Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-308

Canonicalizer error when encrypting multiple elements

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Java 1.4.5, Java 1.5.1
    • Java 1.5.2
    • Java
    • Security Level: Public (Public issues, viewable by everyone)
    • None

    Description

      When we are encrypting multiple elements like this:
      for (int i = 0; i < elems.length; i++) {
      cipher.doFinal(doc, elems[i])
      }

      We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()

      The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.

      The input document:
      <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>

      becomes:
      <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>

      The XML Encryption spec says the encrypted subtree must be serialized following the rules of the XML 1.0 spec and the characters converted to bytes in UTF-8. The XML Encryption spec does not mandate a specific canonicalization. In fact, it warns in section 4.3.3 that Inclusive XML and Exclusive XML both have problems. (See SANTUARIO-309). Here the first Element encrypted is <elem>22</elem>, but I would not conclude it is serialized better than the subsequent elements.

      Attachments

        1. TestExtraXmlns.java
          4 kB
          Clement Pellerin

        Issue Links

          Activity

            People

              coheigea Colm O hEigeartaigh
              clement_pellerin@ibi.com Clement Pellerin
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: