Bug in Canonicalizer.canonicalizeSubtree

Thu, 12 Aug 2004 12:28:44 -0700 

Hi,

There's a new bug (well somewhat recent - it is a regression from the 1.1 release) in Canonicalizer.canonicalizeSubtree(Node) where it leaves a superfluous default empty namespace definition in the subtree root node instead of omitting it.

I'm attaching a test program and test xml signature. Run the program as:

  java C14NSubTree certj201_enveloping.xml envelopedData

The following c14n output is emitted:

<dsig:Object xmlns="" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; Id="envelopedData"><FOO xmlns="http://www.foo.org/foo";>
foo
</FOO></dsig:Object>

The xmlns="" is unnecessary and should be omitted.

I have tried to create a patch but the c14n code is fairly intricate and probably Raul will be much faster at finding the right fix.

Thanks,
Sean

import java.io.FileInputStream;
import javax.xml.parsers.*;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

import org.apache.xml.security.Init;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.utils.IdResolver;

public class C14NSubTree {

    public static void main(String[] args) throws Exception {
        FileInputStream fis = new FileInputStream(args[0]);
        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
        dbf.setNamespaceAware(true);
        DocumentBuilder db = dbf.newDocumentBuilder();
        Document doc = db.parse(fis);

        Init.init();
        Element e = IdResolver.getElementById(doc, args[1]);
        Canonicalizer c14n = 
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
        byte[] bytes = c14n.canonicalizeSubtree(e);
        System.out.println(new String(bytes));
    }
}

<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
  <SignedInfo>
    <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
    <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <Reference URI="#envelopedData">
      <Transforms><Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
      </Transforms>
      <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue>ikRJTZzM7uWpaXtmIcJyTwmt8Qw=</DigestValue>
    </Reference>
  </SignedInfo>
  <SignatureValue>dDA7vm8Kss5sLocYMg/lWdUDYVsfTQJ8QfmALKDFr3BrARmBZBqAOVffS2Xw/dlYeQBfUWPINv7/
ciYjUz0xCg==</SignatureValue><KeyInfo>
    <KeyValue>
    <RSAKeyValue>
        <Modulus>uHlPl0BIKYNLN6c22IYwxJYYFV6g8Oxk7ZlyiqFi/DRbDW3e5b5QBNxUof0QMaCfgYGYQshtTtQH
2Ft5PAFZ0Q==</Modulus>
        <Exponent>EQ==</Exponent>
      </RSAKeyValue>
    </KeyValue>
  </KeyInfo>
<dsig:Object Id="envelopedData" xmlns="" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";><FOO xmlns="http://www.foo.org/foo";>
foo
</FOO></dsig:Object></Signature>

Reply via email to