santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Werner Dittmann <>
Subject Re: Undeclared namespace prefix
Date Mon, 29 Sep 2008 16:44:48 GMT

I've checked the input and output of c14n of xmlsec-1.4.2 and it seems
the c14n does not emit the ds: name space binding of the KeyInfo node.
Attached is the text file of the test run.

The same test but using xmlsec-1.4.1 shows the name space binding before
and after c14n.

The following the code snippet was used to produce the test output file:

         Canonicalizer c14n =
         System.out.println("Before c14n");
         byte[] canonicalMessage = c14n.canonicalizeSubtree(doc);
         System.out.println("After c14n: " + new String(canonicalMessage));

the XMLUtils.PrettyDocumentToString(doc) (XMLUtils is not the xmlsec XMLUtils
but an own one :-) ) performs as follows:

public class XMLUtils {
     public static String PrettyDocumentToString(Document doc) {
         ByteArrayOutputStream baos = new ByteArrayOutputStream();
         ElementToStream(doc.getDocumentElement(), baos);
         return new String(baos.toByteArray());

     public static void ElementToStream(Element element, OutputStream out) {
         try {
             DOMSource source = new DOMSource(element);
             StreamResult result = new StreamResult(out);
             TransformerFactory transFactory = TransformerFactory.newInstance();
             Transformer transformer = transFactory.newTransformer();
             transformer.transform(source, result);
         } catch (Exception e) {


Thus the printout "before c14n" is the doc tree just before c14n. IMHO the Transformer
does not add/modify during transformation of the doc tree to a string.


Scott Cantor schrieb:
>> Questions here: does the XML doc that goes into C14N misses any
>> xmlns: declarations at some important positions? If so - where should
>> we include these?
> With either incl or excl, the ds namespace prefix should be emitted in both
> spots, since it's visibly used in that element, and not used anywhere up
> above it. So the first/only place it should appear is in the KeyInfo
> element.
> If you're saying that the XML listed first is directly passed (in DOM form)
> into the c14n step, and the output is missing the ds namespace, then it's a
> c14n bug.
> Otherwise the bug is in the process being used to turn the original XML into
> a DOM that you give to the c14n code.
> -- Scott

View raw message