santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: Santuario with Java STAX-API ID in wrong namespace
Date Thu, 25 Jun 2015 08:52:31 GMT
This is how XML Signature references content that is signed in the same
document. Can you amend your schema with something like:

<attribute name="Id" type="ID" use="optional"/>

Colm.


On Thu, Jun 25, 2015 at 7:59 AM, etlam nahkcip <malte.pickhan@googlemail.com
> wrote:

> Hi,
>
> I am trying to sign a XML-Message with help of Apache Santuario.
>
> What I'd like to achieve is having an Enveloped Signature.
>
> This is working so far, what's an Issue though, is that Santuario is
> putting an ID field into the elements.
> This ID field is not assigned to a namespace, which in my usacese leads to
> an invalid XML, since it can't be verified with the given XSD.
>
> Even with the demo which is provided on
> https://github.com/coheigea/testcases/tree/master/apache/santuario/santuario-xml-signature
>
> I can't see that there is a namespace assigned to the ID.
>
> Example Output:
>
> <PurchaseOrder xmlns="urn:example:po">
>     <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
>         Id="Gaedee093-cfca-400c-b436-89dc426c0418">
>         <dsig:SignedInfo>
>             <dsig:CanonicalizationMethod
>                 Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>             <dsig:SignatureMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>             <dsig:Reference URI="#G5ee3b986-92b3-4c05-a23d-268dd04c4d8a">
>                 <dsig:Transforms>
>                     <dsig:Transform Algorithm="
> http://www.w3.org/2001/10/xml-exc-c14n#" />
>                 </dsig:Transforms>
>                 <dsig:DigestMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#sha1" />
>                 <dsig:DigestValue>DigestValue</dsig:DigestValue>
>             </dsig:Reference>
>         </dsig:SignedInfo>
>         <dsig:SignatureValue>SignatureValue</dsig:SignatureValue>
>         <dsig:KeyInfo Id="G18aed097-5cbc-48da-94ff-fdfca5a0b3b9">
>             <dsig:X509Data>
>                 <dsig:X509Certificate>CertValue</dsig:X509Certificate>
>             </dsig:X509Data>
>         </dsig:KeyInfo>
>     </dsig:Signature>
>     <Items>
>         <Item Code="001-001-001" Quantity="1">
>             spade
>         </Item>
>         <Item Code="001-001-002" Quantity="1">
>             shovel
>         </Item>
>     </Items>
>     <ShippingAddress>
>         Dig PLC, 1 First Ave, Dublin 1, Ireland
>     </ShippingAddress>
>     <PaymentInfo Id="G5ee3b986-92b3-4c05-a23d-268dd04c4d8a">
>         <BillingAddress>
>             Dig PLC, 1 First Ave, Dublin 1, Ireland
>         </BillingAddress>
>         <CreditCard Type="Amex">
>             <Name>Foo B Baz</Name>
>             <Number>1234 567890 12345</Number>
>             <Expires Month="1" Year="2005" />
>         </CreditCard>
>     </PaymentInfo>
> </PurchaseOrder>
>
> Is there any way to exclude the ID or to assign it to a namespace?
>
> Best Regards
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message