Details
-
Bug
-
Status: Closed
-
Trivial
-
Resolution: Fixed
-
None
Description
In org.apache.xml.security.signature.Reference, the getNodesetBeforeFirstCanonicalization() should return as mentioned, the nodeset before applying the first canonicalization. The problem is that the intended behavior of this method is not satisfied if I have a reference that contains a C14N11 transform and will apply this canonicalization. This problem is present on earlier versions as well. I am not sure whether this is intended or not, but currently the aforementioned method misses:
Transforms.TRANSFORM_C14N11_OMIT_COMMENTS
Transforms.TRANSFORM_C14N11_WITH_COMMENTS
For example,
</ds:Reference>
<ds:Reference URI="#xmldsig-SOMETHING-IMPORTANT">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha512"/>
<ds:DigestValue>BASE64 DIGEST</ds:DigestValue>
</ds:Reference>
See attached Reference.patch file
Thanks,
Emmanuelle