-
Type:
Bug
-
Status: Closed
-
Priority:
Blocker
-
Resolution: Won't Fix
-
Affects Version/s: None
-
Fix Version/s: None
-
Component/s: WSS4J Core
-
Labels:None
-
Environment:we are using xss4j jar TemplateGenerator API to create xml
digital signature.
TemplateGenerator signatureGen = new
TemplateGenerator(doc,XSignature.SHA1,Canonicalizer.W3C2,sigMethod);
If we pass below document to this
<?xml version="1.0" encoding="UTF-8"?>
<sp:sample_file xmlns:sp="http://sample.test.de">
<sp:content1>abc</sp:content1>
<sp:content2>def</sp:content2>
</sp:sample_file>
Below is the document we are getting
<ds:Reference URI="#sp:sample_file">?
<ds:Object Id="sp:sample_file">
which is not correct as the attribute Id is from type "ID" and this
should be a NCName. NCName are any Name without ":"
https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema
.xsd
defines:
<complexType name="ObjectType" mixed="true">
<sequence minOccurs="0" maxOccurs="unbounded">
<any namespace="##any" processContents="lax"/>
</sequence>
<attribute name="Id" type="ID" use="optional"/>
<attribute name="MimeType" type="string" use="optional"/>
<!-- add a grep facet -->
<attribute name="Encoding" type="anyURI" use="optional"/>
</complexType>
Type ID : https://www.w3.org/TR/xml-id/:
The normalized value of the attribute is an NCName according to the
Namespaces in XML Recommendation which has the same version as the
document in which this attribute occurs (NCName for XML 1.0, or NCName
for XML 1.1).
https://www.w3.org/TR/REC-xml-names/#NT-NCName
[4] NCName ::= Name - (Char* ':' Char*)/* An XML Name, minus the
":" */
(: is not allowed for object id)we are using xss4j jar TemplateGenerator API to create xml digital signature. TemplateGenerator signatureGen = new TemplateGenerator(doc,XSignature.SHA1,Canonicalizer.W3C2,sigMethod); If we pass below document to this <?xml version="1.0" encoding="UTF-8"?> <sp:sample_file xmlns:sp=" http://sample.test.de "> <sp:content1>abc</sp:content1> <sp:content2>def</sp:content2> </sp:sample_file> Below is the document we are getting <ds:Reference URI="#sp:sample_file">? <ds:Object Id="sp:sample_file"> which is not correct as the attribute Id is from type "ID" and this should be a NCName. NCName are any Name without ":" https://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema .xsd defines: <complexType name="ObjectType" mixed="true"> <sequence minOccurs="0" maxOccurs="unbounded"> <any namespace="##any" processContents="lax"/> </sequence> <attribute name="Id" type="ID" use="optional"/> <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet --> <attribute name="Encoding" type="anyURI" use="optional"/> </complexType> Type ID : https://www.w3.org/TR/xml-id/: The normalized value of the attribute is an NCName according to the Namespaces in XML Recommendation which has the same version as the document in which this attribute occurs (NCName for XML 1.0, or NCName for XML 1.1). https://www.w3.org/TR/REC-xml-names/#NT-NCName [4] NCName ::= Name - (Char* ':' Char*)/* An XML Name, minus the ":" */ (: is not allowed for object id)