santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jason marshall" <jdmarsh...@gmail.com>
Subject Re: Known C14N bugs?
Date Wed, 03 Sep 2008 23:46:24 GMT
Ah, that does appear to be the case.  Thank you.

So I can add comments to a signed node, but only if I don't modify the
whitespace outside the comment.  Which sort of makes the utility of
being able to add/modify comments to a signed node annoying at best
(and sinister at worst, which is exactly why I'm currently reworking
my tests).

Thanks,
Jason

On Wed, Sep 3, 2008 at 3:38 PM, Anli Shundi <ashundi@tibco.com> wrote:
> I think your interpretation is wrong: whitespace around comments is
> irrelevant only when they're outside the document element (the single root
> element).
>
> See http://www.w3.org/TR/xml-c14n#Example-OutsideDoc
>
> -Anli
>
> jason marshall wrote:
>
> Where can I get a list of the known C14N bugs in XMLSec 1.3.0?
>
> I have a problem where one of my unit tests is incorrectly failing due
> to a pattern like the following:
>
>
> <ds:Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties"
> URI="#47b38f3b">
> <ds:Transforms>
> <ds:Transform
> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod
> Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"></ds:DigestMethod>
> <ds:DigestValue>qZhbpRF5y9PMnNsegBonsB1UTNjt3dE/t4P/NbFvFIE=</ds:DigestValue>
> </ds:Reference>
>
> ...
> <ds:SignatureProperties Id="47b38f3b">
> <!-- I'm just a little black raincloud... -->
> <ds:SignatureProperty ...
>
>
> The comment has been programatically added to the SignatureProperties
> node to prove that comments aren't included in the digested data.
> If I take out the carriage return after the comment, the test passes
> as expected.  With the newline, it fails.  My understanding of C14N
> without comments is that this code is in error.  Am I right?  Was this
> fixed in a later version?
>
> (Is there a newer version that doesn't have any regressions in it?
> The general bug history seems to indicate the answer is 'no')
>
> Thanks,
>
>
> --
> - Jason
>
>



-- 
- Jason

Mime
View raw message