Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-266

c14n11 produces different signatures using version 1.4.3 and 1.4.4

    Details

      Description

      When I changed the canonicalization algorithm used to generate signatures from "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" to "http://www.w3.org/2006/12/xml-c14n11" and the version of Santuario from 1.4.3 to 1.4.4 all the signatures produced were no more valid if verified by the version 1.4.3 and viceversa.

      I mean that "http://www.w3.org/TR/2001/REC-xml-c14n-20010315" produces the same signature in both versions, while "http://www.w3.org/2006/12/xml-c14n11" has the following beaviour:
      1) SignatureValue differs
      2) the SignedInfo used to produce the signature is:
      1.4.3
      <ds:SignedInfo xmlns:apache="http://www.apache.org/ns/#app1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:foo="http://example.org/#foo">
      1.4.4
      <ds:SignedInfo attr1="test1" foo:attr1="foo's test" id="testId" xmlns:apache="http://www.apache.org/ns/#app1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" xmlns:foo="http://example.org/#foo">

      The document before the signature is:
      <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1" xmlns:foo="http://example.org/#foo" attr1="test1" id="testId" foo:attr1="foo's test">Some simple text
      </apache:RootElement>

      To create a sample to reproduce the issue I modified https://svn.apache.org/repos/asf/santuario/xml-security-java/trunk/samples/org/apache/xml/security/samples/signature/CreateSignature.java using an RSA key (to generate the same SignatureValue each time).
      Obviously, I can't write a JUnit because you need two different versions of Santuario's library.

        Attachments

        1. xmlsec-1.4.5-SNAPSHOT.jar
          440 kB
          Colm O hEigeartaigh
        2. test144.xml
          3 kB
          Giacomo Boccardo
        3. test143.xml
          3 kB
          Giacomo Boccardo
        4. TestGenEnvelopedTutorial.java
          7 kB
          Giacomo Boccardo

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              jhack Giacomo Boccardo
            • Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: