Why namespace in SignedContentItem is removed ?

Inoguchi, Kinichiro Tue, 04 Jun 2013 01:08:57 -0700

Hi,

Now I'm trying to work with detached and sibling XML signature.
I could sign to my XML, but I realized that SignedContentItem in 
XMLSignature missed namespace I added.


Here is my XML document, and I signed to <myXml>.
<myXml> contains <myData>, and <myData> contains <myItem>.
<myItem> belongs to namespace "http://xxx.yyy.zzz/";.
============================================================
<myPayload xmlns="http://aaa.bbb.ccc/";>
    <myXml xmlns:ns0="http://aaa.bbb.ccc/"; ns0:Id="signed">
        <myData>
            <myItem xmlns="http://xxx.yyy.zzz/";>Item1</myItem>
        </myData>
    </myXml>
    <ds:Signature>
        ...
    </ds:Signature>
</myPayload>
============================================================

And SignedContentItem in XMLSignature was like below.
============================================================
<myXml xmlns="http://aaa.bbb.ccc/"; 
Id="signed"><myData><myItem>Item1</myItem></myData></myXml>
============================================================

I wonder why namespace is removed from <myItem>.
I'm afraid that this will causes wrong digest value calculation.

I've read the thread "vanishing attribute namespace prefixes",
but I couldn't get the conclusion by myself.

Does anyone tell me how to resolve this issue ?

I attached source code (TestMySignature.java) 
and result (TestMySignature.txt).

Thanks.

TestMySignature.java
Description: TestMySignature.java

--- Signed XML document is Here ---
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<myPayload xmlns="http://aaa.bbb.ccc/";>
    <myXml xmlns:ns0="http://aaa.bbb.ccc/"; ns0:Id="signed">
        <myData>
            <myItem xmlns="http://xxx.yyy.zzz/";>Item1</myItem>
        </myData>
    </myXml>
    <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
<ds:SignedInfo>
<ds:CanonicalizationMethod 
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/>
<ds:Reference URI="#signed">
<ds:Transforms>
<ds:Transform 
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>oZOU/+OMolQymBmB1gOc2MAgMbs=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>
Dov6D4eivJTxslLOEGYghltaFS4W9iLv5ba4Mwu8DO8ioDtQT5uhO7LmeRUSAx8U7llhosaUbGK+
iEboqMrJ38QJ+/PWdDzMx4zvITcLOdVLYc5MBfbgPdg/WtrH81hdN9M8GcXP6hjSwuhthNtTwiEw
3T7fnW1nM+JLt/ErnOnbcNvcYwCqvoSLhT7NE/uNl0djvcf6OkCnd04S1Xv2y5Sxlf+UTIRVPTdh
s0C4INtTKdTa7pnWsZMnS6wwumRpAdtWL2JR/2dTS0zEWHMFUBLpgA0dZH4qwuw8OxmoNv17Jpu6
LS+5aRx7vnH9ZgVVUQiNei1fHm2lX8BfGooZow==
</ds:SignatureValue>
</ds:Signature>
</myPayload>


--- Signed Content in Signature is missing namespace 'http://xxx.yyy.zzz/' from 
'myItem' ---
<myXml xmlns="http://aaa.bbb.ccc/"; 
Id="signed"><myData><myItem>Item1</myItem></myData></myXml>

--- calcurating C14Ned SHA1 digest ---
oZOU/+OMolQymBmB1gOc2MAgMbs=

Why namespace in SignedContentItem is removed ?

Reply via email to