Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-308

Canonicalizer error when encrypting multiple elements

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • Java 1.4.5, Java 1.5.1
    • Java 1.5.2
    • Java
    • Security Level: Public (Public issues, viewable by everyone)
    • None

    Description

      When we are encrypting multiple elements like this:
      for (int i = 0; i < elems.length; i++) {
      cipher.doFinal(doc, elems[i])
      }

      We are reusing the same canonicalizer. Unfortunately, the default canonicalizer behaves differently the first time it is called, so we get different results for identical subtrees. See the firstCall member used in Canonicalizer20010315.handleAttributesSubtree()

      The sample test case reproduces this problem. The sample code encrypts the <elem> elements and decrypts them.

      The input document:
      <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem>22</elem></env:Body></env:Envelope>

      becomes:
      <?xml version="1.0" encoding="UTF-8"?><env:Envelope xmlns:env="http://schemas.xmlsoap.org/soap/envelope/"><env:Body><elem>11</elem><elem xmlns:env="http://schemas.xmlsoap.org/soap/envelope/">22</elem></env:Body></env:Envelope>

      The XML Encryption spec says the encrypted subtree must be serialized following the rules of the XML 1.0 spec and the characters converted to bytes in UTF-8. The XML Encryption spec does not mandate a specific canonicalization. In fact, it warns in section 4.3.3 that Inclusive XML and Exclusive XML both have problems. (See SANTUARIO-309). Here the first Element encrypted is <elem>22</elem>, but I would not conclude it is serialized better than the subsequent elements.

      Attachments

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            coheigea Colm O hEigeartaigh
            clement_pellerin@ibi.com Clement Pellerin
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment