Santuario
  1. Santuario
  2. SANTUARIO-266

c14n11 produces different signatures using version 1.4.3 and 1.4.4

    Details

      Description

      When I changed the canonicalization algorithm used to generate signatures from "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" to "http://www.w3.org/2006/12/xml-c14n11" and the version of Santuario from 1.4.3 to 1.4.4 all the signatures produced were no more valid if verified by the version 1.4.3 and viceversa.

      I mean that "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" produces the same signature in both versions, while "http://www.w3.org/2006/12/xml-c14n11" has the following beaviour:
      1) SignatureValue differs
      2) the SignedInfo used to produce the signature is:
      1.4.3
      <ds:SignedInfo xmlns:apache="http://www.apache.org/ns/#app1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:foo="http://example.org/#foo">
      1.4.4
      <ds:SignedInfo attr1="test1" foo:attr1="foo's test" id="testId" xmlns:apache="http://www.apache.org/ns/#app1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:foo="http://example.org/#foo">

      The document before the signature is:
      <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1" xmlns:foo="http://example.org/#foo" attr1="test1" id="testId" foo:attr1="foo's test">Some simple text
      </apache:RootElement>

      To create a sample to reproduce the issue I modified https://svn.apache.org/repos/asf/santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/signature/CreateSignature.java using an RSA key (to generate the same SignatureValue each time).
      Obviously, I can't write a JUnit because you need two different versions of Santuario's library.

      1. test143.xml
        3 kB
        Giacomo Boccardo
      2. test144.xml
        3 kB
        Giacomo Boccardo
      3. TestGenEnvelopedTutorial.java
        7 kB
        Giacomo Boccardo
      4. xmlsec-1.4.5-SNAPSHOT.jar
        440 kB
        Colm O hEigeartaigh

        Activity

        Giacomo Boccardo created issue -
        Giacomo Boccardo made changes -
        Field Original Value New Value
        Attachment TestGenEnvelopedTutorial.java [ 12473996 ]
        Giacomo Boccardo made changes -
        Attachment test143.xml [ 12476873 ]
        Giacomo Boccardo made changes -
        Attachment test144.xml [ 12476874 ]
        Giacomo Boccardo made changes -
        Comment [ It works! ]
        Giacomo Boccardo made changes -
        Comment [ It doesn't work :( ]
        Colm O hEigeartaigh made changes -
        Attachment xmlsec-1.4.5-SNAPSHOT.jar [ 12477015 ]
        Colm O hEigeartaigh made changes -
        Fix Version/s Java 1.4.5 [ 12315957 ]
        Fix Version/s Java 1.5 [ 12315958 ]
        Colm O hEigeartaigh made changes -
        Status Open [ 1 ] Resolved [ 5 ]
        Resolution Fixed [ 1 ]
        Colm O hEigeartaigh made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Colm O hEigeartaigh
            Reporter:
            Giacomo Boccardo
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development