[SANTUARIO-191] xml:id attributes are not correctly handled when using c14n11 - ASF JIRA

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: Java 1.4.2
Fix Version/s: Java 1.4.5, Java 1.5
Component/s: Java
Security Level: Public (Public issues, viewable by everyone)
Labels:
None
Environment:
Operating System: All
Platform: All

Bugzilla Id:
https://issues.apache.org/bugzilla/show_bug.cgi?id=47459

Description

Created an attachment (id=23913)
debug log

xml:id attributes are still not correctly handled when using c14n11 for encryption.

Example:

When I encrypt the <data> element in the following xml document, the xml:id attribute is added to the canonical form of the data tag during encryption.

<?xml version="1.0" encoding="UTF-8"?><test xml:id="ref1234">
<data>12345678</data>
</test>

encrypt/decrypt using c14n11 creates the following:

<?xml version="1.0" encoding="UTF-8"?><test xml:id="ref1234">
<data xml:id="ref1234">12345678</data>
</test>

See also attached debug log.

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending

Attachments

ASF.LICENSE.NOT.GRANTED--c14n11-bug.log

01/Jul/09 15:35

18 kB

sstaible
ASF.LICENSE.NOT.GRANTED--XmlIdBugTest.java

01/Jul/09 15:34

4 kB

sstaible
ASF.LICENSE.NOT.GRANTED--c14n11-bug.log

30/Jun/09 11:22

20 kB

sstaible

Activity

Ascending order - Click to sort in descending order

sstaible created issue - 30/Jun/09 11:22

Hide

Permalink

Colm O hEigeartaigh added a comment - 01/Jul/09 09:08

Can you provide a test-case?

Colm.

Show

Colm O hEigeartaigh added a comment - 01/Jul/09 09:08 Can you provide a test-case? Colm.

Hide

Permalink

sstaible added a comment - 01/Jul/09 15:34

Created an attachment (id=23917)
Testcase

Show

sstaible added a comment - 01/Jul/09 15:34 Created an attachment (id=23917) Testcase

Hide

Permalink

sstaible added a comment - 01/Jul/09 15:35

Created an attachment (id=23918)
debug log of test case

Show

sstaible added a comment - 01/Jul/09 15:35 Created an attachment (id=23918) debug log of test case

Mark Thomas made changes - 06/Dec/10 18:39

Field	Original Value	New Value
issue.field.bugzillaimportkey	47459	12492465

Colm O hEigeartaigh made changes - 07/Dec/10 11:40

Component/s		Java [ 12314103 ]
Component/s	Canonicalization [ 12314098 ]

Mark Thomas made changes - 16/Feb/11 21:56

Workflow

jira [ 12539370 ]

Default workflow, editable Closed status [ 12565530 ]

Mark Thomas made changes - 16/Feb/11 21:59

Assignee

XML Security Developers Mailing List [ security-dev@xml.apache.org ]

Mark Thomas made changes - 17/Feb/11 12:25

Workflow

Default workflow, editable Closed status [ 12565530 ]

jira [ 12586416 ]

Hide

Permalink

Colm O hEigeartaigh added a comment - 15/Apr/11 16:43

I'm marking this issue as fixed for Java 1.4.4. The testcase that is supplied passes with the 1.4.4 release, but fails with the 1.4.3 release. At a guess, it was fixed by this issue:

https://issues.apache.org/bugzilla/show_bug.cgi?id=47761

Colm.

Show

Colm O hEigeartaigh added a comment - 15/Apr/11 16:43 I'm marking this issue as fixed for Java 1.4.4. The testcase that is supplied passes with the 1.4.4 release, but fails with the 1.4.3 release. At a guess, it was fixed by this issue: https://issues.apache.org/bugzilla/show_bug.cgi?id=47761 Colm.

Colm O hEigeartaigh made changes - 15/Apr/11 16:43

Fix Version/s

Java 1.4.4 [ 12315956 ]

Colm O hEigeartaigh made changes - 15/Apr/11 16:43

Status	Open [ 1 ]	Resolved [ 5 ]
Resolution		Fixed [ 1 ]

Hide

Permalink

Colm O hEigeartaigh added a comment - 21/Apr/11 16:43

I'm re-opening this issue, as I think a regression introduced in 1.4.4 has masked the problem (see ~~SANTUARIO-266~~).

Colm.

Show

Colm O hEigeartaigh added a comment - 21/Apr/11 16:43 I'm re-opening this issue, as I think a regression introduced in 1.4.4 has masked the problem (see SANTUARIO-266 ). Colm.

Colm O hEigeartaigh made changes - 21/Apr/11 16:43

Resolution	Fixed [ 1 ]
Status	Resolved [ 5 ]	Reopened [ 4 ]
Assignee		Colm O hEigeartaigh [ coheigea ]

Colm O hEigeartaigh made changes - 21/Apr/11 16:43

Summary	c14n11 does include parent xml:id attributes in encrypted data	Java
Fix Version/s		Java 1.4.5 [ 12315957 ]
Fix Version/s		Java 1.5 [ 12315958 ]
Fix Version/s	Java 1.4.4 [ 12315956 ]

Colm O hEigeartaigh made changes - 27/Apr/11 11:03

Summary

Java

xml:id attributes are not correctly handled when using c14n11

Hide

Permalink

Colm O hEigeartaigh added a comment - 27/Apr/11 11:27

Author: coheigea
Date: Wed Apr 27 10:16:29 2011
New Revision: 1097064

URL: http://svn.apache.org/viewvc?rev=1097064&view=rev
Log:
~~SANTUARIO-191~~ - xml:id attributes are not correctly handled when using c14n11

Author: coheigea
Date: Wed Apr 27 10:25:49 2011
New Revision: 1097066

URL: http://svn.apache.org/viewvc?rev=1097066&view=rev
Log:
SANTUARIO-291 - xml:id attributes are not correctly handled when using c14n11.

Show

Colm O hEigeartaigh added a comment - 27/Apr/11 11:27 Author: coheigea Date: Wed Apr 27 10:16:29 2011 New Revision: 1097064 URL: http://svn.apache.org/viewvc?rev=1097064&view=rev Log: SANTUARIO-191 - xml:id attributes are not correctly handled when using c14n11 Author: coheigea Date: Wed Apr 27 10:25:49 2011 New Revision: 1097066 URL: http://svn.apache.org/viewvc?rev=1097066&view=rev Log: SANTUARIO-291 - xml:id attributes are not correctly handled when using c14n11.

Colm O hEigeartaigh made changes - 27/Apr/11 11:27

Status	Reopened [ 4 ]	Resolved [ 5 ]
Resolution		Fixed [ 1 ]

Colm O hEigeartaigh made changes - 24/May/11 10:20

Status

Resolved [ 5 ]

Closed [ 6 ]

People

Assignee:

Colm O hEigeartaigh

Reporter:

sstaible

Votes:

1 Vote for this issue

Watchers:

0 Start watching this issue

Dates

Created:

30/Jun/09 11:22

Updated:

24/May/11 10:20

Resolved:

27/Apr/11 11:27

Development

Agile

View on Board