Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-462

getNodesetBeforeFirstCanonicalization() in Reference.java is missing C14N11 canonicalization algorithms

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Trivial
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: Java 2.1.0, Java 2.0.9
    • Component/s: Java
    • Labels:

      Description

      In org.apache.xml.security.signature.Reference, the getNodesetBeforeFirstCanonicalization() should return as mentioned, the nodeset before applying the first canonicalization. The problem is that the intended behavior of this method is not satisfied if I have a reference that contains a C14N11 transform and will apply this canonicalization. This problem is present on earlier versions as well. I am not sure whether this is intended or not, but currently the aforementioned method misses:

      Transforms.TRANSFORM_C14N11_OMIT_COMMENTS
      Transforms.TRANSFORM_C14N11_WITH_COMMENTS

      For example,

      </ds:Reference>
      <ds:Reference URI="#xmldsig-SOMETHING-IMPORTANT">
      <ds:Transforms>
      <ds:Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
      </ds:Transforms>
      <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
      <ds:DigestValue>BASE64 DIGEST</ds:DigestValue>
      </ds:Reference>

      See attached Reference.patch file

      Thanks,
      Emmanuelle

        Attachments

        1. Reference.patch
          0.7 kB
          Emmanuelle Vargas-Gonzalez

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              emmanvg Emmanuelle Vargas-Gonzalez
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: