Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 96854 invoked from network); 10 Feb 2005 10:31:01 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur-2.apache.org with SMTP; 10 Feb 2005 10:31:01 -0000 Received: (qmail 63360 invoked by uid 500); 10 Feb 2005 10:31:00 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 63270 invoked by uid 500); 10 Feb 2005 10:30:59 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Reply-To: security-dev@xml.apache.org Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 63255 invoked by uid 99); 10 Feb 2005 10:30:59 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: domain of cedric.pothin@inovatel.sfr.com designates 195.115.183.13 as permitted sender) Received: from Unknown (HELO hector.inovatel.com) (195.115.183.13) by apache.org (qpsmtpd/0.28) with ESMTP; Thu, 10 Feb 2005 02:30:57 -0800 Received: from cpothin (10.181.30.145) by hector.inovatel.com (7.1.016.1) id 420A372600000255; Thu, 10 Feb 2005 11:30:37 +0100 Message-ID: <420A372600000255@hector.inovatel.com> (added by postmaster@hector.inovatel.com) From: =?iso-8859-1?Q?C=E9dric_POTHIN?= To: , Subject: RE: Exclusive canonicalization problem Date: Thu, 10 Feb 2005 11:29:48 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Mailer: Microsoft Office Outlook, Build 11.0.5510 thread-index: AcUPUPTfaIRb+RFUSTax8nZ5EllA6wABuq9g X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 In-Reply-To: <949ac94105021001144298cd6a@mail.gmail.com> X-Virus-Checked: Checked X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Thank you for this clarification! You right concerning the DOM Parser and this was=20 confusing for me as I instantiate the parser like the following javax.xml.parsers.DocumentBuilderFactory dbf =3D javax.xml.parsers.DocumentBuilderFactory.newInstance(); javax.xml.parsers.DocumentBuilder db; dbf.setNamespaceAware(true); and in calling dbf.setNamespaceAware(true) I was assuming that all elements and attributes created in the doc was namespace aware! But thks you again. BR=20 C=E9dric > -----Message d'origine----- > De=A0: Raul Benito [mailto:raul.benito.garcia@gmail.com] > Envoy=E9=A0: jeudi 10 f=E9vrier 2005 10:14 > =C0=A0: security-dev@xml.apache.org > Objet=A0: Re: Exclusive canonicalization problem >=20 > Of course, You must use setAttributeNS always don't ever use a DOM > call without the suffixs NS. (In my humble opinion they must burried > the DOM api for this ;) ). >=20 > Regards, >=20 >=20 >=20 >=20 > On Thu, 10 Feb 2005 09:52:03 +0100, C=E9dric POTHIN > wrote: > > Hi Raul, > > > > thank you so much for your answer, I think the > > problem comes more from my code than the xml sec > > or the DOM parser. > > > > But I did not verify the clue I have. I think > > the problem comes from the fact that I create > > the attribute xsi:type of the peerKeyIdentifier > > element using setAttribute() instead of setAttributeNS() > > > > here is the code that create xsi:type=3D"roap:X509SPKIHash"> > > > > Element keyIdentifier =3D doc.createElement("keyIdentifier"); > > keyIdentifier.setAttribute("xsi:type", "roap:X509SPKIHash"); > > Element hash =3D doc.createElement("hash"); > > > > Do I have to create it using setAttributeNS()? > > > > The parser is the latest xerces version. > > Thks in advance > > Regards > > > > C=E9dric > > > > > -----Message d'origine----- > > > De : Raul Benito [mailto:raul.benito.garcia@gmail.com] > > > Envoy=E9 : jeudi 10 f=E9vrier 2005 07:29 > > > =C0 : security-dev@xml.apache.org > > > Objet : Re: Exclusive canonicalization problem > > > > > > Hi Cedric, > > > > > > Your case is very strange indeed. I use this kind of c14n and = I've > > > never found a problem(and is a very common case so more people and = the > > > test cases will also fail). So I thinking that perhaps the DOM = parser > > > to blame, so: > > > which java version and in which OS are you using? > > > Which DOM parser? > > > How do you obtain the dom parser? > > > > > > With this perhaps we can help you a little more. > > > > > > Regards, > > > Raul > > > hptt://r-bg.com > > > > > > > > > On Wed, 9 Feb 2005 14:52:42 +0100, C=E9dric POTHIN > > > wrote: > > > > > > > > > > > > > > > > I have a problem with the exclusive canonicalizer without = comments > class > > > in > > > > > > > > the xml security 1.2 source code. > > > > > > > > > > > > > > > > I have the following document : > > > > > > > > > > > > > > > > > > > xmlns:xsi=3D"http://www.w3.org/2001/XMLSchema-instance" > > > sessionId=3D"292241414" > > > > status=3D"Success"> > > > > > > > > 1.0 > > > > > > > > > > > > > > > > > > > > > > > > sk+4JImZCG+IV4/c+Pw9FeAbhuc=3D > > > > > > > > > > > > > > > > > > > > > > > > 316532319 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > If I canonicalize the previous document using the exclusive = without > > > comment > > > > algo > > > > > > > > the document I get is the following: > > > > > > > > > > > > > > > > > > sessionId=3D"1144777697" > > > > status=3D"Success"> > > > > > > > > 1.0 > > > > > > > > > > > > > > > > > > > > > > > > sk+4JImZCG+IV4/c+Pw9FeAbhuc=3D > > > > > > > > > > > > > > > > > > > > > > > > 1061456201 > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > As you can see the xmlns:xsi is removed from the roap:riHello > element, > > > > > > > > but not added to the keyIdentifier and the extension element. > > > > > > > > > > > > > > > > So If I input the result document in a DOM parser it just said = not > bound > > > > > > > > exception "xsi is not bound". > > > > > > > > > > > > > > > > > > > > > > > > Well at this point I try to understood the problem and I check = the > > > source > > > > code of xml sec 1.2. > > > > > > > > > > > > > > > > I found something very strange: > > > > > > > > > > > > > > > > In the parsing of the doc in the canonicalizerSubTree method = there > is a > > > call > > > > to the method > > > > > > > > handlesAttributes that handles the attributes of the current = node of > the > > > doc > > > > parsing. > > > > > > > > In debugging the method I found that when the parser comes to > > > > > > > > > > > > for instance then the Attr object in the handlesAttributes = method is > of > > > > class AttrImpl and not AttrNSImpl > > > > > > > > so the call to the Attr.getPrefix() always return null if Attr = is > > > instance > > > > of AttrImpl ! Whereas there is actually a prefix that is xsi = !!!! > > > > > > > > So the attribute namespace is not seen as visiblyUtilized !!! > > > > > > > > > > > > > > > > Do you know why I have a AttrImpl object instance instead of a > AttrNSImp > > > > that should > > > > > > > > handle the namespace prefix correctly? > > > > > > > > > > > > > > > > Do you think it is a bug in the dom parser or in the xml sec = source > > > code or > > > > is it something I don't understand > > > > > > > > or something wrong with my document ? > > > > > > > > > > > > > > > > Thank you in advance for any answers. > > > > > > > > > > > > > > > > C=E9dric > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > >