santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cédric POTHIN <cedric.pot...@inovatel.sfr.com>
Subject Exclusive canonicalization problem
Date Wed, 09 Feb 2005 13:52:42 GMT
I have a problem with the exclusive canonicalizer without comments class in

the xml security 1.2 source code.

 

I have the following document :

 

<roap:riHello xmlns:roap="urn:oma:bac:dldrm:roap-1.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" sessionId="292241414"
status="Success">

  <selectedVersion>1.0</selectedVersion>

 <riID>

    <keyIdentifier xsi:type="roap:X509SPKIHash">

      <hash>sk+4JImZCG+IV4/c+Pw9FeAbhuc=</hash>

    </keyIdentifier>

  </riID>

  <riNonce>316532319</riNonce>

  <serverInfo></serverInfo>

  <extensions>

    <extension xsi:type="roap:CertificateCaching"></extension>

  </extensions>

</roap:riHello>

 

If I canonicalize the previous document using the exclusive without comment
algo

the document I get is the following:

 

<roap:riHello xmlns:roap="urn:oma:bac:dldrm:roap-1.0" sessionId="1144777697"
status="Success">

  <selectedVersion>1.0</selectedVersion>

  <riID>

    <keyIdentifier xsi:type="roap:X509SPKIHash">

       <hash>sk+4JImZCG+IV4/c+Pw9FeAbhuc=</hash>

    </keyIdentifier>

   </riID>

  <riNonce>1061456201</riNonce>

  <serverInfo></serverInfo>

  <extensions>

     <extension xsi:type="roap:CertificateCaching"></extension>

  </extensions>

</roap:riHello>

 

As you can see the xmlns:xsi is removed from the roap:riHello element,

but not added to the keyIdentifier and the extension element.

 

So If I input the result document in a DOM parser it just said not bound

exception "xsi is not bound".

 

 

Well at this point I try to understood the problem and I check the source
code of xml sec 1.2.

 

I found something very strange:

 

In the parsing of the doc in the canonicalizerSubTree method there is a call
to the method 

handlesAttributes that handles the attributes of the current node of the doc
parsing.

In debugging the method I found that when the parser comes to
<keyIdentifier xsi:type="roap:X509SPKIHash">

for instance then the Attr object in the handlesAttributes method is of
class AttrImpl and not AttrNSImpl

so the call to the Attr.getPrefix() always return null if Attr is instance
of AttrImpl ! Whereas there is actually a prefix that is xsi !!!!

So the attribute namespace is not seen as visiblyUtilized !!!

 

Do you know why I have a AttrImpl object instance instead of a AttrNSImp
that should

handle the namespace prefix correctly?

 

Do you think it is a bug in the dom parser or in the  xml sec source code or
is it something I don't understand 

or something wrong with my document ?

 

Thank you in advance for any answers.

 

Cédric 

 

 

 

 


Mime
View raw message