santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raul Benito" <r...@apache.org>
Subject Re: Version 1.4 doesnt' generate the same XML as V1.3: A default namespace is used for XMLSIG and this causes problem!
Date Thu, 13 Jul 2006 15:23:20 GMT
Thanks for the debugging session.
The first problem you have solved it great, can you send me a patch
with the fixes?.
The second one is more tough.
The easier solution will be let the Init.init() call a static function
XMLUtils (like reReadVariables). So the XMLUtils initialize the static
data.
This way we can use the static for caching and always getting the
correct behaviour.
What do you think?


On 7/13/06, Hess Yvan <Yvan.Hess@imtf.ch> wrote:
> Raul,
>
> I downloaded the XML security source code from apache to check where is
> the problem. I saw in your example that your are calling a
> Constants.setSignatureSpecNSprefix("") and I tried as you propose to do
> Constants.setSignatureSpecNSprefix("ds") but I got a Exception.
>
> org.w3c.dom.DOMException: NAMESPACE_ERR: An attempt is made to create or
> change an object in a way which is incorrect with regard to namespaces.
>
> Doing some investigation in the code, I detected the following problems:
>
> 1. In the XMLUtils.createElementInSignatureSpace() method when
> dsPrefix!= null you adds an attribute using the folliwing method
> element.setAttributeNS(Constants.NamespaceSpecNS, dsPrefix,
> Constants.SignatureSpecNS) that produces the error. I think you forget
> to add the xmlns namespace. It should be
> element.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:"+ dsPrefix,
> Constants.SignatureSpecNS);. Doing like that it should solve the problem
>
> 2. You have a resource/config.xml file that contains a section
> "PrefixMappings" that binds ds to http://www.w3.org/2000/09/xmldsig#.
> The intialization is done into Init.init() class. The problem is that
> you uses XMLUtils class before the section PrefixMappings is initialzed
> and due to that the static final String dsPrefix field of XMLUtils class
> is initialized using the method Constants.getSignatureSpecNSprefix()
> [syntax is: static final String dsPrefix=
> Constants.getSignatureSpecNSprefix();] In this case it is set to null
> because PrefixMappings has no been initialized (done after into
> Init.init()). As dsPrefix is null, the ds prefix is never added to DS
> elements see method XMLUtils.createElementInSignatureSpace().
>
> Do you have an idea how to correct these two problems ?
>
> Regards. Yvan
>
> -----Original Message-----
> From: raul.benito.garcia@gmail.com [mailto:raul.benito.garcia@gmail.com]
> On Behalf Of Raul Benito
> Sent: jeudi, 13. juillet 2006 13:17
> To: security-dev@xml.apache.org
> Subject: Re: Version 1.4 doesnt' generate the same XML as V1.3: A
> default namespace is used for XMLSIG and this causes problem!
>
> Hi Hess,
>
> I was not aware of the change. But from performance point of view it
> makes sense.
> I have see in my testing that deciding what to write in the signature
> elements takes a lot of time.
>
> The problem is how to make the behaviour configurable and get no
> performance hit because of it.
>
> Anyway try with Constants.setSignatureSpecNSprefix("ds").
> Pleas tell us if it helps you.
>
> Regards,
> Raul
>
>
> On 7/13/06, Hess Yvan <Yvan.Hess@imtf.ch> wrote:
> >
> >
> > Hi,
> >
> > Due to a problem in XML security library version 1.3 that was not
> > thread safe, I got the version xmlsec-1.4.Beta0.jar. Doing some test I
>
> > detected that the generated XML encryption block of XML encrypted
> > document is NOT THE SAME in version 1.4 and in the version 1.3.
> > Version 1.4 sets a DEFAULT namespace for xmldsig and for example the
> > KeyInfo element is written as <KeyInfo> instead of <ds:KeyInfo> as
> > before. The fact that a default namespace is used causes problems in
> > my application. Please can you help me to solve this problem and give
> me some solution to solve it.
> >
> > Thanks in advance
> >
> > Regards Yvan Hess
> >
> > VERSION 1.3:
> >
> >    <edoc:EncryptionBlock id="Revision-1-Encryption-1"
> > xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> >       <xenc:EncryptedKey>
> >          <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
> >          <ds:KeyInfo>
> >             <ds:KeyName>H5DEMO-ENC</ds:KeyName>
> >          </ds:KeyInfo>
> >          <xenc:CipherData>
> >
> > <xenc:CipherValue>s7quAENaOlnur3....</xenc:CipherValue>
> >          </xenc:CipherData>
> >
> > <xenc:CarriedKeyName>SYSKEY-1152718774975</xenc:CarriedKeyName>
> >       </xenc:EncryptedKey>
> >       <xenc:EncryptedData>
> >          <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
> >          <ds:KeyInfo>
> >             <ds:KeyName>SYSKEY-1152718774975</ds:KeyName>
> >          </ds:KeyInfo>
> >          <xenc:CipherData>
> >             <xenc:CipherReference
> > URI="urn:hypersuite:63663F3E-C0A8027A01627C16-1CA0489B"/>
> >          </xenc:CipherData>
> >       </xenc:EncryptedData>
> >    </edoc:EncryptionBlock>
> >
> >
> > VERSION 1.4:
> >
> >    <edoc:EncryptionBlock id="Revision-1-Encryption-1"
> > xmlns="http://www.w3.org/2000/09/xmldsig#"
> > xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
> >
> > <edoc:EncryptionDate>2006-07-12T16:40:56</edoc:EncryptionDate>
> >       <edoc:Encryptor>IMTF Hypersuite Capture Server</edoc:Encryptor>
> >       <xenc:EncryptedKey>
> >          <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
> >          <KeyInfo>
> >             <KeyName>TestDMO</KeyName>
> >          </KeyInfo>
> >          <xenc:CipherData>
> >
> > <xenc:CipherValue>Af97+MWWWzxXqLocfm/xzu......</xenc:CipherValue>
> >          </xenc:CipherData>
> >
> > <xenc:CarriedKeyName>SYSKEY-1152714533719</xenc:CarriedKeyName>
> >       </xenc:EncryptedKey>
> >       <xenc:EncryptedData>
> >          <xenc:EncryptionMethod
> > Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/>
> >          <KeyInfo>
> >             <KeyName>SYSKEY-1152714533719</KeyName>
> >          </KeyInfo>
> >          <xenc:CipherData>
> >             <xenc:CipherReference
> > URI="urn:hypersuite:632EF16A-0A024301000C74FE-C69D3102"/>
> >          </xenc:CipherData>
> >       </xenc:EncryptedData>
> >    </edoc:EncryptionBlock>
> >
> >
>
>
> --
> http://r-bg.com
>


-- 
http://r-bg.com

Mime
View raw message