santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 41821] New: - Invalid Reference Signature when are used 2 or more Namespaces
Date Mon, 12 Mar 2007 11:30:02 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=41821>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=41821

           Summary: Invalid Reference Signature when are used 2 or more
                    Namespaces
           Product: Security
           Version: unspecified
          Platform: Other
        OS/Version: other
            Status: NEW
          Severity: blocker
          Priority: P2
         Component: Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: miro@space-comm.com
                CC: sean.mullan@sun.com


For XAdES signatures we have to use 2 namespaces. One for Digital Signature and
another for XAdES. When we do that it is not possible to make correct signature
because the digest value is calculated using just one of the 2 namespaces. When
the XML Signature is stored to the file using XMLUtils.outputDOMc14nWithComments
the file format is correct. After that when the file again is loaded into the
memory and the validation is failed because now the validation algorithm use
both namespaces which is the correct situation.

I try the suggested ideas using CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS
Transforms in Reference without successful results. 
I am not so familiar with the standards, but in my opinion this is very strong
bug in Java XML Signature implementation. Using of one or more namespaces with
prefixes is very typical issue.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Mime
View raw message