Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 26792 invoked from network); 12 Mar 2007 11:30:25 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 12 Mar 2007 11:30:25 -0000 Received: (qmail 83000 invoked by uid 500); 12 Mar 2007 11:30:32 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 82977 invoked by uid 500); 12 Mar 2007 11:30:32 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 82966 invoked by uid 99); 12 Mar 2007 11:30:32 -0000 Received: from herse.apache.org (HELO herse.apache.org) (140.211.11.133) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Mar 2007 04:30:32 -0700 X-ASF-Spam-Status: No, hits=-99.5 required=10.0 tests=ALL_TRUSTED,NO_REAL_NAME X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO brutus.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 12 Mar 2007 04:30:23 -0700 Received: by brutus.apache.org (Postfix, from userid 33) id 28A6D714044; Mon, 12 Mar 2007 04:30:02 -0700 (PDT) From: bugzilla@apache.org To: security-dev@xml.apache.org Subject: DO NOT REPLY [Bug 41821] New: - Invalid Reference Signature when are used 2 or more Namespaces Message-ID: X-Bugzilla-Reason: AssignedTo Date: Mon, 12 Mar 2007 04:30:02 -0700 (PDT) X-Virus-Checked: Checked by ClamAV on apache.org DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG� RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT . ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND� INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=41821 Summary: Invalid Reference Signature when are used 2 or more Namespaces Product: Security Version: unspecified Platform: Other OS/Version: other Status: NEW Severity: blocker Priority: P2 Component: Signature AssignedTo: security-dev@xml.apache.org ReportedBy: miro@space-comm.com CC: sean.mullan@sun.com For XAdES signatures we have to use 2 namespaces. One for Digital Signature and another for XAdES. When we do that it is not possible to make correct signature because the digest value is calculated using just one of the 2 namespaces. When the XML Signature is stored to the file using XMLUtils.outputDOMc14nWithComments the file format is correct. After that when the file again is loaded into the memory and the validation is failed because now the validation algorithm use both namespaces which is the correct situation. I try the suggested ideas using CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS Transforms in Reference without successful results. I am not so familiar with the standards, but in my opinion this is very strong bug in Java XML Signature implementation. Using of one or more namespaces with prefixes is very typical issue. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.