santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ralph-xmlsecur...@ralphholz.de
Subject XMLEnc omits xmlns attribute through canonicalisation?
Date Tue, 28 Aug 2007 16:49:41 GMT
Hi,

I partially encrypt my document, i.e. the node set where this element is at 
the root,

<pdpa:message xmlns:pdpa="http://da.ralphholz.de/PDP-A_1" pdpaId="pdpaId" 
protocol="PDP-A_1" type="DHComplete">

and encrypt it such that the original node set is replaced.

I can only decrypt if I include the xmlns attribute further up the tree in the 
original document, otherwise I get:

Exception in thread "main" 
org.apache.xml.security.encryption.XMLEncryptionException: The prefix "pdpa" 
for element "pdpa:message" is not bound.
Original Exception was org.xml.sax.SAXParseException: The prefix "pdpa" for 
element "pdpa:message" is not bound.

When I do so and decrypt it, I see that xmlns has been omitted:

<pdpa:message pdpaId="pdpaId" protocol="PDP-A_1" type="DHComplete">

Reading 

http://www.w3.org/TR/xmlenc-decrypt#sec-interiting-xml-attributes,
http://www.w3.org/TR/xmlenc-decrypt#func-decryptXML

I get the impression this is a canonicalization issue - true? How I go about 
it if I want to keep the attribute?

Thanks,
Ralph

-- 
For contact details, please see www.ralphholz.de.

Mime
View raw message