santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Inoguchi, Kinichiro" <Kinichiro.Inogu...@hp.com>
Subject RE: Why namespace in SignedContentItem is removed ?
Date Wed, 05 Jun 2013 08:26:05 GMT
Hi,

I could find one thing.

After creating XML document, 
calling normalizeDocument() solves this issue.

==================================================
    ...
    // add Signature into document
    e1.appendChild(sig.getElement());

    doc.normalizeDocument();

    //
    Transforms transforms = new Transforms(doc);
    ...
==================================================

This change of code generates output like below.

==================================================
--- Signed Content in Signature is missing namespace 'http://xxx.yyy.zzz/' from 'myItem' ---
<myXml xmlns="http://aaa.bbb.ccc/" xmlns:NS1="http://aaa.bbb.ccc/" NS1:Id="signed"><myData><myItem
xmlns="http://xxx.yyy.zzz/">Item1</myItem></myData></myXml>
==================================================

<myItem> has its right namespace.

Is this a right way to solve this issue ?

Thanks.



From: Colm O hEigeartaigh [mailto:coheigea@apache.org] 
Sent: Wednesday, June 05, 2013 12:01 AM
To: dev@santuario.apache.org
Subject: Re: Why namespace in SignedContentItem is removed ?


What version of the library are you using to generate the Signature?

Colm.

On Tue, Jun 4, 2013 at 9:07 AM, Inoguchi, Kinichiro <Kinichiro.Inoguchi@hp.com> wrote:
Hi,

Now I'm trying to work with detached and sibling XML signature.
I could sign to my XML, but I realized that SignedContentItem in
XMLSignature missed namespace I added.

Here is my XML document, and I signed to <myXml>.
<myXml> contains <myData>, and <myData> contains <myItem>.
<myItem> belongs to namespace "http://xxx.yyy.zzz/".
============================================================
<myPayload xmlns="http://aaa.bbb.ccc/">
    <myXml xmlns:ns0="http://aaa.bbb.ccc/" ns0:Id="signed">
        <myData>
            <myItem xmlns="http://xxx.yyy.zzz/">Item1</myItem>
        </myData>
    </myXml>
    <ds:Signature>
        ...
    </ds:Signature>
</myPayload>
============================================================

And SignedContentItem in XMLSignature was like below.
============================================================
<myXml xmlns="http://aaa.bbb.ccc/" Id="signed"><myData><myItem>Item1</myItem></myData></myXml>
============================================================

I wonder why namespace is removed from <myItem>.
I'm afraid that this will causes wrong digest value calculation.

I've read the thread "vanishing attribute namespace prefixes",
but I couldn't get the conclusion by myself.

Does anyone tell me how to resolve this issue ?

I attached source code (TestMySignature.java)
and result (TestMySignature.txt).

Thanks.



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message