axis-java-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ashutosh Shahi (JIRA)" <axis-...@ws.apache.org>
Subject [jira] Commented: (AXIS-1968) CLONE -Problem with namespace handling in Axis 1.2 : break XML Signature
Date Wed, 04 May 2005 16:31:08 GMT
     [ http://issues.apache.org/jira/browse/AXIS-1968?page=comments#action_64480 ]
     
Ashutosh Shahi commented on AXIS-1968:
--------------------------------------

OK, the problem looks in Axis code. The add(prefix, namespace) method of NSStack.java has
some code which is supposed to avoid duplicate prefixes:
// Replace duplicate prefixes (last wins - this could also fault)
            for (int cursor=top; stack[cursor]!=null; cursor--) {
                if (stack[cursor].getPrefix() == prefix) {
                    stack[cursor].setNamespaceURI(namespaceURI);
                    idx = cursor;
                    return;
                }

But the condition stack[cursor] != null itself seems buggy to me, as running through eclipse
debugger i realized there r null values in between in the stack, so the condition gets terminated
before checking all the values in the stack.

So the duplicate namespace did get added, but in the next pass somehow the top of the stack
was changed and the duplicate value got overwritten; still trying to figure out where this
happens. I'll look further into it.

The point however is that axis does have code which tries to avoid duplicate prefixes, so
xml signature will fail.

Any thoughts/suggestions on this?

Ashutosh

> CLONE -Problem with namespace handling in Axis 1.2 : break XML Signature
> ------------------------------------------------------------------------
>
>          Key: AXIS-1968
>          URL: http://issues.apache.org/jira/browse/AXIS-1968
>      Project: Axis
>         Type: Bug
>  Environment: Windows 2000, Tomcat 5.0
>     Reporter: rudolf schamberger
>     Assignee: Davanum Srinivas
>  Attachments: MOASSRequest.xml, SignatureResponse_axis1.1.xml, SignatureResponse_axis1.2rc3_21apr05_build.xml,
axis.jar, axis_namespace_testcode.zip
>
> I have a web service (Message style) working with Axis 1.1
> When upgrading to Axis 1.2, it doesn't work anymore because of a namespace management
that changes in Axis 1.2.
> Details of the problem :
> The web service is of type :
>    public Document execute(Document body)
> it returns a signed document
> The client have to verify the signature of the response.
> At the end of this mail, you can see the message sent by the server and the message received
by the client
> You can see that the message has been changed during transfer : all
> namespace definitions have moved to the root element.
> The document is still syntactically correct, but the signature is broken...
> It's a serious problem if Axis 1.2 is no more compatible with xml
> signature.
> Message sent by the server :
> <name1:roottag xmlns:name1="http://name1.com">
> <name2:child1 xmlns:name2="http://name2.com">
> <name2:child2>text</name2:child2>
> </name2:child1>
> <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>   <ds:SignedInfo>
>     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>     <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>     <ds:Reference URI="">
>       <ds:Transforms>
>         <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>       </ds:Transforms>
>       <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>       <ds:DigestValue>EbF81+pMnbZZ/e4E325r3R50pWA=</ds:DigestValue>
>     </ds:Reference>
>   </ds:SignedInfo>
>   <ds:SignatureValue>
> O12jWOqgkpkOXxGHmmXi0IzJhMv29uhbdl1PE1S/CYlL/Ua3sDSuReucWt1Ae6iRjKdN8Ekr
> EaM0K/+bASmXXwK82pul3ZF4dykClCUKIX4eGLSYDsQIJzNhG5g6n+eRzxjk3Eak6G2eYAky
>     qjVJp7Iic3opzb8VQKpLvle1ZME=
>   </ds:SignatureValue>
> </ds:Signature></name1:roottag>
> Message received by the client :
> <name1:roottag xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:name1="http://name1.com"
xmlns:name2="http://name2.com">
> <name2:child1>
> <name2:child2>text</name2:child2>
> </name2:child1>
> <ds:Signature>
>   <ds:SignedInfo>
>     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
>     <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
>     <ds:Reference URI="">
>       <ds:Transforms>
>         <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
>       </ds:Transforms>
>       <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
>       <ds:DigestValue>EbF81+pMnbZZ/e4E325r3R50pWA=</ds:DigestValue>
>     </ds:Reference>
>   </ds:SignedInfo>
>   <ds:SignatureValue>
> O12jWOqgkpkOXxGHmmXi0IzJhMv29uhbdl1PE1S/CYlL/Ua3sDSuReucWt1Ae6iRjKdN8Ekr
> EaM0K/+bASmXXwK82pul3ZF4dykClCUKIX4eGLSYDsQIJzNhG5g6n+eRzxjk3Eak6G2eYAky
>     qjVJp7Iic3opzb8VQKpLvle1ZME=
>   </ds:SignatureValue>
> </ds:Signature></name1:roottag>

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message