Re: [Mono-dev] Bug in SignedXml.GetIdElement
W3C XML Signature specification explicitly Id as the valid attribute
name for referencing an element, by its XML Schema and DTD:
http://www.w3.org/TR/xmldsig-core/#sec-Signature
http://www.w3.org/TR/xmldsig-core/#sec-SignatureValue
http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo
http://www.w3.org/TR/xmldsig-core/#sec-Reference
http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo
http://www.w3.org/TR/xmldsig-core/#sec-Object
http://www.w3.org/TR/xmldsig-core/#sec-Manifest
http://www.w3.org/TR/xmldsig-core/#sec-SignatureProperties
If Microsoft treats id or ID attributes as if they were ID (and not
iD ?), they will have to fix their bug.
Atsushi Eno
(2013年07月12日 23:58), Jonathan Gagnon wrote:
I have encountered a bug similar to 4938
https://bugzilla.xamarin.com/show_bug.cgi?id=4938.
My problem is that mono does not find the reference id because the id
is in uppercase ('ID' instead of 'Id'). This works correctly on .NET.
As stated in the bug description, the problem is in the SignedXml
class, GetIdElement method.
I wrote a very simple patch that fixes the problem by looking for id
and ID. Should I do a pull request with that fix?
*Jonathan Gagnon*
Responsable des architectures systèmes
600, boulevard Armand-Frappier, bureau 200
Laval (Québec) H7V 4B4
Canada
T : 450-662-6101 poste 234
http://www.croesus.com
http://www.facebook.com/pages/Croesus-Finansoft/345020305606240http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141https://twitter.com/CroesusFin
___
Mono-devel-list mailing list
Mono-devel-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-devel-list
___
Mono-devel-list mailing list
Mono-devel-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-devel-list
[Mono-dev] System.Configuration.SettingValueElement
Hi I was wondering why mono has an override implementation of System.Configuration.SettingValueElement :: Unmerge() (https://github.com/mono/mono/blob/master/mcs/class/System/System.Configuration/SettingValueElement.cs line 115) which only throws a NotImplementedException when the .net implementation of the same class relies on the base implementation and does NOT try to override it ? Kind regards Torben ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] System.Configuration.SettingValueElement
Hi, In general, NotImplementedException means that it is not implemented (literally!). It is to indicate on our class status page to explicitly indicate that it is not implemented and have some code build and load just fine. (Not having override does not cause compilation error on mono, but such resulting assemblies would not run on .NET without problem.) According to our class status pages, you are (or I should say, the MSDN documentation is) wrong - SettingValueElement class actually has override for Unmerge() method. I have no idea what .NET does, but for mono it is not implemented. (I won't believe that this override does not do anything, at least without certain experiment shown.) No one works on System.Configuration stuff nowadays but if you have some patch to implement it, that would be welcomed, reviewed and merged if good :) Atsushi Eno Torben H. Nielsen wrote: Hi I was wondering why mono has an override implementation of System.Configuration.SettingValueElement :: Unmerge() (https://github.com/mono/mono/blob/master/mcs/class/System/System.Configuration/SettingValueElement.cs line 115) which only throws a NotImplementedException when the .net implementation of the same class relies on the base implementation and does NOT try to override it ? Kind regards Torben ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list ___ Mono-devel-list mailing list Mono-devel-list@lists.ximian.com http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] Bug in SignedXml.GetIdElement
This is true for the signature, but not true for SAML assertions, where ids
are defined as ID :
http://schemas.stylusstudio.com/saml/nea261b70/complexType_AssertionType.html
I don't know in which case we would need id in lowercase, but since .NET
supports it, there is probably a valid reason for it too.
*Jonathan Gagnon*
Responsable des architectures systèmes
600, boulevard Armand-Frappier, bureau 200
Laval (Québec) H7V 4B4
Canada
T : 450-662-6101 poste 234
http://www.croesus.com
http://www.facebook.com/pages/Croesus-Finansoft/345020305606240http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141https://twitter.com/CroesusFin
On Tue, Jul 16, 2013 at 2:30 AM, Atsushi Eno
atsushi...@veritas-vos-liberabit.com wrote:
W3C XML Signature specification explicitly Id as the valid attribute
name for referencing an element, by its XML Schema and DTD:
http://www.w3.org/TR/xmldsig-**core/#sec-Signaturehttp://www.w3.org/TR/xmldsig-core/#sec-Signature
http://www.w3.org/TR/xmldsig-**core/#sec-SignatureValuehttp://www.w3.org/TR/xmldsig-core/#sec-SignatureValue
http://www.w3.org/TR/xmldsig-**core/#sec-SignedInfohttp://www.w3.org/TR/xmldsig-core/#sec-SignedInfo
http://www.w3.org/TR/xmldsig-**core/#sec-Referencehttp://www.w3.org/TR/xmldsig-core/#sec-Reference
http://www.w3.org/TR/xmldsig-**core/#sec-KeyInfohttp://www.w3.org/TR/xmldsig-core/#sec-KeyInfo
http://www.w3.org/TR/xmldsig-**core/#sec-Objecthttp://www.w3.org/TR/xmldsig-core/#sec-Object
http://www.w3.org/TR/xmldsig-**core/#sec-Manifesthttp://www.w3.org/TR/xmldsig-core/#sec-Manifest
http://www.w3.org/TR/xmldsig-**core/#sec-SignaturePropertieshttp://www.w3.org/TR/xmldsig-core/#sec-SignatureProperties
If Microsoft treats id or ID attributes as if they were ID (and not
iD ?), they will have to fix their bug.
Atsushi Eno
(2013年07月12日 23:58), Jonathan Gagnon wrote:
I have encountered a bug similar to 4938 https://bugzilla.xamarin.com/**
show_bug.cgi?id=4938 https://bugzilla.xamarin.com/show_bug.cgi?id=4938
.
My problem is that mono does not find the reference id because the id is
in uppercase ('ID' instead of 'Id'). This works correctly on .NET.
As stated in the bug description, the problem is in the SignedXml class,
GetIdElement method.
I wrote a very simple patch that fixes the problem by looking for id
and ID. Should I do a pull request with that fix?
*Jonathan Gagnon*
Responsable des architectures systèmes
600, boulevard Armand-Frappier, bureau 200
Laval (Québec) H7V 4B4
Canada
T : 450-662-6101 poste 234
http://www.croesus.com
http://www.facebook.com/**pages/Croesus-Finansoft/**345020305606240http://www.facebook.com/pages/Croesus-Finansoft/345020305606240
http://www.**linkedin.com/company/croesus-**
finansoft?trk=hb_tab_compy_id_**26141http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141
https://twitter.com/**CroesusFin https://twitter.com/CroesusFin
__**_
Mono-devel-list mailing list
Mono-devel-list@lists.ximian.**com Mono-devel-list@lists.ximian.com
http://lists.ximian.com/**mailman/listinfo/mono-devel-**listhttp://lists.ximian.com/mailman/listinfo/mono-devel-list
___
Mono-devel-list mailing list
Mono-devel-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] Bug in SignedXml.GetIdElement
Whenever SAML document instance refers to its schema or DTD that will
validate ID attribute as expected, since SignedXml internally uses
XmlDocument.GetElementById () which is expected to collect IDs where
IDs means a validated ID by XmlValidatingReader or any XmlReader that
has XmlReaderSettings to consider XmlSchema or DTD. Hence that does not
cause any problem for SAML.
(Also note that SignedXml implementation could override
SignedXml.GetIdElement(). Mono's WCF implementation makes use of it to
support WS-Security ID attribute.)
Atsushi Eno
Jonathan Gagnon wrote:
This is true for the signature, but not true for SAML assertions,
where ids are defined as ID :
http://schemas.stylusstudio.com/saml/nea261b70/complexType_AssertionType.html
I don't know in which case we would need id in lowercase, but since
.NET supports it, there is probably a valid reason for it too.
*Jonathan Gagnon*
Responsable des architectures systèmes
600, boulevard Armand-Frappier, bureau 200
Laval (Québec) H7V 4B4
Canada
T : 450-662-6101 poste 234
http://www.croesus.com
http://www.facebook.com/pages/Croesus-Finansoft/345020305606240http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141https://twitter.com/CroesusFin
On Tue, Jul 16, 2013 at 2:30 AM, Atsushi Eno
atsushi...@veritas-vos-liberabit.com
mailto:atsushi...@veritas-vos-liberabit.com wrote:
W3C XML Signature specification explicitly Id as the valid
attribute name for referencing an element, by its XML Schema and DTD:
http://www.w3.org/TR/xmldsig-core/#sec-Signature
http://www.w3.org/TR/xmldsig-core/#sec-SignatureValue
http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo
http://www.w3.org/TR/xmldsig-core/#sec-Reference
http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo
http://www.w3.org/TR/xmldsig-core/#sec-Object
http://www.w3.org/TR/xmldsig-core/#sec-Manifest
http://www.w3.org/TR/xmldsig-core/#sec-SignatureProperties
If Microsoft treats id or ID attributes as if they were ID
(and not iD ?), they will have to fix their bug.
Atsushi Eno
(2013年07月12日 23:58), Jonathan Gagnon wrote:
I have encountered a bug similar to 4938
https://bugzilla.xamarin.com/show_bug.cgi?id=4938.
My problem is that mono does not find the reference id because
the id is in uppercase ('ID' instead of 'Id'). This works
correctly on .NET.
As stated in the bug description, the problem is in the
SignedXml class, GetIdElement method.
I wrote a very simple patch that fixes the problem by looking
for id and ID. Should I do a pull request with that fix?
*Jonathan Gagnon*
Responsable des architectures systèmes
600, boulevard Armand-Frappier, bureau 200
Laval (Québec) H7V 4B4
Canada
T : 450-662-6101 tel:450-662-6101 poste 234
http://www.croesus.com
http://www.facebook.com/pages/Croesus-Finansoft/345020305606240http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141https://twitter.com/CroesusFin
___
Mono-devel-list mailing list
Mono-devel-list@lists.ximian.com
mailto:Mono-devel-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-devel-list
___
Mono-devel-list mailing list
Mono-devel-list@lists.ximian.com
http://lists.ximian.com/mailman/listinfo/mono-devel-list
Re: [Mono-dev] Bug in SignedXml.GetIdElement
It does not work when the SAML document is not referring to any DTD. In my
case, I receive the following exception when I call the CheckSignature
method :
System.Security.Cryptography.CryptographicException: Malformed reference
object: [referenceId]
at System.Security.Cryptography.Xml.SignedXml.GetReferenceHash
(System.Security.Cryptography.Xml.Reference r, Boolean check_hmac)
[0x0] in filename unknown:0
at System.Security.Cryptography.Xml.SignedXml.CheckReferenceIntegrity
(System.Collections.ArrayList referenceList) [0x0] in filename
unknown:0
at System.Security.Cryptography.Xml.SignedXml.CheckSignatureInternal
(System.Security.Cryptography.AsymmetricAlgorithm key) [0x0] in
filename unknown:0
at System.Security.Cryptography.Xml.SignedXml.CheckSignature
(System.Security.Cryptography.AsymmetricAlgorithm key) [0x0] in
filename unknown:0
at TestSAML.Program.Main (System.String[] args) [0x0] in filename
unknown:0
The same code works in .NET and it does work if I modify the GetIdElement
method to check for ID.
So in your opinion, I should create a class that derives from SignedXml and
override GetIdElement?
It does fix the problem for me. But wouldn't it be better to modify
SignedXml.GetIdElement() to behave more like .NET so that other users don't
encounter the same problem?
Thanks,
Jonathan
On Tue, Jul 16, 2013 at 10:24 AM, Atsushi Eno
atsushi...@veritas-vos-liberabit.com wrote:
Whenever SAML document instance refers to its schema or DTD that will
validate ID attribute as expected, since SignedXml internally uses
XmlDocument.GetElementById () which is expected to collect IDs where
IDs means a validated ID by XmlValidatingReader or any XmlReader that has
XmlReaderSettings to consider XmlSchema or DTD. Hence that does not cause
any problem for SAML.
(Also note that SignedXml implementation could override
SignedXml.GetIdElement(). Mono's WCF implementation makes use of it to
support WS-Security ID attribute.)
Atsushi Eno
Jonathan Gagnon wrote:
This is true for the signature, but not true for SAML assertions, where
ids are defined as ID :
http://schemas.stylusstudio.**com/saml/nea261b70/**
complexType_AssertionType.htmlhttp://schemas.stylusstudio.com/saml/nea261b70/complexType_AssertionType.html
I don't know in which case we would need id in lowercase, but since
.NET supports it, there is probably a valid reason for it too.
*Jonathan Gagnon*
Responsable des architectures systèmes
600, boulevard Armand-Frappier, bureau 200
Laval (Québec) H7V 4B4
Canada
T : 450-662-6101 poste 234
http://www.croesus.com
http://www.facebook.com/**pages/Croesus-Finansoft/**345020305606240http://www.facebook.com/pages/Croesus-Finansoft/345020305606240
http://www.**linkedin.com/company/croesus-**
finansoft?trk=hb_tab_compy_id_**26141http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141
https://twitter.com/**CroesusFin https://twitter.com/CroesusFin
On Tue, Jul 16, 2013 at 2:30 AM, Atsushi Eno atsushieno@veritas-vos-**
liberabit.com atsushi...@veritas-vos-liberabit.com mailto:
atsushieno@veritas-**vos-liberabit.comatsushi...@veritas-vos-liberabit.com
wrote:
W3C XML Signature specification explicitly Id as the valid
attribute name for referencing an element, by its XML Schema and DTD:
http://www.w3.org/TR/xmldsig-**core/#sec-Signaturehttp://www.w3.org/TR/xmldsig-core/#sec-Signature
http://www.w3.org/TR/xmldsig-**core/#sec-SignatureValuehttp://www.w3.org/TR/xmldsig-core/#sec-SignatureValue
http://www.w3.org/TR/xmldsig-**core/#sec-SignedInfohttp://www.w3.org/TR/xmldsig-core/#sec-SignedInfo
http://www.w3.org/TR/xmldsig-**core/#sec-Referencehttp://www.w3.org/TR/xmldsig-core/#sec-Reference
http://www.w3.org/TR/xmldsig-**core/#sec-KeyInfohttp://www.w3.org/TR/xmldsig-core/#sec-KeyInfo
http://www.w3.org/TR/xmldsig-**core/#sec-Objecthttp://www.w3.org/TR/xmldsig-core/#sec-Object
http://www.w3.org/TR/xmldsig-**core/#sec-Manifesthttp://www.w3.org/TR/xmldsig-core/#sec-Manifest
http://www.w3.org/TR/xmldsig-**core/#sec-SignaturePropertieshttp://www.w3.org/TR/xmldsig-core/#sec-SignatureProperties
If Microsoft treats id or ID attributes as if they were ID
(and not iD ?), they will have to fix their bug.
Atsushi Eno
(2013年07月12日 23:58), Jonathan Gagnon wrote:
I have encountered a bug similar to 4938
https://bugzilla.xamarin.com/**show_bug.cgi?id=4938https://bugzilla.xamarin.com/show_bug.cgi?id=4938
.
My problem is that mono does not find the reference id because
the id is in uppercase ('ID' instead of 'Id'). This works
correctly on .NET.
As stated in the bug description, the problem is in the
SignedXml class, GetIdElement method.
I wrote a very simple patch that fixes the problem by looking
for id and ID. Should I do a pull request with that fix?
*Jonathan Gagnon*
Re: [Mono-dev] Bug in SignedXml.GetIdElement
Jonathan Gagnon wrote:
It does not work when the SAML document is not referring to any DTD.
In my case, I receive the following exception when I call the
CheckSignature method :
System.Security.Cryptography.CryptographicException: Malformed
reference object: [referenceId]
at System.Security.Cryptography.Xml.SignedXml.GetReferenceHash
(System.Security.Cryptography.Xml.Reference r, Boolean check_hmac)
[0x0] in filename unknown:0
at
System.Security.Cryptography.Xml.SignedXml.CheckReferenceIntegrity
(System.Collections.ArrayList referenceList) [0x0] in filename
unknown:0
at System.Security.Cryptography.Xml.SignedXml.CheckSignatureInternal
(System.Security.Cryptography.AsymmetricAlgorithm key) [0x0] in
filename unknown:0
at System.Security.Cryptography.Xml.SignedXml.CheckSignature
(System.Security.Cryptography.AsymmetricAlgorithm key) [0x0] in
filename unknown:0
at TestSAML.Program.Main (System.String[] args) [0x0] in
filename unknown:0
Of course it happens because you should be processing corresponding DTD
or XML Schema.
The same code works in .NET and it does work if I modify the
GetIdElement method to check for ID.
So in your opinion, I should create a class that derives from
SignedXml and override GetIdElement?
I'm not sure I would like to answer yes (if you want to have ID being
processed) or no (you should actually process DTD or XSD).
It does fix the problem for me. But wouldn't it be better to modify
SignedXml.GetIdElement() to behave more like .NET so that other users
don't encounter the same problem?
I don't support any use of API that violates W3C specification.
Though I'm just pointing out the facts. There may be people who want to
take responsibility on the entire XML Signature stuff and go ahead to
apply the changes.
Atsushi Eno
Thanks,
Jonathan
On Tue, Jul 16, 2013 at 10:24 AM, Atsushi Eno
atsushi...@veritas-vos-liberabit.com
mailto:atsushi...@veritas-vos-liberabit.com wrote:
Whenever SAML document instance refers to its schema or DTD that
will validate ID attribute as expected, since SignedXml
internally uses XmlDocument.GetElementById () which is expected to
collect IDs where IDs means a validated ID by
XmlValidatingReader or any XmlReader that has XmlReaderSettings to
consider XmlSchema or DTD. Hence that does not cause any problem
for SAML.
(Also note that SignedXml implementation could override
SignedXml.GetIdElement(). Mono's WCF implementation makes use of
it to support WS-Security ID attribute.)
Atsushi Eno
Jonathan Gagnon wrote:
This is true for the signature, but not true for SAML
assertions, where ids are defined as ID :
http://schemas.stylusstudio.com/saml/nea261b70/complexType_AssertionType.html
I don't know in which case we would need id in lowercase,
but since .NET supports it, there is probably a valid reason
for it too.
*Jonathan Gagnon*
Responsable des architectures systèmes
600, boulevard Armand-Frappier, bureau 200
Laval (Québec) H7V 4B4
Canada
T : 450-662-6101 tel:450-662-6101 poste 234
http://www.croesus.com
http://www.facebook.com/pages/Croesus-Finansoft/345020305606240http://www.linkedin.com/company/croesus-finansoft?trk=hb_tab_compy_id_26141https://twitter.com/CroesusFin
On Tue, Jul 16, 2013 at 2:30 AM, Atsushi Eno
atsushi...@veritas-vos-liberabit.com
mailto:atsushi...@veritas-vos-liberabit.com
mailto:atsushi...@veritas-vos-liberabit.com
mailto:atsushi...@veritas-vos-liberabit.com wrote:
W3C XML Signature specification explicitly Id as the valid
attribute name for referencing an element, by its XML
Schema and DTD:
http://www.w3.org/TR/xmldsig-core/#sec-Signature
http://www.w3.org/TR/xmldsig-core/#sec-SignatureValue
http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo
http://www.w3.org/TR/xmldsig-core/#sec-Reference
http://www.w3.org/TR/xmldsig-core/#sec-KeyInfo
http://www.w3.org/TR/xmldsig-core/#sec-Object
http://www.w3.org/TR/xmldsig-core/#sec-Manifest
http://www.w3.org/TR/xmldsig-core/#sec-SignatureProperties
If Microsoft treats id or ID attributes as if they were ID
(and not iD ?), they will have to fix their bug.
Atsushi Eno
(2013年07月12日 23:58), Jonathan Gagnon wrote:
I have encountered a bug similar to 4938
https://bugzilla.xamarin.com/show_bug.cgi?id=4938.
My problem is that mono does not find the reference id
because
the id is in uppercase ('ID' instead of 'Id'). This works
correctly on .NET.
As stated in the bug description, the problem is in the
SignedXml class, GetIdElement method.
I wrote
