Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 4241 invoked from network); 15 Feb 2008 14:24:41 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 15 Feb 2008 14:24:41 -0000 Received: (qmail 80366 invoked by uid 500); 15 Feb 2008 14:24:34 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 80354 invoked by uid 500); 15 Feb 2008 14:24:34 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 80343 invoked by uid 99); 15 Feb 2008 14:24:34 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Feb 2008 06:24:34 -0800 X-ASF-Spam-Status: No, hits=-1.0 required=10.0 tests=RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (athena.apache.org: local policy) Received: from [192.18.98.34] (HELO brmea-mail-3.sun.com) (192.18.98.34) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 15 Feb 2008 14:24:01 +0000 Received: from fe-amer-10.sun.com ([192.18.109.80]) by brmea-mail-3.sun.com (8.13.6+Sun/8.12.9) with ESMTP id m1FEO91O014828 for ; Fri, 15 Feb 2008 14:24:09 GMT Received: from conversion-daemon.mail-amer.sun.com by mail-amer.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) id <0JWA00H01ADQRK00@mail-amer.sun.com> (original mail from Sean.Mullan@Sun.COM) for security-dev@xml.apache.org; Fri, 15 Feb 2008 07:24:09 -0700 (MST) Received: from [129.148.174.250] by mail-amer.sun.com (Sun Java System Messaging Server 6.2-8.04 (built Feb 28 2007)) with ESMTPSA id <0JWA00C02AO7ZWD0@mail-amer.sun.com> for security-dev@xml.apache.org; Fri, 15 Feb 2008 07:24:07 -0700 (MST) Date: Fri, 15 Feb 2008 09:24:07 -0500 From: Sean Mullan Subject: Re: Problem with URI resolving in xml-security 1.4.1 with FragmentResolver In-reply-to: <1D7BADF9A925AF41AD5B1E36DA0F60A203258DFF@CORREO.sadiel.es> Sender: Sean.Mullan@Sun.COM To: security-dev@xml.apache.org Message-id: <47B5A087.2070201@sun.com> MIME-version: 1.0 Content-type: text/plain; format=flowed; charset=windows-1252 Content-transfer-encoding: 8BIT References: <1D7BADF9A925AF41AD5B1E36DA0F60A203258DFF@CORREO.sadiel.es> User-Agent: Thunderbird 1.5.0.10 (X11/20070303) X-Virus-Checked: Checked by ClamAV on apache.org Lopez Cantero, Sergio wrote: > Hi, > > I am trying to implement XaDES signatures with the apache API > > I�m doing all the Signed and Unsigned properties myself. > > The problem is that QualifyingProperties go inside a ds:object and > version 1.4.1 can�t resolve the URI of the Signed Properties to get the > digest. > > This works on 1.4.0 and the class that does this is: > org.apache.xml.security.utils.IdResolver > > Any Ideas? Hmm, well I'm not sure why it worked in 1.4.0 and doesn't work in 1.4.1. If you send a testcase, I'll have a look. However, the IdResolver does not have builtin knowledge of the XaDES schema. It does try to guess where the ID attributes are but this is not really safe, and it is also slow. Your best solution is to use one of the following: use a schema-validating parser, register the ID attributes yourself (see IdResolver.registerElementById), or implement your own IdResolver class that is XaDES aware. > Is anyone having the same problem? Will there be a 1.4.2 version fixing > this? I would like to get a 1.4.2 release out in the next couple of months. There have been many bug fixes integrated since 1.4.1 and the open bug count is small. If anyone has an open bug that you think really needs to be fixed, let me know. Thanks, Sean