Re: [Mono-dev] Bug in SignedXml.GetIdElement
W3C XML Signature specification explicitly Id as the valid attribute name for referencing an element, by its XML Schema and DTD: http://www.w3.org/TR/xmldsig-core/#sec-Signature http://www.w3.org/TR/xmldsig-core/#sec-SignatureValue http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo http://www.w3.org/TR/xmldsig-core/#sec-Reference http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo http://www.w3.org/TR/xmldsig-core/#sec-Object http://www.w3.org/TR/xmldsig-core/#sec-Manifest http://www.w3.org/TR/xmldsig-core/#sec-SignatureProperties If Microsoft treats id or ID attributes as if they were ID (and not iD ?), they will have to fix their bug. Atsushi Eno (2013年07月12日 23:58), Jonathan Gagnon wrote: I have encountered a bug similar to 4938 https://bugzilla.xamarin.com/show_bug.cgi?id=4938. My problem is that mono does not find the reference id because the id is in uppercase ('ID' instead of 'Id'). This works correctly on .NET. As stated in the bug description, the problem is in the SignedXml class, GetIdElement method. I wrote a very simple patch that fixes the problem by looking for id and ID. Should I do a pull request with that fix? *Jonathan Gagnon* Responsable des architectures systèmes 600, boulevard Armand-Frappier, bureau 200 Laval (Québec) H7V 4B4 Canada T : 450-662-6101 poste 234 http://www.croesus.com http://www.facebook.com/pages/Croesus-Finansoft/345020305606240http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141https://twitter.com/CroesusFin ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
[Mono-dev] System.Configuration.SettingValueElement
Hi I was wondering why mono has an override implementation of System.Configuration.SettingValueElement :: Unmerge() (https://github.com/mono/mono/blob/master/mcs/class/System/System.Configuration/SettingValueElement.cs line 115) which only throws a NotImplementedException when the .net implementation of the same class relies on the base implementation and does NOT try to override it ? Kind regards Torben ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] System.Configuration.SettingValueElement
Hi, In general, NotImplementedException means that it is not implemented (literally!). It is to indicate on our class status page to explicitly indicate that it is not implemented and have some code build and load just fine. (Not having override does not cause compilation error on mono, but such resulting assemblies would not run on .NET without problem.) According to our class status pages, you are (or I should say, the MSDN documentation is) wrong - SettingValueElement class actually has override for Unmerge() method. I have no idea what .NET does, but for mono it is not implemented. (I won't believe that this override does not do anything, at least without certain experiment shown.) No one works on System.Configuration stuff nowadays but if you have some patch to implement it, that would be welcomed, reviewed and merged if good :) Atsushi Eno Torben H. Nielsen wrote: Hi I was wondering why mono has an override implementation of System.Configuration.SettingValueElement :: Unmerge() (https://github.com/mono/mono/blob/master/mcs/class/System/System.Configuration/SettingValueElement.cs line 115) which only throws a NotImplementedException when the .net implementation of the same class relies on the base implementation and does NOT try to override it ? Kind regards Torben ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] Bug in SignedXml.GetIdElement
This is true for the signature, but not true for SAML assertions, where ids are defined as ID : http://schemas.stylusstudio.com/saml/nea261b70/complexType_AssertionType.html I don't know in which case we would need id in lowercase, but since .NET supports it, there is probably a valid reason for it too. *Jonathan Gagnon* Responsable des architectures systèmes 600, boulevard Armand-Frappier, bureau 200 Laval (Québec) H7V 4B4 Canada T : 450-662-6101 poste 234 http://www.croesus.com http://www.facebook.com/pages/Croesus-Finansoft/345020305606240http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141https://twitter.com/CroesusFin On Tue, Jul 16, 2013 at 2:30 AM, Atsushi Eno atsushi...@veritas-vos-liberabit.com wrote: W3C XML Signature specification explicitly Id as the valid attribute name for referencing an element, by its XML Schema and DTD: http://www.w3.org/TR/xmldsig-**core/#sec-Signaturehttp://www.w3.org/TR/xmldsig-core/#sec-Signature http://www.w3.org/TR/xmldsig-**core/#sec-SignatureValuehttp://www.w3.org/TR/xmldsig-core/#sec-SignatureValue http://www.w3.org/TR/xmldsig-**core/#sec-SignedInfohttp://www.w3.org/TR/xmldsig-core/#sec-SignedInfo http://www.w3.org/TR/xmldsig-**core/#sec-Referencehttp://www.w3.org/TR/xmldsig-core/#sec-Reference http://www.w3.org/TR/xmldsig-**core/#sec-KeyInfohttp://www.w3.org/TR/xmldsig-core/#sec-KeyInfo http://www.w3.org/TR/xmldsig-**core/#sec-Objecthttp://www.w3.org/TR/xmldsig-core/#sec-Object http://www.w3.org/TR/xmldsig-**core/#sec-Manifesthttp://www.w3.org/TR/xmldsig-core/#sec-Manifest http://www.w3.org/TR/xmldsig-**core/#sec-SignaturePropertieshttp://www.w3.org/TR/xmldsig-core/#sec-SignatureProperties If Microsoft treats id or ID attributes as if they were ID (and not iD ?), they will have to fix their bug. Atsushi Eno (2013年07月12日 23:58), Jonathan Gagnon wrote: I have encountered a bug similar to 4938 https://bugzilla.xamarin.com/** show_bug.cgi?id=4938 https://bugzilla.xamarin.com/show_bug.cgi?id=4938 . My problem is that mono does not find the reference id because the id is in uppercase ('ID' instead of 'Id'). This works correctly on .NET. As stated in the bug description, the problem is in the SignedXml class, GetIdElement method. I wrote a very simple patch that fixes the problem by looking for id and ID. Should I do a pull request with that fix? *Jonathan Gagnon* Responsable des architectures systèmes 600, boulevard Armand-Frappier, bureau 200 Laval (Québec) H7V 4B4 Canada T : 450-662-6101 poste 234 http://www.croesus.com http://www.facebook.com/**pages/Croesus-Finansoft/**345020305606240http://www.facebook.com/pages/Croesus-Finansoft/345020305606240 http://www.**linkedin.com/company/croesus-** finansoft?trk=hb_tab_compy_id_**26141http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141 https://twitter.com/**CroesusFin https://twitter.com/CroesusFin __**_ Mono-devel-list mailing list Mono-devel-list@lists.ximian.**com Mono-devel-list@lists.ximian.com http://lists.ximian.com/**mailman/listinfo/mono-devel-**listhttp://lists.ximian.com/mailman/listinfo/mono-devel-list ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] Bug in SignedXml.GetIdElement
Whenever SAML document instance refers to its schema or DTD that will validate ID attribute as expected, since SignedXml internally uses XmlDocument.GetElementById () which is expected to collect IDs where IDs means a validated ID by XmlValidatingReader or any XmlReader that has XmlReaderSettings to consider XmlSchema or DTD. Hence that does not cause any problem for SAML. (Also note that SignedXml implementation could override SignedXml.GetIdElement(). Mono's WCF implementation makes use of it to support WS-Security ID attribute.) Atsushi Eno Jonathan Gagnon wrote: This is true for the signature, but not true for SAML assertions, where ids are defined as ID : http://schemas.stylusstudio.com/saml/nea261b70/complexType_AssertionType.html I don't know in which case we would need id in lowercase, but since .NET supports it, there is probably a valid reason for it too. *Jonathan Gagnon* Responsable des architectures systèmes 600, boulevard Armand-Frappier, bureau 200 Laval (Québec) H7V 4B4 Canada T : 450-662-6101 poste 234 http://www.croesus.com http://www.facebook.com/pages/Croesus-Finansoft/345020305606240http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141https://twitter.com/CroesusFin On Tue, Jul 16, 2013 at 2:30 AM, Atsushi Eno atsushi...@veritas-vos-liberabit.com mailto:atsushi...@veritas-vos-liberabit.com wrote: W3C XML Signature specification explicitly Id as the valid attribute name for referencing an element, by its XML Schema and DTD: http://www.w3.org/TR/xmldsig-core/#sec-Signature http://www.w3.org/TR/xmldsig-core/#sec-SignatureValue http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo http://www.w3.org/TR/xmldsig-core/#sec-Reference http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo http://www.w3.org/TR/xmldsig-core/#sec-Object http://www.w3.org/TR/xmldsig-core/#sec-Manifest http://www.w3.org/TR/xmldsig-core/#sec-SignatureProperties If Microsoft treats id or ID attributes as if they were ID (and not iD ?), they will have to fix their bug. Atsushi Eno (2013年07月12日 23:58), Jonathan Gagnon wrote: I have encountered a bug similar to 4938 https://bugzilla.xamarin.com/show_bug.cgi?id=4938. My problem is that mono does not find the reference id because the id is in uppercase ('ID' instead of 'Id'). This works correctly on .NET. As stated in the bug description, the problem is in the SignedXml class, GetIdElement method. I wrote a very simple patch that fixes the problem by looking for id and ID. Should I do a pull request with that fix? *Jonathan Gagnon* Responsable des architectures systèmes 600, boulevard Armand-Frappier, bureau 200 Laval (Québec) H7V 4B4 Canada T : 450-662-6101 tel:450-662-6101 poste 234 http://www.croesus.com http://www.facebook.com/pages/Croesus-Finansoft/345020305606240http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141https://twitter.com/CroesusFin ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com mailto:Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] Bug in SignedXml.GetIdElement
It does not work when the SAML document is not referring to any DTD. In my case, I receive the following exception when I call the CheckSignature method : System.Security.Cryptography.CryptographicException: Malformed reference object: [referenceId] at System.Security.Cryptography.Xml.SignedXml.GetReferenceHash (System.Security.Cryptography.Xml.Reference r, Boolean check_hmac) [0x0] in filename unknown:0 at System.Security.Cryptography.Xml.SignedXml.CheckReferenceIntegrity (System.Collections.ArrayList referenceList) [0x0] in filename unknown:0 at System.Security.Cryptography.Xml.SignedXml.CheckSignatureInternal (System.Security.Cryptography.AsymmetricAlgorithm key) [0x0] in filename unknown:0 at System.Security.Cryptography.Xml.SignedXml.CheckSignature (System.Security.Cryptography.AsymmetricAlgorithm key) [0x0] in filename unknown:0 at TestSAML.Program.Main (System.String[] args) [0x0] in filename unknown:0 The same code works in .NET and it does work if I modify the GetIdElement method to check for ID. So in your opinion, I should create a class that derives from SignedXml and override GetIdElement? It does fix the problem for me. But wouldn't it be better to modify SignedXml.GetIdElement() to behave more like .NET so that other users don't encounter the same problem? Thanks, Jonathan On Tue, Jul 16, 2013 at 10:24 AM, Atsushi Eno atsushi...@veritas-vos-liberabit.com wrote: Whenever SAML document instance refers to its schema or DTD that will validate ID attribute as expected, since SignedXml internally uses XmlDocument.GetElementById () which is expected to collect IDs where IDs means a validated ID by XmlValidatingReader or any XmlReader that has XmlReaderSettings to consider XmlSchema or DTD. Hence that does not cause any problem for SAML. (Also note that SignedXml implementation could override SignedXml.GetIdElement(). Mono's WCF implementation makes use of it to support WS-Security ID attribute.) Atsushi Eno Jonathan Gagnon wrote: This is true for the signature, but not true for SAML assertions, where ids are defined as ID : http://schemas.stylusstudio.**com/saml/nea261b70/** complexType_AssertionType.htmlhttp://schemas.stylusstudio.com/saml/nea261b70/complexType_AssertionType.html I don't know in which case we would need id in lowercase, but since .NET supports it, there is probably a valid reason for it too. *Jonathan Gagnon* Responsable des architectures systèmes 600, boulevard Armand-Frappier, bureau 200 Laval (Québec) H7V 4B4 Canada T : 450-662-6101 poste 234 http://www.croesus.com http://www.facebook.com/**pages/Croesus-Finansoft/**345020305606240http://www.facebook.com/pages/Croesus-Finansoft/345020305606240 http://www.**linkedin.com/company/croesus-** finansoft?trk=hb_tab_compy_id_**26141http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141 https://twitter.com/**CroesusFin https://twitter.com/CroesusFin On Tue, Jul 16, 2013 at 2:30 AM, Atsushi Eno atsushieno@veritas-vos-** liberabit.com atsushi...@veritas-vos-liberabit.com mailto: atsushieno@veritas-**vos-liberabit.comatsushi...@veritas-vos-liberabit.com wrote: W3C XML Signature specification explicitly Id as the valid attribute name for referencing an element, by its XML Schema and DTD: http://www.w3.org/TR/xmldsig-**core/#sec-Signaturehttp://www.w3.org/TR/xmldsig-core/#sec-Signature http://www.w3.org/TR/xmldsig-**core/#sec-SignatureValuehttp://www.w3.org/TR/xmldsig-core/#sec-SignatureValue http://www.w3.org/TR/xmldsig-**core/#sec-SignedInfohttp://www.w3.org/TR/xmldsig-core/#sec-SignedInfo http://www.w3.org/TR/xmldsig-**core/#sec-Referencehttp://www.w3.org/TR/xmldsig-core/#sec-Reference http://www.w3.org/TR/xmldsig-**core/#sec-KeyInfohttp://www.w3.org/TR/xmldsig-core/#sec-KeyInfo http://www.w3.org/TR/xmldsig-**core/#sec-Objecthttp://www.w3.org/TR/xmldsig-core/#sec-Object http://www.w3.org/TR/xmldsig-**core/#sec-Manifesthttp://www.w3.org/TR/xmldsig-core/#sec-Manifest http://www.w3.org/TR/xmldsig-**core/#sec-SignaturePropertieshttp://www.w3.org/TR/xmldsig-core/#sec-SignatureProperties If Microsoft treats id or ID attributes as if they were ID (and not iD ?), they will have to fix their bug. Atsushi Eno (2013年07月12日 23:58), Jonathan Gagnon wrote: I have encountered a bug similar to 4938 https://bugzilla.xamarin.com/**show_bug.cgi?id=4938https://bugzilla.xamarin.com/show_bug.cgi?id=4938 . My problem is that mono does not find the reference id because the id is in uppercase ('ID' instead of 'Id'). This works correctly on .NET. As stated in the bug description, the problem is in the SignedXml class, GetIdElement method. I wrote a very simple patch that fixes the problem by looking for id and ID. Should I do a pull request with that fix? *Jonathan Gagnon*
Re: [Mono-dev] Bug in SignedXml.GetIdElement
Jonathan Gagnon wrote: It does not work when the SAML document is not referring to any DTD. In my case, I receive the following exception when I call the CheckSignature method : System.Security.Cryptography.CryptographicException: Malformed reference object: [referenceId] at System.Security.Cryptography.Xml.SignedXml.GetReferenceHash (System.Security.Cryptography.Xml.Reference r, Boolean check_hmac) [0x0] in filename unknown:0 at System.Security.Cryptography.Xml.SignedXml.CheckReferenceIntegrity (System.Collections.ArrayList referenceList) [0x0] in filename unknown:0 at System.Security.Cryptography.Xml.SignedXml.CheckSignatureInternal (System.Security.Cryptography.AsymmetricAlgorithm key) [0x0] in filename unknown:0 at System.Security.Cryptography.Xml.SignedXml.CheckSignature (System.Security.Cryptography.AsymmetricAlgorithm key) [0x0] in filename unknown:0 at TestSAML.Program.Main (System.String[] args) [0x0] in filename unknown:0 Of course it happens because you should be processing corresponding DTD or XML Schema. The same code works in .NET and it does work if I modify the GetIdElement method to check for ID. So in your opinion, I should create a class that derives from SignedXml and override GetIdElement? I'm not sure I would like to answer yes (if you want to have ID being processed) or no (you should actually process DTD or XSD). It does fix the problem for me. But wouldn't it be better to modify SignedXml.GetIdElement() to behave more like .NET so that other users don't encounter the same problem? I don't support any use of API that violates W3C specification. Though I'm just pointing out the facts. There may be people who want to take responsibility on the entire XML Signature stuff and go ahead to apply the changes. Atsushi Eno Thanks, Jonathan On Tue, Jul 16, 2013 at 10:24 AM, Atsushi Eno atsushi...@veritas-vos-liberabit.com mailto:atsushi...@veritas-vos-liberabit.com wrote: Whenever SAML document instance refers to its schema or DTD that will validate ID attribute as expected, since SignedXml internally uses XmlDocument.GetElementById () which is expected to collect IDs where IDs means a validated ID by XmlValidatingReader or any XmlReader that has XmlReaderSettings to consider XmlSchema or DTD. Hence that does not cause any problem for SAML. (Also note that SignedXml implementation could override SignedXml.GetIdElement(). Mono's WCF implementation makes use of it to support WS-Security ID attribute.) Atsushi Eno Jonathan Gagnon wrote: This is true for the signature, but not true for SAML assertions, where ids are defined as ID : http://schemas.stylusstudio.com/saml/nea261b70/complexType_AssertionType.html I don't know in which case we would need id in lowercase, but since .NET supports it, there is probably a valid reason for it too. *Jonathan Gagnon* Responsable des architectures systèmes 600, boulevard Armand-Frappier, bureau 200 Laval (Québec) H7V 4B4 Canada T : 450-662-6101 tel:450-662-6101 poste 234 http://www.croesus.com http://www.facebook.com/pages/Croesus-Finansoft/345020305606240http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141https://twitter.com/CroesusFin On Tue, Jul 16, 2013 at 2:30 AM, Atsushi Eno atsushi...@veritas-vos-liberabit.com mailto:atsushi...@veritas-vos-liberabit.com mailto:atsushi...@veritas-vos-liberabit.com mailto:atsushi...@veritas-vos-liberabit.com wrote: W3C XML Signature specification explicitly Id as the valid attribute name for referencing an element, by its XML Schema and DTD: http://www.w3.org/TR/xmldsig-core/#sec-Signature http://www.w3.org/TR/xmldsig-core/#sec-SignatureValue http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo http://www.w3.org/TR/xmldsig-core/#sec-Reference http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo http://www.w3.org/TR/xmldsig-core/#sec-Object http://www.w3.org/TR/xmldsig-core/#sec-Manifest http://www.w3.org/TR/xmldsig-core/#sec-SignatureProperties If Microsoft treats id or ID attributes as if they were ID (and not iD ?), they will have to fix their bug. Atsushi Eno (2013年07月12日 23:58), Jonathan Gagnon wrote: I have encountered a bug similar to 4938 https://bugzilla.xamarin.com/show_bug.cgi?id=4938. My problem is that mono does not find the reference id because the id is in uppercase ('ID' instead of 'Id'). This works correctly on .NET. As stated in the bug description, the problem is in the SignedXml class, GetIdElement method. I wrote