santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From etlam nahkcip <malte.pick...@googlemail.com>
Subject Re: Santuario with Java STAX-API ID in wrong namespace
Date Thu, 25 Jun 2015 09:25:18 GMT
No, since the schema is hold by a foreign service not maintained by me.

Is it at least possible to define a custom namespace for the ID?
Is the ID included during the calculation of the signature?

2015-06-25 10:52 GMT+02:00 Colm O hEigeartaigh <coheigea@apache.org>:

>
> This is how XML Signature references content that is signed in the same
> document. Can you amend your schema with something like:
>
> <attribute name="Id" type="ID" use="optional"/>
>
> Colm.
>
>
> On Thu, Jun 25, 2015 at 7:59 AM, etlam nahkcip <
> malte.pickhan@googlemail.com> wrote:
>
>> Hi,
>>
>> I am trying to sign a XML-Message with help of Apache Santuario.
>>
>> What I'd like to achieve is having an Enveloped Signature.
>>
>> This is working so far, what's an Issue though, is that Santuario is
>> putting an ID field into the elements.
>> This ID field is not assigned to a namespace, which in my usacese leads
>> to an invalid XML, since it can't be verified with the given XSD.
>>
>> Even with the demo which is provided on
>> https://github.com/coheigea/testcases/tree/master/apache/santuario/santuario-xml-signature
>>
>> I can't see that there is a namespace assigned to the ID.
>>
>> Example Output:
>>
>> <PurchaseOrder xmlns="urn:example:po">
>>     <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
>>         Id="Gaedee093-cfca-400c-b436-89dc426c0418">
>>         <dsig:SignedInfo>
>>             <dsig:CanonicalizationMethod
>>                 Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
>>             <dsig:SignatureMethod Algorithm="
>> http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>>             <dsig:Reference URI="#G5ee3b986-92b3-4c05-a23d-268dd04c4d8a">
>>                 <dsig:Transforms>
>>                     <dsig:Transform Algorithm="
>> http://www.w3.org/2001/10/xml-exc-c14n#" />
>>                 </dsig:Transforms>
>>                 <dsig:DigestMethod Algorithm="
>> http://www.w3.org/2000/09/xmldsig#sha1" />
>>                 <dsig:DigestValue>DigestValue</dsig:DigestValue>
>>             </dsig:Reference>
>>         </dsig:SignedInfo>
>>         <dsig:SignatureValue>SignatureValue</dsig:SignatureValue>
>>         <dsig:KeyInfo Id="G18aed097-5cbc-48da-94ff-fdfca5a0b3b9">
>>             <dsig:X509Data>
>>                 <dsig:X509Certificate>CertValue</dsig:X509Certificate>
>>             </dsig:X509Data>
>>         </dsig:KeyInfo>
>>     </dsig:Signature>
>>     <Items>
>>         <Item Code="001-001-001" Quantity="1">
>>             spade
>>         </Item>
>>         <Item Code="001-001-002" Quantity="1">
>>             shovel
>>         </Item>
>>     </Items>
>>     <ShippingAddress>
>>         Dig PLC, 1 First Ave, Dublin 1, Ireland
>>     </ShippingAddress>
>>     <PaymentInfo Id="G5ee3b986-92b3-4c05-a23d-268dd04c4d8a">
>>         <BillingAddress>
>>             Dig PLC, 1 First Ave, Dublin 1, Ireland
>>         </BillingAddress>
>>         <CreditCard Type="Amex">
>>             <Name>Foo B Baz</Name>
>>             <Number>1234 567890 12345</Number>
>>             <Expires Month="1" Year="2005" />
>>         </CreditCard>
>>     </PaymentInfo>
>> </PurchaseOrder>
>>
>> Is there any way to exclude the ID or to assign it to a namespace?
>>
>> Best Regards
>>
>
>
>
> --
> Colm O hEigeartaigh
>
> Talend Community Coder
> http://coders.talend.com
>

Mime
View raw message