[prev in list] [next in list] [prev in thread] [next in thread]
List: xml-security-dev
Subject: RE: Java canonicalizer unrendered namespaces
From: Miha Vidmar <miha.vidmar () hermes ! si>
Date: 2005-08-18 7:13:03
Message-ID: 71A2775A913CF2459521D91028E219BC02321545 () hal9000 ! hermes ! si
[Download RAW message or body]
Ok, this is the test case that fails for me (this is after i signed the
document, but i deleted the signaturevalue and keyinfo) - the digest for the
reference is wrong. Funny enough when i save this document to disk the usual
way with the XMLSerializer it doubles the namespace in //object/a node ( it
creates <a xmlns="" xmlns="">). But that's a whole different mailing list.
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"
Id="EnvelopingSignature-61982405979415507709">
<SignedInfo>
<CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<Reference URI="#Object-27446641795315752014">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>bDqDpEzttBTR9BRF7O6U7PTub60=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue></SignatureValue>
<KeyInfo></KeyInfo>
<Object Id="Object-27446641795315752014"><a xmlns="">XXXX</a></Object>
</Signature>
________________________________
From: Miha Vidmar [mailto:miha.vidmar@hermes.si]
Sent: Wednesday, August 17, 2005 6:07 PM
To: 'security-dev@xml.apache.org '
Subject: RE: Java canonicalizer unrendered namespaces
When I was looking at the code, whenever n.rendered is set to true, the
n.lastrendered is set to whichever uri was just rendered. So just based on
that the data in lastrendered is wrong if it is set to "". That's what i
figured.
Unfortunatly I don't have the test case anymore, but i'll try to rewrite it
tomorrow.
Miha
-----Original Message-----
From: Raul Benito
To: security-dev@xml.apache.org
Sent: 8/17/05 5:31 PM
Subject: Re: Java canonicalizer unrendered namespaces
I need a test case, for this. I think I have a test case that
excercise this behaviour and it pass.
So can you send me a code that fails with this behaviour.
Thanks,
Raul
On 8/17/05, Miha Vidmar <miha.vidmar@hermes.si> wrote:
>
> Hi,
>
> i'm using the latest released version of java security package and i
think i
> found a small problem in NameSpaceSymbTable.java function
getUnrenderedNodes
> (i checked the CVS version, it doesn't have this fixed).
>
> In case of the following:
> <parent xmlns="http://www.w3.org/2000/09/xmldsig#">
> <Object id="test"><a xmlns=""></a></Object>
> </parent>
>
> when canonicalizing test uri, the namespace in a is removed since it
is
> compared to an empty uri which is not set when getting rendering
parent
> namespaces. The following helped solved the problem (adding the
> n.lastrendered=n.uri line):
>
> public void getUnrenderedNodes(Collection result) {
> //List result=new ArrayList();
> Iterator it=symb.entrySet().iterator();
> while (it.hasNext()) {
> NameSpaceSymbEntry
> n=(NameSpaceSymbEntry)((Map.Entry)it.next()).getValue();
> //put them rendered?
> if ((!n.rendered) && (n.n!=null)) {
> result.add(n.n);
> n.lastrendered=n.uri;
> n.rendered=true;
> }
> }
> }
>
>
> ________________________________________
> Miha Vidmar
> HERMES Softlab d.d., Ljubljana, Slovenija
> Tel. +386 (0)1 586 52 00
> Fax. +386 (0)1 586 52 70
> mailto:miha.vidmar@hermes.si
> http://www.hermes.si
> ________________________________________
>
--
http://r-bg.com
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 5.5.2658.2">
<TITLE>RE: Java canonicalizer unrendered namespaces</TITLE>
</HEAD>
<BODY>
<P><FONT SIZE=2>Ok, this is the test case that fails for me (this is after i signed \
the document, but i deleted the signaturevalue and keyinfo) - the digest for the \
reference is wrong. Funny enough when i save this document to disk the usual way with \
the XMLSerializer it doubles the namespace in //object/a node ( it creates <a \
xmlns="" xmlns="">). But that's a whole different mailing \
list.</FONT></P>
<P><FONT SIZE=2> </FONT>
<BR><FONT SIZE=2><?xml version="1.0" \
encoding="UTF-8"?></FONT> <BR><FONT SIZE=2><Signature xmlns="<A \
HREF="http://www.w3.org/2000/09/xmldsig" \
TARGET="_blank">http://www.w3.org/2000/09/xmldsig</A>#" \
Id="EnvelopingSignature-61982405979415507709"></FONT> <BR><FONT \
SIZE=2><SignedInfo></FONT> <BR><FONT SIZE=2><CanonicalizationMethod \
Algorithm="<A HREF="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" \
TARGET="_blank">http://www.w3.org/TR/2001/REC-xml-c14n-20010315</A>"/></FONT> \
<BR><FONT SIZE=2><SignatureMethod Algorithm="<A \
HREF="http://www.w3.org/2000/09/xmldsig#rsa-sha1" \
TARGET="_blank">http://www.w3.org/2000/09/xmldsig#rsa-sha1</A>"/></FONT> \
<BR><FONT SIZE=2><Reference \
URI="#Object-27446641795315752014"></FONT> <BR><FONT \
SIZE=2><DigestMethod Algorithm="<A \
HREF="http://www.w3.org/2000/09/xmldsig#sha1" \
TARGET="_blank">http://www.w3.org/2000/09/xmldsig#sha1</A>"/></FONT> \
<BR><FONT SIZE=2><DigestValue>bDqDpEzttBTR9BRF7O6U7PTub60=</DigestValue></FONT>
<BR><FONT SIZE=2></Reference></FONT>
<BR><FONT SIZE=2></SignedInfo></FONT>
<BR><FONT SIZE=2><SignatureValue></SignatureValue></FONT>
<BR><FONT SIZE=2><KeyInfo></KeyInfo></FONT>
<BR><FONT SIZE=2><Object Id="Object-27446641795315752014"><a \
xmlns="">XXXX</a></Object></FONT> <BR><FONT \
SIZE=2></Signature></FONT> </P>
<P><FONT SIZE=2>________________________________</FONT>
</P>
<P><FONT SIZE=2>From: Miha Vidmar [<A \
HREF="mailto:miha.vidmar@hermes.si">mailto:miha.vidmar@hermes.si</A>] </FONT> \
<BR><FONT SIZE=2>Sent: Wednesday, August 17, 2005 6:07 PM</FONT> <BR><FONT SIZE=2>To: \
'security-dev@xml.apache.org '</FONT> <BR><FONT SIZE=2>Subject: RE: Java \
canonicalizer unrendered namespaces</FONT> </P>
<BR>
<BR>
<P><FONT SIZE=2>When I was looking at the code, whenever n.rendered is set to true, \
the n.lastrendered is set to whichever uri was just rendered. So just based on that \
the data in lastrendered is wrong if it is set to "". That's what i \
figured.</FONT></P>
<P><FONT SIZE=2>Unfortunatly I don't have the test case anymore, but i'll try to \
rewrite it tomorrow. </FONT> </P>
<P><FONT SIZE=2>Miha </FONT>
</P>
<P><FONT SIZE=2>-----Original Message----- </FONT>
<BR><FONT SIZE=2>From: Raul Benito </FONT>
<BR><FONT SIZE=2>To: security-dev@xml.apache.org </FONT>
<BR><FONT SIZE=2>Sent: 8/17/05 5:31 PM </FONT>
<BR><FONT SIZE=2>Subject: Re: Java canonicalizer unrendered namespaces </FONT>
</P>
<P><FONT SIZE=2>I need a test case, for this. I think I have a test case that </FONT>
<BR><FONT SIZE=2>excercise this behaviour and it pass. </FONT>
<BR><FONT SIZE=2>So can you send me a code that fails with this behaviour. </FONT>
</P>
<P><FONT SIZE=2>Thanks, </FONT>
</P>
<P><FONT SIZE=2>Raul </FONT>
<BR><FONT SIZE=2>On 8/17/05, Miha Vidmar <miha.vidmar@hermes.si> wrote: </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> Hi, </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> i'm using the latest released version of java security package \
and i </FONT> <BR><FONT SIZE=2>think i </FONT>
<BR><FONT SIZE=2>> found a small problem in NameSpaceSymbTable.java function \
</FONT> <BR><FONT SIZE=2>getUnrenderedNodes </FONT>
<BR><FONT SIZE=2>> (i checked the CVS version, it doesn't have this fixed). \
</FONT> <BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> In case of the following: </FONT>
<BR><FONT SIZE=2>> <parent xmlns="<A \
HREF="http://www.w3.org/2000/09/xmldsig" \
TARGET="_blank">http://www.w3.org/2000/09/xmldsig</A>#"> </FONT> <BR><FONT \
SIZE=2>> <Object id="test"><a \
xmlns=""></a></Object> </FONT> <BR><FONT SIZE=2>> \
</parent> </FONT> <BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> when canonicalizing test uri, the namespace in a is removed \
since it </FONT> <BR><FONT SIZE=2>is </FONT>
<BR><FONT SIZE=2>> compared to an empty uri which is not set when getting \
rendering </FONT> <BR><FONT SIZE=2>parent </FONT>
<BR><FONT SIZE=2>> namespaces. The following helped solved the problem (adding the \
</FONT> <BR><FONT SIZE=2>> n.lastrendered=n.uri line): </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> public void getUnrenderedNodes(Collection result) \
{ </FONT> <BR><FONT SIZE=2>> //List result=new \
ArrayList(); </FONT> <BR><FONT SIZE=2>> Iterator \
it=symb.entrySet().iterator(); </FONT> <BR><FONT SIZE=2>> \
while (it.hasNext()) { </FONT> <BR><FONT \
SIZE=2>> NameSpaceSymbEntry </FONT> <BR><FONT \
SIZE=2>> n=(NameSpaceSymbEntry)((Map.Entry)it.next()).getValue(); </FONT> \
<BR><FONT SIZE=2>> //put them rendered? \
</FONT> <BR><FONT SIZE=2>> if ((!n.rendered) \
&& (n.n!=null)) { </FONT> <BR><FONT \
SIZE=2>> result.add(n.n); </FONT> \
<BR><FONT SIZE=2>> n.lastrendered=n.uri; \
</FONT> <BR><FONT SIZE=2>> \
n.rendered=true; </FONT> <BR><FONT SIZE=2>> } \
</FONT> <BR><FONT SIZE=2>> } </FONT>
<BR><FONT SIZE=2>> } </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> </FONT>
<BR><FONT SIZE=2>> ________________________________________ </FONT>
<BR><FONT SIZE=2>> Miha Vidmar </FONT>
<BR><FONT SIZE=2>> HERMES Softlab d.d., Ljubljana, Slovenija </FONT>
<BR><FONT SIZE=2>> Tel. +386 (0)1 586 52 00 </FONT>
<BR><FONT SIZE=2>> Fax. +386 (0)1 586 52 70 </FONT>
<BR><FONT SIZE=2>> <A \
HREF="mailto:miha.vidmar@hermes.si">mailto:miha.vidmar@hermes.si</A> </FONT> \
<BR><FONT SIZE=2>> <A HREF="http://www.hermes.si" \
TARGET="_blank">http://www.hermes.si</A> </FONT> <BR><FONT SIZE=2>> \
________________________________________ </FONT> <BR><FONT SIZE=2>> \
</FONT> </P>
<BR>
<P><FONT SIZE=2>-- </FONT>
<BR><FONT SIZE=2><A HREF="http://r-bg.com" TARGET="_blank">http://r-bg.com</A> \
</FONT> </P>
</BODY>
</HTML>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic