santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Tournier" <eric.tourn...@keynectis.com>
Subject RE: Namespaces
Date Thu, 03 May 2007 12:30:07 GMT
Berin, Sean,

  Many thanks for your help and your suggestions :) It really helps me to understand my problem
and the working solution is :
1- set the dsig prefix to "" and the enc prefix to "xenc" while signing ;
2- set the dsig prefix to "ds" and the enc prefix to "" while encrypting.

  I know this is a workaround because I should modify my API to support namespaces :))

Eric

> -----Message d'origine-----
> De : Sean.Mullan@Sun.COM [mailto:Sean.Mullan@Sun.COM] 
> Envoyé : mercredi 25 avril 2007 22:58
> À : security-dev@xml.apache.org
> Objet : Re: Namespaces
> 
> I assume you are using the Apache XML Security APIs and not 
> the standard JSR 105 API. In that case, try calling the 
> following static methods before you sign/encrypt your data:
> 
> to set the dsig prefix to "":
> 
> org.apache.xml.security.utils.Constants.setSignatureSpecNSprefix("");
> 
> to set the enc prefix to "":
> 
> org.apache.xml.security.utils.ElementProxy.setPrefix(org.apach
> e.xml.security.encryption.EncryptionConstants.EncryptionSpecNS,
> "");
> 
> Let me know if that works.
> 
> --Sean
> 
> Berin Lautenbach wrote:
> > OK - first up I'm not an expert on the Java library, more 
> on the C++ 
> > library.
> > 
> > The two examples you sent through are completely separate - 
> one is for 
> > sig and one encryption.  So my guess is that in your situation you 
> > could set the namespace prefix to "" for the dsig namespace 
> when you 
> > are doing a signature and to "" for the xenc namespace when you are 
> > doing encryption.  I.e. do one or the other - not both.  If 
> you need 
> > to do both encryption and signature in one document, I'm not sure 
> > whether the library will let you do that easily.  I know you can't 
> > have both namespaces as the default, but maybe you can 
> switch between 
> > each other as the default depending on what you are trying to do.
> > 
> > Hopefully someone else can comment in that case.
> > 
> > As a side note - namespace support is mandatory according 
> to the spec.
> > What is optional is the use of "dsig" as the namespace 
> prefix.  So in 
> > reality a compliant implementation needs to support the use of a 
> > prefix for the signature and encryption namespaces.
> > 
> > Cheers,
> >     Berin
> > 
> > Eric Tournier wrote:
> >> Hi Berin :)
> >>
> >>   I hope your baby goes well and let you sleep :)
> >>
> >>   Was the previously posted XML useful ? I checked the W3 
> XMLEnc and 
> >> XMLDSig references and found that thes two namespaces were 
> optional 
> >> (§1.3), so could you help me to configure XMLSecurity classe to 
> >> produce signed XML without ds: then produce with this doc 
> a encrypted 
> >> XML without xenc: ?
> >>
> >> Thanks in advance
> >> Eric
> >>
> >>> -----Message d'origine-----
> >>> De : Berin Lautenbach [mailto:berin@wingsofhermes.org] Envoyé :
> >>> mercredi 18 avril 2007 14:05
> >>> À : security-dev@xml.apache.org
> >>> Objet : Re: Namespaces
> >>>
> >>> Can you post a signature from the implementation you use 
> to see what 
> >>> it looks like?
> >>>
> >>> Cheers,
> >>>     Berin
> >>>
> >>> Eric Tournier wrote:
> >>>> Hi Berin :)
> >>>>
> >>>>   I'm using a home-made XML Encryption implementation but
> >>> unfortunately I'm not the developer of it. This 
> implementation does 
> >>> not support ds: and xenc: prefixes, so I try not to have them. In 
> >>> order to test interoperability of it with well-known API, 
> I'm trying 
> >>> to encrypt a XML document with XML Security and decrypt 
> the result 
> >>> with my implementation, and vice-versa.
> >>>>   My intent is not to have two different namespaces as the
> >>> default namespace for the Signature element, but trying 
> not to have 
> >>> any of the ds: and xenc: prefix into the final encrypted 
> then signed 
> >>> XML document : element <Signature instead of <ds:Signature and 
> >>> <CipherValue instead of <xenc:CipherValue.
> >>>>   Thanks for your help
> >>>>
> >>>> Eric
> >>>>
> >>>>> -----Message d'origine-----
> >>>>> De : Berin Lautenbach [mailto:berin@wingsofhermes.org] Envoyé :
> >>>>> mercredi 18 avril 2007 11:36 À : 
> >>> security-dev@xml.apache.org Objet :
> >>>>> Re: Namespaces
> >>>>>
> >>>>> As far as I can see - effectively your trying to have two
> >>> different
> >>>>> namespaces as the default namespace for the Signature
> >>> element.  Which
> >>>>> can't really be done.  Or am I misreading your intent?
> >>>>>
> >>>>> Why do you not want the namespaces?  Both specs exist inside a 
> >>>>> specific namespace, so you can't not use them.
> >>>>>
> >>>>> Cheers,
> >>>>>     Berin
> >>>>>
> >>>>> Eric Tournier wrote:
> >>>>>> Hi :)
> >>>>>>  
> >>>>>>   I wish to encrypt then sign a XML document without the
> >>> 'ds;' and
> >>>>>> 'xenc:' namespaces. Unfortunately, I can only suppress on
> >>> of these
> >>>>>> namespaces :| The following code throws
> >>>>> XmlSecurityException always on
> >>>>>> the second line independent from its nature 
> >>>>>> (EncryptionConstants.setEncryptionSpecNSprefixor or
> >>>>>> Constants.setSignatureSpecNSprefix) :
> >>>>>> (...)
> >>>>>>   static
> >>>>>>   {
> >>>>>>     org.apache.xml.security.Init.init();
> >>>>>>     JCA.setProvider();
> >>>>>>   }
> >>>>>>  
> >>>>>>   public XMLSecurityResource() throws XMLSecurityException
> >>>>>>   {
> >>>>>>     // Suppression du namespace 'xenc:'
> >>>>>>     EncryptionConstants.setEncryptionSpecNSprefix("");
> >>>>>>     // Suppression du namespace 'ds:'
> >>>>>>     Constants.setSignatureSpecNSprefix("");
> >>>>>>   }
> >>>>>> (...)
> >>>>>>  
> >>>>>> Could someone tell me how to resolve this ?
> >>>>>> Thanks
> >>>>>> Eric
> >>>>>>  
> >>>>>> Eric TOURNIER
> >>>>>> Ingénieur concepteur objet senior - Expertise technique 
> >>>>>> Java/J2EE/XML/AOP - Spring/Hibernate/Maven 
> >>>>>> ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
> >>>>>> STERIA
> >>>>>> Département Banque, Assurance et Finance 46, rue Camille
> >>>>> Desmoulins -
> >>>>>> 92782 Issy-Les-Moulineaux Cedex 9 Tél : 01 53 94 22 94 -
> >>>>> Mob : 06 17
> >>>>>> 98 32 51 eric.tournier@steria.com
> >>> <mailto:eric.tournier@steria.com>
> >>>>>> //
> >>>>
> >>
> >>
> 
> 
> 

Mime
View raw message