Re: Bug in Canonicalizer.canonicalizeSubtree

[raul-info]

This bug is fixed in  
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=30455 I will try to  
back ported it tonight.

On 12/08/2004, at 21:28, Sean Mullan wrote:
Hi,
There's a new bug (well somewhat recent - it is a regression from the  
1.1 release) in Canonicalizer.canonicalizeSubtree(Node) where it  
leaves a superfluous default empty namespace definition in the subtree  
root node instead of omitting it.

I'm attaching a test program and test xml signature. Run the program  
as:

  java C14NSubTree certj201_enveloping.xml envelopedData
The following c14n output is emitted:
<dsig:Object xmlns="" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";  
Id="envelopedData"><FOO xmlns="http://www.foo.org/foo";>
foo
</FOO></dsig:Object>

The xmlns="" is unnecessary and should be omitted.
I have tried to create a patch but the c14n code is fairly intricate  
and  probably Raul will be much faster at finding the right fix.

Thanks,
Sean
import java.io.FileInputStream;
import javax.xml.parsers.*;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.apache.xml.security.Init;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.utils.IdResolver;
public class C14NSubTree {
    public static void main(String[] args) throws Exception {
        FileInputStream fis = new FileInputStream(args[0]);
        DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
        dbf.setNamespaceAware(true);
        DocumentBuilder db = dbf.newDocumentBuilder();
        Document doc = db.parse(fis);
	Init.init();
	Element e = IdResolver.getElementById(doc, args[1]);
	Canonicalizer c14n =  
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
	byte[] bytes = c14n.canonicalizeSubtree(e);
	System.out.println(new String(bytes));
    }
}
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
  <SignedInfo>
    <CanonicalizationMethod  
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
    <SignatureMethod  
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
    <Reference URI="#envelopedData">
      <Transforms><Transform  
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
      </Transforms>
      <DigestMethod  
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
      <DigestValue>ikRJTZzM7uWpaXtmIcJyTwmt8Qw=</DigestValue>
    </Reference>
  </SignedInfo>
   
<SignatureValue>dDA7vm8Kss5sLocYMg/ 
lWdUDYVsfTQJ8QfmALKDFr3BrARmBZBqAOVffS2Xw/dlYeQBfUWPINv7/
ciYjUz0xCg==</SignatureValue><KeyInfo>
    <KeyValue>
    <RSAKeyValue>
         
<Modulus>uHlPl0BIKYNLN6c22IYwxJYYFV6g8Oxk7ZlyiqFi/ 
DRbDW3e5b5QBNxUof0QMaCfgYGYQshtTtQH
2Ft5PAFZ0Q==</Modulus>
        <Exponent>EQ==</Exponent>
      </RSAKeyValue>
    </KeyValue>
  </KeyInfo>
<dsig:Object Id="envelopedData" xmlns=""  
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";><FOO  
xmlns="http://www.foo.org/foo";>
foo
</FOO></dsig:Object></Signature>