[SANTUARIO-462] getNodesetBeforeFirstCanonicalization() in Reference.java is missing C14N11 canonicalization algorithms - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Trivial
Resolution: Fixed
Affects Version/s: None
Fix Version/s: Java 2.1.0, Java 2.0.9
Component/s: Java
Labels:
- easyfix

Flags:

Patch
External issue URL:
https://github.com/apache/santuario-java/blob/2.0.x-fixes/src/main/java/org/apache/xml/security/signature/Reference.java#L495

Description

In org.apache.xml.security.signature.Reference, the getNodesetBeforeFirstCanonicalization() should return as mentioned, the nodeset before applying the first canonicalization. The problem is that the intended behavior of this method is not satisfied if I have a reference that contains a C14N11 transform and will apply this canonicalization. This problem is present on earlier versions as well. I am not sure whether this is intended or not, but currently the aforementioned method misses:

Transforms.TRANSFORM_C14N11_OMIT_COMMENTS
Transforms.TRANSFORM_C14N11_WITH_COMMENTS

For example,

</ds:Reference>
<ds:Reference URI="#xmldsig-SOMETHING-IMPORTANT">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<ds:DigestValue>BASE64 DIGEST</ds:DigestValue>
</ds:Reference>

See attached Reference.patch file

Thanks,
Emmanuelle

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

Reference.patch
08/Feb/17 14:15
0.7 kB
Emmanuelle Vargas-Gonzalez

Activity

People

Assignee:: Colm O hEigeartaigh

Reporter:: Emmanuelle Vargas-Gonzalez

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 08/Feb/17 14:15

Updated:: 28/Aug/17 13:51

Resolved:: 08/Feb/17 14:45