santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Cédric POTHIN <cedric.pot...@inovatel.sfr.com>
Subject RE: Exclusive canonicalization problem
Date Thu, 10 Feb 2005 08:52:03 GMT
Hi Raul,

thank you so much for your answer, I think the 
problem comes more from my code than the xml sec 
or the DOM parser. 

But I did not verify the clue I have. I think 
the problem comes from the fact that I create 
the attribute xsi:type of the peerKeyIdentifier 
element using setAttribute() instead of setAttributeNS()

here is the code that create <keyIdentifier xsi:type="roap:X509SPKIHash">
 
Element keyIdentifier = doc.createElement("keyIdentifier");
keyIdentifier.setAttribute("xsi:type", "roap:X509SPKIHash");
Element hash = doc.createElement("hash");

Do I have to create it using setAttributeNS()?

The parser is the latest xerces version.
Thks in advance
Regards

Cédric

> -----Message d'origine-----
> De : Raul Benito [mailto:raul.benito.garcia@gmail.com]
> Envoyé : jeudi 10 février 2005 07:29
> À : security-dev@xml.apache.org
> Objet : Re: Exclusive canonicalization problem
> 
> Hi Cedric,
> 
>   Your case is very strange indeed. I use this kind of c14n and I've
> never found a problem(and is a very common case so more people and the
> test cases will also fail). So I thinking that perhaps the DOM parser
> to blame, so:
> which java version and in which OS are you using?
> Which DOM parser?
> How do you obtain the dom parser?
> 
> With this perhaps we can help you a little more.
> 
> Regards,
> Raul
> hptt://r-bg.com
> 
> 
> On Wed, 9 Feb 2005 14:52:42 +0100, Cédric POTHIN
> <cedric.pothin@inovatel.sfr.com> wrote:
> >
> >
> >
> > I have a problem with the exclusive canonicalizer without comments class
> in
> >
> > the xml security 1.2 source code.
> >
> >
> >
> > I have the following document :
> >
> >
> >
> > <roap:riHello xmlns:roap="urn:oma:bac:dldrm:roap-1.0"
> > xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> sessionId="292241414"
> > status="Success">
> >
> >   <selectedVersion>1.0</selectedVersion>
> >
> >  <riID>
> >
> >     <keyIdentifier xsi:type="roap:X509SPKIHash">
> >
> >       <hash>sk+4JImZCG+IV4/c+Pw9FeAbhuc=</hash>
> >
> >     </keyIdentifier>
> >
> >   </riID>
> >
> >   <riNonce>316532319</riNonce>
> >
> >   <serverInfo></serverInfo>
> >
> >   <extensions>
> >
> >     <extension xsi:type="roap:CertificateCaching"></extension>
> >
> >   </extensions>
> >
> > </roap:riHello>
> >
> >
> >
> > If I canonicalize the previous document using the exclusive without
> comment
> > algo
> >
> > the document I get is the following:
> >
> >
> >
> > <roap:riHello xmlns:roap="urn:oma:bac:dldrm:roap-1.0"
> sessionId="1144777697"
> > status="Success">
> >
> >   <selectedVersion>1.0</selectedVersion>
> >
> >   <riID>
> >
> >     <keyIdentifier xsi:type="roap:X509SPKIHash">
> >
> >        <hash>sk+4JImZCG+IV4/c+Pw9FeAbhuc=</hash>
> >
> >     </keyIdentifier>
> >
> >    </riID>
> >
> >   <riNonce>1061456201</riNonce>
> >
> >   <serverInfo></serverInfo>
> >
> >   <extensions>
> >
> >      <extension xsi:type="roap:CertificateCaching"></extension>
> >
> >   </extensions>
> >
> > </roap:riHello>
> >
> >
> >
> > As you can see the xmlns:xsi is removed from the roap:riHello element,
> >
> > but not added to the keyIdentifier and the extension element.
> >
> >
> >
> > So If I input the result document in a DOM parser it just said not bound
> >
> > exception "xsi is not bound".
> >
> >
> >
> >
> >
> > Well at this point I try to understood the problem and I check the
> source
> > code of xml sec 1.2.
> >
> >
> >
> > I found something very strange:
> >
> >
> >
> > In the parsing of the doc in the canonicalizerSubTree method there is a
> call
> > to the method
> >
> > handlesAttributes that handles the attributes of the current node of the
> doc
> > parsing.
> >
> > In debugging the method I found that when the parser comes to
> > <keyIdentifier xsi:type="roap:X509SPKIHash">
> >
> > for instance then the Attr object in the handlesAttributes method is of
> > class AttrImpl and not AttrNSImpl
> >
> > so the call to the Attr.getPrefix() always return null if Attr is
> instance
> > of AttrImpl ! Whereas there is actually a prefix that is xsi !!!!
> >
> > So the attribute namespace is not seen as visiblyUtilized !!!
> >
> >
> >
> > Do you know why I have a AttrImpl object instance instead of a AttrNSImp
> > that should
> >
> > handle the namespace prefix correctly?
> >
> >
> >
> > Do you think it is a bug in the dom parser or in the  xml sec source
> code or
> > is it something I don't understand
> >
> > or something wrong with my document ?
> >
> >
> >
> > Thank you in advance for any answers.
> >
> >
> >
> > Cédric
> >
> >
> >
> >
> >
> >
> >
> >


Mime
View raw message