santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From flaklypa <daniel.gran...@trustweaver.com>
Subject Another c14n11 bug?
Date Tue, 10 May 2011 13:19:32 GMT

In version 1.4.4 it seems that the xml:base attribute is not processed
correctly. I have modified the input 
in the sample org.apache.xml.security.samples.canonicalization.CanonSubTree
to make it look like this:

<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
xml:base="http://www.acme.com/resources/">
  <SignedInfo xml:base="subresources/"><!-- comment inside -->
    <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
    <Reference URI="http://www.w3.org/TR/xml-stylesheet">
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
      <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>
    fKMmy9GYF2s8rLFrZdVugTOFuWx19ccX7jh5HqFd4vMOY7LWAj52ykjSdvtW3fNY
    PPYGC4MFL19oPSId5GEsMtFMpGXB3XaCtoKjMCHQsN3+kom8YnGf7Ge1JNRcGty5
    0UsoP6Asj47+QR7QECT64uoziha4WRDVyXjDrg24W+U=
  </SignatureValue>
  <KeyInfo>
    <KeyName>Lugh</KeyName>
  </KeyInfo>
</Signature>

The only changes are the xml:base attributes on the Signature and SignedInfo
elements. The other
change I've made is to use c14n11 (http://www.w3.org/2006/12/xml-c14n11).
The output from the sample is:

<SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"
xml:base="subresources/">
    <CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></CanonicalizationMethod>
    <SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></SignatureMethod>
    <Reference URI="http://www.w3.org/TR/xml-stylesheet">
      <DigestMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></DigestMethod>
      <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
    </Reference>
  </SignedInfo>

I would have expected the xml:base attribute to get the value
"http://www.acme.com/resources/subresources/".
I have also tested this against the latest source in the 1.4.x-fixes branch
with the same result.

--
Kind regards

-- 
View this message in context: http://old.nabble.com/Another-c14n11-bug--tp31585489p31585489.html
Sent from the Apache XML - Security - Dev mailing list archive at Nabble.com.


Mime
View raw message