[prev in list] [next in list] [prev in thread] [next in thread]
List: xml-security-dev
Subject: RE: Namespaces
From: "Eric Tournier" <eric.tournier () keynectis ! com>
Date: 2007-05-03 12:30:07
Message-ID: 06D370C1EA9CAD48AF7D9AB2684D2F3F02124826 () exchange ! certplus ! com
[Download RAW message or body]
Berin, Sean,
Many thanks for your help and your suggestions :) It really helps me to understand \
my problem and the working solution is : 1- set the dsig prefix to "" and the enc \
prefix to "xenc" while signing ; 2- set the dsig prefix to "ds" and the enc prefix to \
"" while encrypting.
I know this is a workaround because I should modify my API to support namespaces \
:))
Eric
> -----Message d'origine-----
> De : Sean.Mullan@Sun.COM [mailto:Sean.Mullan@Sun.COM]
> Envoyé : mercredi 25 avril 2007 22:58
> À : security-dev@xml.apache.org
> Objet : Re: Namespaces
>
> I assume you are using the Apache XML Security APIs and not
> the standard JSR 105 API. In that case, try calling the
> following static methods before you sign/encrypt your data:
>
> to set the dsig prefix to "":
>
> org.apache.xml.security.utils.Constants.setSignatureSpecNSprefix("");
>
> to set the enc prefix to "":
>
> org.apache.xml.security.utils.ElementProxy.setPrefix(org.apach
> e.xml.security.encryption.EncryptionConstants.EncryptionSpecNS,
> "");
>
> Let me know if that works.
>
> --Sean
>
> Berin Lautenbach wrote:
> > OK - first up I'm not an expert on the Java library, more
> on the C++
> > library.
> >
> > The two examples you sent through are completely separate -
> one is for
> > sig and one encryption. So my guess is that in your situation you
> > could set the namespace prefix to "" for the dsig namespace
> when you
> > are doing a signature and to "" for the xenc namespace when you are
> > doing encryption. I.e. do one or the other - not both. If
> you need
> > to do both encryption and signature in one document, I'm not sure
> > whether the library will let you do that easily. I know you can't
> > have both namespaces as the default, but maybe you can
> switch between
> > each other as the default depending on what you are trying to do.
> >
> > Hopefully someone else can comment in that case.
> >
> > As a side note - namespace support is mandatory according
> to the spec.
> > What is optional is the use of "dsig" as the namespace
> prefix. So in
> > reality a compliant implementation needs to support the use of a
> > prefix for the signature and encryption namespaces.
> >
> > Cheers,
> > Berin
> >
> > Eric Tournier wrote:
> > > Hi Berin :)
> > >
> > > I hope your baby goes well and let you sleep :)
> > >
> > > Was the previously posted XML useful ? I checked the W3
> XMLEnc and
> > > XMLDSig references and found that thes two namespaces were
> optional
> > > (§1.3), so could you help me to configure XMLSecurity classe to
> > > produce signed XML without ds: then produce with this doc
> a encrypted
> > > XML without xenc: ?
> > >
> > > Thanks in advance
> > > Eric
> > >
> > > > -----Message d'origine-----
> > > > De : Berin Lautenbach [mailto:berin@wingsofhermes.org] Envoyé :
> > > > mercredi 18 avril 2007 14:05
> > > > À : security-dev@xml.apache.org
> > > > Objet : Re: Namespaces
> > > >
> > > > Can you post a signature from the implementation you use
> to see what
> > > > it looks like?
> > > >
> > > > Cheers,
> > > > Berin
> > > >
> > > > Eric Tournier wrote:
> > > > > Hi Berin :)
> > > > >
> > > > > I'm using a home-made XML Encryption implementation but
> > > > unfortunately I'm not the developer of it. This
> implementation does
> > > > not support ds: and xenc: prefixes, so I try not to have them. In
> > > > order to test interoperability of it with well-known API,
> I'm trying
> > > > to encrypt a XML document with XML Security and decrypt
> the result
> > > > with my implementation, and vice-versa.
> > > > > My intent is not to have two different namespaces as the
> > > > default namespace for the Signature element, but trying
> not to have
> > > > any of the ds: and xenc: prefix into the final encrypted
> then signed
> > > > XML document : element <Signature instead of <ds:Signature and
> > > > <CipherValue instead of <xenc:CipherValue.
> > > > > Thanks for your help
> > > > >
> > > > > Eric
> > > > >
> > > > > > -----Message d'origine-----
> > > > > > De : Berin Lautenbach [mailto:berin@wingsofhermes.org] Envoyé :
> > > > > > mercredi 18 avril 2007 11:36 À :
> > > > security-dev@xml.apache.org Objet :
> > > > > > Re: Namespaces
> > > > > >
> > > > > > As far as I can see - effectively your trying to have two
> > > > different
> > > > > > namespaces as the default namespace for the Signature
> > > > element. Which
> > > > > > can't really be done. Or am I misreading your intent?
> > > > > >
> > > > > > Why do you not want the namespaces? Both specs exist inside a
> > > > > > specific namespace, so you can't not use them.
> > > > > >
> > > > > > Cheers,
> > > > > > Berin
> > > > > >
> > > > > > Eric Tournier wrote:
> > > > > > > Hi :)
> > > > > > >
> > > > > > > I wish to encrypt then sign a XML document without the
> > > > 'ds;' and
> > > > > > > 'xenc:' namespaces. Unfortunately, I can only suppress on
> > > > of these
> > > > > > > namespaces :| The following code throws
> > > > > > XmlSecurityException always on
> > > > > > > the second line independent from its nature
> > > > > > > (EncryptionConstants.setEncryptionSpecNSprefixor or
> > > > > > > Constants.setSignatureSpecNSprefix) :
> > > > > > > (...)
> > > > > > > static
> > > > > > > {
> > > > > > > org.apache.xml.security.Init.init();
> > > > > > > JCA.setProvider();
> > > > > > > }
> > > > > > >
> > > > > > > public XMLSecurityResource() throws XMLSecurityException
> > > > > > > {
> > > > > > > // Suppression du namespace 'xenc:'
> > > > > > > EncryptionConstants.setEncryptionSpecNSprefix("");
> > > > > > > // Suppression du namespace 'ds:'
> > > > > > > Constants.setSignatureSpecNSprefix("");
> > > > > > > }
> > > > > > > (...)
> > > > > > >
> > > > > > > Could someone tell me how to resolve this ?
> > > > > > > Thanks
> > > > > > > Eric
> > > > > > >
> > > > > > > Eric TOURNIER
> > > > > > > Ingénieur concepteur objet senior - Expertise technique
> > > > > > > Java/J2EE/XML/AOP - Spring/Hibernate/Maven
> > > > > > > ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
> > > > > > > STERIA
> > > > > > > Département Banque, Assurance et Finance 46, rue Camille
> > > > > > Desmoulins -
> > > > > > > 92782 Issy-Les-Moulineaux Cedex 9 Tél : 01 53 94 22 94 -
> > > > > > Mob : 06 17
> > > > > > > 98 32 51 eric.tournier@steria.com
> > > > <mailto:eric.tournier@steria.com>
> > > > > > > //
> > > > >
> > >
> > >
>
>
>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic