Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
Java 2.2.0
-
None
Description
Hello,
we have some troubles with the migration from Santuario 2.15 to 2.2.0. The way to process the canonicalization changed and we are not able to make a distinction between nothing is canonicalized and an empty result of the canonicalization.
That seems related to the ticket SANTUARIO-521 and the change impacts methods org.apache.xml.security.signature.XMLSignatureInput.getBytes() (and org.apache.xml.security.signature.Reference.getReferencedBytes())
Below you can find an unit test which passes with Santuario 2.1.5 and fails with the upgraded version.
@Test public void test() throws Exception { MessageDigest md = MessageDigest.getInstance("SHA-256"); byte[] digest = md.digest("Hello world!".getBytes()); XMLSignatureInput input = new XMLSignatureInput(Base64.getEncoder().encodeToString(digest)); assertNull(input.getBytes()); }
Regards,
Pierrick
Attachments
Issue Links
- links to