santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Pellerin, Clement" <Clement_Pelle...@ibi.com>
Subject RE: Extra xmlns after decrypt
Date Wed, 28 Mar 2012 15:09:43 GMT
There are two issues here.

1- Decrypting does not produce the same Element as the one that was encrypted.
2- Encrypting multiple elements does not produce the same result for identical subtrees.

Issue 1 is a direct result of choosing a standard canonicalization algorithm.
Inclusive C14N adds namespace declarations inherited from the context.
You can configure XMLCipher to use Exclusive C14N but that leaves out
namespace declarations that are not explicitly used.
I believe to solve issue 1 we need to implement a non-standard canonicalization
that simply emits the nodes as is.

Issue 2 is because the canonicalizer has a flag causing it to behave differently
the first time it is used. I have logged SANTUARIO-308 for this.


-----Original Message-----
From: Colm O hEigeartaigh
Sent: Wednesday, March 28, 2012 5:42 AM

It's probably a (minor) bug in the canonicalization code.

On Thu, Mar 22, 2012 at 7:26 PM, Pellerin, Clement wrote:
> I start with this document:
>
> <env:Envelope
> xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>
> aa</elem></env:Body></env:Envelope>
>
>
>
> I encrypt the <elem> element and immediately decrypt it. The resulting 
> document has an extra namespace declaration:
>
> <env:Envelope
> xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem
> xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">aa</elem></env:B
> ody></env:Envelope>
>
>
>
> The funny thing is, if I encrypt two sibling <elem> elements, only the 
> first one has the extra namespace declaration.

Mime
View raw message