Santuario
  1. Santuario
  2. SANTUARIO-266

c14n11 produces different signatures using version 1.4.3 and 1.4.4

    Details

      Description

      When I changed the canonicalization algorithm used to generate signatures from "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" to "http://www.w3.org/2006/12/xml-c14n11" and the version of Santuario from 1.4.3 to 1.4.4 all the signatures produced were no more valid if verified by the version 1.4.3 and viceversa.

      I mean that "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" produces the same signature in both versions, while "http://www.w3.org/2006/12/xml-c14n11" has the following beaviour:
      1) SignatureValue differs
      2) the SignedInfo used to produce the signature is:
      1.4.3
      <ds:SignedInfo xmlns:apache="http://www.apache.org/ns/#app1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:foo="http://example.org/#foo">
      1.4.4
      <ds:SignedInfo attr1="test1" foo:attr1="foo's test" id="testId" xmlns:apache="http://www.apache.org/ns/#app1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:foo="http://example.org/#foo">

      The document before the signature is:
      <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1" xmlns:foo="http://example.org/#foo" attr1="test1" id="testId" foo:attr1="foo's test">Some simple text
      </apache:RootElement>

      To create a sample to reproduce the issue I modified https://svn.apache.org/repos/asf/santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/signature/CreateSignature.java using an RSA key (to generate the same SignatureValue each time).
      Obviously, I can't write a JUnit because you need two different versions of Santuario's library.

      1. test143.xml
        3 kB
        Giacomo Boccardo
      2. test144.xml
        3 kB
        Giacomo Boccardo
      3. TestGenEnvelopedTutorial.java
        7 kB
        Giacomo Boccardo
      4. xmlsec-1.4.5-SNAPSHOT.jar
        440 kB
        Colm O hEigeartaigh

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Colm O hEigeartaigh
            Reporter:
            Giacomo Boccardo
          • Votes:
            1 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development