the XPath node-set.
> >
> >
> >
> > The tests (of merlin-c14n-three) that are failing are 03, 10, 18 &
19.
> I'm
> > quite sure I'm doing something wrong... but don't now what.
> >
> >
> >
> > Thanks in advanced!
> >
> > Marcelo.
>
>
> --
> http://r-bg.com
>
>
--
http://r-bg.com
Re: c14n test vectors
Posted by Raul Benito <ra...@apache.org>.
We have this test vector in our test suite. And they are passing, can
you look at this data:
xml-se/data/interop/c14n/Y4
And the test code
xml-sec/src_unitTests/org/apache/xml/security/test/c14n/implementations/ExclusiveC14NInterop.java
Regards,
Raul
On 5/29/07, Da Cruz Pinto, Juan M <ju...@intel.com> wrote:
> Hi Raul,
>
> I'm attaching the files which where different in my case (for
> merlin-c14n-three). Again, I'm still trying to figure out what I did
> wrong, but the steps I did where quite simple.
>
> I'm also attaching a file called "xpaths01.txt" which holds the XPath
> expressions used to filter the XML content. Each of the 9 XPath
> expressions is used for the tests from 00 to 26 (they repeat for
> inclusive, exclusive & exclusive with inclusive prefix list... which are
> the first 27 tests). The last test (c14n-27.txt) just canonicalizes the
> entire SignedInfo subtree.
>
> Thanks in advanced,
> Marcelo.
>
>
>
> -----Original Message-----
> From: raul.benito.garcia@gmail.com [mailto:raul.benito.garcia@gmail.com]
> On Behalf Of Raul Benito
> Sent: Tuesday, May 29, 2007 05:07
> To: security-dev@xml.apache.org
> Subject: Re: c14n test vectors
>
> Hi Marcelo,
>
> It is strange, I think that Merlin interop test is our unittest suite.
>
> Can you send the differences?
>
> Regards,
>
> Raul
>
>
> On 5/28/07, Da Cruz Pinto, Juan M <ju...@intel.com>
> wrote:
> >
> >
> >
> >
> > Hi Everybody,
> >
> >
> >
> > Are there any unit tests in the code to test c14n interoperability?
> I've
> > been trying to test the "merlin-c14n-three" test vectors, but some of
> the
> > tests inside it are failing.
> >
> > My environment:
> >
> > - XML Security 1.4.1 library
> >
> > - Using XMLUtils.circumventBug2650(document) to spread
> namespaces
> > declaration.
> >
> > - Using XMLUtils.createDSctx(...) to create a namespace
> context.
> >
> > - Using XPathAPI.selectNodeList(document, xpath, nsc) to
> select the
> > XPath node-set.
> >
> > - Using
> > Canonicalizer.canonicalizeXPathNodeSet(NodeList) to
> > canonicalize the XPath node-set.
> >
> >
> >
> > The tests (of merlin-c14n-three) that are failing are 03, 10, 18 & 19.
> I'm
> > quite sure I'm doing something wrong... but don't now what.
> >
> >
> >
> > Thanks in advanced!
> >
> > Marcelo.
>
>
> --
> http://r-bg.com
>
>
--
http://r-bg.com
RE: c14n test vectors
Posted by "Da Cruz Pinto, Juan M" <ju...@intel.com>.
Hi Raul,
I'm attaching the files which where different in my case (for
merlin-c14n-three). Again, I'm still trying to figure out what I did
wrong, but the steps I did where quite simple.
I'm also attaching a file called "xpaths01.txt" which holds the XPath
expressions used to filter the XML content. Each of the 9 XPath
expressions is used for the tests from 00 to 26 (they repeat for
inclusive, exclusive & exclusive with inclusive prefix list... which are
the first 27 tests). The last test (c14n-27.txt) just canonicalizes the
entire SignedInfo subtree.
Thanks in advanced,
Marcelo.
-----Original Message-----
From: raul.benito.garcia@gmail.com [mailto:raul.benito.garcia@gmail.com]
On Behalf Of Raul Benito
Sent: Tuesday, May 29, 2007 05:07
To: security-dev@xml.apache.org
Subject: Re: c14n test vectors
Hi Marcelo,
It is strange, I think that Merlin interop test is our unittest suite.
Can you send the differences?
Regards,
Raul
On 5/28/07, Da Cruz Pinto, Juan M <ju...@intel.com>
wrote:
>
>
>
>
> Hi Everybody,
>
>
>
> Are there any unit tests in the code to test c14n interoperability?
I've
> been trying to test the "merlin-c14n-three" test vectors, but some of
the
> tests inside it are failing.
>
> My environment:
>
> - XML Security 1.4.1 library
>
> - Using XMLUtils.circumventBug2650(document) to spread
namespaces
> declaration.
>
> - Using XMLUtils.createDSctx(...) to create a namespace
context.
>
> - Using XPathAPI.selectNodeList(document, xpath, nsc) to
select the
> XPath node-set.
>
> - Using
> Canonicalizer.canonicalizeXPathNodeSet(NodeList) to
> canonicalize the XPath node-set.
>
>
>
> The tests (of merlin-c14n-three) that are failing are 03, 10, 18 & 19.
I'm
> quite sure I'm doing something wrong... but don't now what.
>
>
>
> Thanks in advanced!
>
> Marcelo.
--
http://r-bg.com
Re: c14n test vectors
Posted by Raul Benito <ra...@apache.org>.
Hi Marcelo,
It is strange, I think that Merlin interop test is our unittest suite.
Can you send the differences?
Regards,
Raul
On 5/28/07, Da Cruz Pinto, Juan M <ju...@intel.com> wrote:
>
>
>
>
> Hi Everybody,
>
>
>
> Are there any unit tests in the code to test c14n interoperability? I've
> been trying to test the "merlin-c14n-three" test vectors, but some of the
> tests inside it are failing.
>
> My environment:
>
> - XML Security 1.4.1 library
>
> - Using XMLUtils.circumventBug2650(document) to spread namespaces
> declaration.
>
> - Using XMLUtils.createDSctx(...) to create a namespace context.
>
> - Using XPathAPI.selectNodeList(document, xpath, nsc) to select the
> XPath node-set.
>
> - Using
> Canonicalizer.canonicalizeXPathNodeSet(NodeList) to
> canonicalize the XPath node-set.
>
>
>
> The tests (of merlin-c14n-three) that are failing are 03, 10, 18 & 19. I'm
> quite sure I'm doing something wrong... but don't now what.
>
>
>
> Thanks in advanced!
>
> Marcelo.
--
http://r-bg.com