'RE: c14n test vectors'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       xml-security-dev
Subject:    RE: c14n test vectors
From:       "Da Cruz Pinto, Juan M" <juan.m.da.cruz.pinto () intel ! com>
Date:       2007-05-30 16:59:23
Message-ID: 12982123405724458280C4FD3FF9C08B02BA18F9 () fmsmsx418 ! amr ! corp ! intel ! com
[Download RAW message or body]

Hi Sean!

Thanks for your answer!
I'm already calling XMLUtils.circumventBug2650(Document) before
canonicalizing (to solve the bug in Xalan). (Check my environment in my
first e-mail, in this same thread). I'm still trying to understand what
else could I be doing wrong. Any other ideas?

Again, thanks for your answer,
Marcelo.

 

-----Original Message-----
From: Sean.Mullan@Sun.COM [mailto:Sean.Mullan@Sun.COM] 
Sent: Wednesday, May 30, 2007 13:27
To: security-dev@xml.apache.org
Subject: Re: c14n test vectors

Since you are canonicalizing XPath node-sets, try calling 
XMLUtils.circumventBug2650(Document) before you canonicalize to work 
around a bug in Xalan. See my other email for details.

--Sean

Da Cruz Pinto, Juan M wrote:
> Raul,
> 
> Thanks for your answer!
> I've been looking at the code of that class, and I noticed that a
> signature verification is done, and then the c14n parts are extracted
> from the XMLSignature object, using something similar to
>
signature.getSignedInfo().item(i).getContentsAfterTransformation().getBy
> tes().
> 
> What I'm trying to do is to perform plain c14n with out the signature
> verification, so I created a command line that allows you to
> canonicalize an XML document, and with filtering capabilities: you can
> use an XPath expression to select an XPath-node set
> (canonicalizeXPathNodeSet method[1]) or to select a node for doing
> subtree c14n (canonicalizeSubtree method[2]). In the case of the Y4
test
> verctors, [1] is useful for c14ning each of the SignedInfo references,
> and [2] is useful for c14ning the SignedInfo element (the entire
> subtree) itself.
>  
> With this approach, I was hopping to get the same results, just by
using
> the 9 XPath expressions inside "Signature.xml", each of them with the
> three combinations of algorithms: inclusive, exclusive, and exclusive
> with "#default" in the inlcusive namespace prefix list.
> 
> I must be doing something wrong when I filter with the xpath
expressions
> (only when using "canonicalizeXpathNodeSet", because subtree c14n is
> working just fine for me), but don't now what yet...
> 
> Thanks for your time!
> Marcelo.
> 
> -----Original Message-----
> From: raul.benito.garcia@gmail.com
[mailto:raul.benito.garcia@gmail.com]
> On Behalf Of Raul Benito
> Sent: Tuesday, May 29, 2007 10:38
> To: security-dev@xml.apache.org
> Subject: Re: c14n test vectors
> 
> We have this test vector in our test suite. And they are passing, can
> you look at this data:
> xml-se/data/interop/c14n/Y4
> 
> And the test code
>
xml-sec/src_unitTests/org/apache/xml/security/test/c14n/implementations/
> ExclusiveC14NInterop.java
> 
> 
> Regards,
> 
> Raul
> 
> On 5/29/07, Da Cruz Pinto, Juan M <juan.m.da.cruz.pinto@intel.com>
> wrote:
>> Hi Raul,
>>
>> I'm attaching the files which where different in my case (for
>> merlin-c14n-three). Again, I'm still trying to figure out what I did
>> wrong, but the steps I did where quite simple.
>>
>> I'm also attaching a file called "xpaths01.txt" which holds the XPath
>> expressions used to filter the XML content. Each of the 9 XPath
>> expressions is used for the tests from 00 to 26 (they repeat for
>> inclusive, exclusive & exclusive with inclusive prefix list... which
> are
>> the first 27 tests). The last test (c14n-27.txt) just canonicalizes
> the
>> entire SignedInfo subtree.
>>
>> Thanks in advanced,
>> Marcelo.
>>
>>
>>
>> -----Original Message-----
>> From: raul.benito.garcia@gmail.com
> [mailto:raul.benito.garcia@gmail.com]
>> On Behalf Of Raul Benito
>> Sent: Tuesday, May 29, 2007 05:07
>> To: security-dev@xml.apache.org
>> Subject: Re: c14n test vectors
>>
>> Hi Marcelo,
>>
>> It is strange, I think that Merlin interop test is our unittest
suite.
>>
>> Can you send the differences?
>>
>> Regards,
>>
>> Raul
>>
>>
>> On 5/28/07, Da Cruz Pinto, Juan M <juan.m.da.cruz.pinto@intel.com>
>> wrote:
>>>
>>>
>>>
>>> Hi Everybody,
>>>
>>>
>>>
>>> Are there any unit tests in the code to test c14n interoperability?
>> I've
>>> been trying to test the "merlin-c14n-three" test vectors, but some
> of
>> the
>>> tests inside it are failing.
>>>
>>> My environment:
>>>
>>> -          XML Security 1.4.1 library
>>>
>>> -          Using XMLUtils.circumventBug2650(document) to spread
>> namespaces
>>> declaration.
>>>
>>> -          Using XMLUtils.createDSctx(...) to create a namespace
>> context.
>>> -          Using XPathAPI.selectNodeList(document, xpath, nsc) to
>> select the
>>> XPath node-set.
>>>
>>> -          Using
>>> Canonicalizer.canonicalizeXPathNodeSet(NodeList) to
>>> canonicalize the XPath node-set.
>>>
>>>
>>>
>>> The tests (of merlin-c14n-three) that are failing are 03, 10, 18 &
> 19.
>> I'm
>>> quite sure I'm doing something wrong... but don't now what.
>>>
>>>
>>>
>>> Thanks in advanced!
>>>
>>> Marcelo.
>>
>> --
>> http://r-bg.com
>>
>>
> 
> 

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic