santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 35960] New: - Enveloped Signature Transform failed after a transform producing an octet stream output
Date Mon, 01 Aug 2005 08:53:33 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=35960>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=35960

           Summary: Enveloped Signature Transform failed after a transform
                    producing an octet stream output
           Product: Security
           Version: Java 1.2.1
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: julien.taupin@ilex.fr


To perform an enveloped signature, we need to add a
Transforms.TRANSFORM_ENVELOPED_SIGNATURE to the Transforms list for the refernce
pointing to the element enveloping the signature.

If a transform producing an octet stream output is listed BEFORE the
TRANSFORM_ENVELOPED_SIGNATURE, the transforms execution will not remove the
signature element.

The signature is performed including all SignatureELement and works fine. But
the verification fails because the digest and signature value has been added to
the signed element.

This error is due to the use of a DocumentBuilder in the getNodeSet(boolean
circunvent) method of the XMLSignatureInput class. In this method a new Document
is built from the octet stream. When the EnvelopedSignature is perform, the
SignatureElement is found in the base document and is looked in the rebuilt
document in order to be removed  with the method :
XMLUtils.excludeNodeFromSet(signatureElement, inputSet)
which uses the method 
XMLUtils.isDescendantOrSelf(signatureElement, inputNode)
this method compares the node with the equals() method of the Objet class. The
nodes are not extracted from the same document so they are never equals and
never removed.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Mime
View raw message