Ian,
Many thanks for that. I've just checked in a slight variation to your patch. We need to have the local name used as the key, because the spec requires we do a secondary sort of attributes on local names. So I still call getNodeName, but I then do a quick check for ':' to find the local part.
Thanks!
Cheers,
Berin
Ian Alderman wrote:
The attached diff makes the problem go away for my code and illustrates what's happening. In line 1122 of XSECC14n20010315.cpp, m_formatBuffer becomes zero length, so every attribute gets added to the sort list with the same key, meaning that all attributes except the first in an element get discarded in canonicalization.
See http://xml.apache.org/xerces-c/apiDocs/classDOMNode.html#z231_4 Perhaps this is why getLocalName is returning null? Maybe the code should test, and use getNodeName if getLocaName returns null.
Hope this helps,
-Ian
On Mon, 19 Jul 2004, Ian Alderman wrote:
I was able to make some progress on debugging this.
Debugging by printing the SignedInfo bytes as they get hashed (in TXFMSHA1.cpp), I was able to determine that these bytes are different when they get signed than they are when they get verified (and so the hash is also different). Specifically, if I use the following stylesheet, some of the "select" attributes (which happen to be second attributes) get discarded.
My stylesheet and code are here: http://www.cs.wisc.edu/~alderman/xsec/
-Ian
It would appear that the transform is being applied correctly; the digest is the same as is produced by the Java library, but the signature is different (the Java library signature verifies).
------------------------------------------------------------------------
85 ferdinand ~/workspace/xml/src/xml-security/xml-security/c/src > cvs diff canon ? canon/Makefile ? canon/Makefile.in ? canon/XSECC14n20010315.cpp.ORIG cvs server: Diffing canon Index: canon/XSECC14n20010315.cpp =================================================================== RCS file: /home/cvspublic/xml-security/c/src/canon/XSECC14n20010315.cpp,v retrieving revision 1.15 diff -r1.15 XSECC14n20010315.cpp 1122c1122 < m_formatBuffer << (*mp_formatter << tmpAtts->item(i)->getLocalName()); ---
m_formatBuffer << (*mp_formatter << tmpAtts->item(i)->getNodeName());
