santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 38655] - Canonicalizer gets exception in meny namespaces.
Date Thu, 18 Oct 2007 15:22:28 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=38655>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=38655





------- Additional Comments From f.merighi@cineca.it  2007-10-18 08:22 -------
- Environment: Java version: 1.6.0_03 (suspected on all OS, but currently 
tested on Windows XP)

- Problem: when sign an xml document with more than one namespace, XML 
Signature throws an exception caused by the Canonicalizer

- Reproduce:

public static void main(String args[]) throws Exception {
	DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
	dbf.setNamespaceAware(true);
	Document doc = dbf.newDocumentBuilder().parse(
			new FileInputStream(args[0]));
	XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
	DigestMethod digestMethod = fac.newDigestMethod(
			"http://www.w3.org/2000/09/xmldsig#sha1", null);
	
	SignedInfo signedInfo = fac.newSignedInfo(fac.newCanonicalizationMethod
(
			"http://www.w3.org/TR/2001/REC-xml-c14n-20010315",
			(C14NMethodParameterSpec) null), fac.newSignatureMethod
(
					"http://www.w3.org/2000/09/xmldsig#rsa-
sha1", null), Collections.singletonList(fac.newReference("", digestMethod, 
null,
			"http://www.w3.org/2000/09/xmldsig#object", null)));
	
	DOMSignContext signContext = new DOMSignContext( 
KeyPairGenerator.getInstance("RSA").generateKeyPair().getPrivate(), doc
			.getDocumentElement());
	fac.newXMLSignature(signedInfo, null).sign(signContext);
}

With XML input:

<?xml version="1.0"?>
  <wiki
      xmlns:generated-command="http://foo.com/command"
    xmlns:generated-event="http://foo.com/event"
    xmlns:command="http://foo.com/command"
    xmlns:ui="http://foo.com/ui"
    xmlns:event="http://foo.com/event"
    xmlns:instruction="http://foo/instruction"
    xmlns:directory="http://foo.com/io/directory"
    xmlns:function="http://foo.com/function"
    xmlns="http://www.w3.org/1999/xhtml"
    xmlns:ctrl="http://foo.com/controls"
    xmlns:wiki="http://foo.com/samples/wiki">
  <wiki:content>
    <wiki:paragraph />
  </wiki:content>
</wiki>

- Result:

Exception in thread "main" javax.xml.crypto.dsig.XMLSignatureException: 
java.lang.ArrayIndexOutOfBoundsException: 23
	at org.jcp.xml.dsig.internal.dom.DOMReference.transform(Unknown Source)
	at org.jcp.xml.dsig.internal.dom.DOMReference.digest(Unknown Source)
	at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference
(Unknown Source)
	at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(Unknown Source)
	at CanonicalizerTest.main(CanonicalizerTest.java:32)
Caused by: java.lang.ArrayIndexOutOfBoundsException: 23
	at 
com.sun.org.apache.xml.internal.security.c14n.implementations.SymbMap.index
(Unknown Source)
	at 
com.sun.org.apache.xml.internal.security.c14n.implementations.SymbMap.get
(Unknown Source)
	at 
com.sun.org.apache.xml.internal.security.c14n.implementations.NameSpaceSymbTabl
e.addMappingAndRender(Unknown Source)
	at 
com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer2001
0315.handleAttributesSubtree(Unknown Source)
	at 
com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase
.canonicalizeSubTree(Unknown Source)
	at 
com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase
.engineCanonicalizeSubTree(Unknown Source)
	at 
com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase
.engineCanonicalize(Unknown Source)
	at 
com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput.updateOutp
utStream(Unknown Source)
	... 5 more


This bug is critical for XML Signature: i've submitted it to Java Developer 
Bug Report too.


-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

Mime
View raw message