Re: Status of == vs equals() RESULTS

As the original author of the changes of equals to == in intern namespaces, I can tell that original in 1.4 and 1.5 and with my data (that was the verification of a SAML/Liberty AuthnReq in a multi thread tests, and the old Juice JCE provider). The change was 10% to 20% faster. The SAML is one of t

Re: Status of == vs equals() RESULTS

On Mon, Aug 9, 2010 at 4:45 PM, Chad La Joie wrote: > > > On 8/9/10 10:40 AM, Raul Benito wrote: > >> What command line options did you use? >> > > No options. > > I did mine with --server and sometimes with more memory but it is really strange, what versio

Re: Status of == vs equals() RESULTS

Hello Chad, What command line options did you use? My testings were more reliable if use 100 warms-up let the jit run its magic, and then go for the timed test. Also are you running both tests in the same invocation if you do, the second will be handicap, as the first one will be just inline the se

[REPORT] Santuario

Hello, I'm going to send the report for this month, do you have anything to tell? Regards, Raul -- Just normal bug fixing. Quiet quarter. Regards, Raul

Re: [Fwd: [Fwd: ASF Board Report - Initial Reminder for May 2009]]

2009/WD-xmldsig-core1-20090226/ > http://www.w3.org/TR/xmlenc-core1/ > >> >> I've submitted two patches as of several weeks that haven't been >> applied/reviewed etc [47029, 47057]. Is there interest in building >> some momentum for another release? > > I

Re: [Fwd: [Fwd: ASF Board Report - Initial Reminder for May 2009]]

tum for another release? > > Colm. > > -Original Message- > From: raul.benito.gar...@gmail.com [mailto:raul.benito.gar...@gmail.com] On > Behalf Of Raul Benito > Sent: 19 May 2009 11:12 > To: security-dev@xml.apache.org > Subject: Re: [Fwd: [Fwd: ASF Board Rep

Re: [Fwd: [Fwd: ASF Board Report - Initial Reminder for May 2009]]

Ok, I will regret to say that but I'm in. What are the next steps, a vote between PMC members? Regards, Raul On Tue, May 19, 2009 at 12:29 PM, Berin Lautenbach wrote: > Have a look-see at: > > http://www.apache.org/dev/pmc.html#chair > > Cheers, >        Berin > >

Re: [Fwd: [Fwd: ASF Board Report - Initial Reminder for May 2009]]

Ok, I can take one day a month as PMC chairman, does it will be enough? what are the other responsibilities beside the monthly reports? On Fri, May 8, 2009 at 11:49 AM, Berin Lautenbach wrote: > Heya all, > > Anyone going to pick this up?  Any volunteers for chair? > > Cheers, >        Berin > >

Re: [Fwd: [Fwd: [Fwd: ASF Board Report - Initial Reminder for May 2009]]]

I will givie you an answer in 48hours, Berin. Sorry for the delay. On Tue, May 12, 2009 at 12:39 PM, Berin Lautenbach wrote: > Does this mean we want to wind up the project?  If there is no interest in > anyone taking on the chair role I will recommend to the board that the > project be moved to

Re: configuring line breaks

Of course we will look up to any patch you send, any contribution is always appreciated. If it is not very bad on performance I will include it if not we can discuss how to improve it. On Wed, Jan 14, 2009 at 12:29 PM, Colm O hEigeartaigh wrote: > Hi, > > Currently one can only configure whethe

Re: Undeclared namespace prefix

will allowed us not do the same mistake again. On Fri, Oct 3, 2008 at 5:15 PM, Werner Dittmann <[EMAIL PROTECTED] > wrote: > Raul Benito schrieb: > >> Hello, >> I think I made the change so I will try to defend it, first of all the use >> of KeyInfo out of a Signat

Re: Undeclared namespace prefix

Hello, I think I made the change so I will try to defend it, first of all the use of KeyInfo out of a Signature it is not a use case I was looking to. So perhaps we break it as we don't look at it. And sadly the old api is full of internal objects that can be use external. And I see KeyInfo like th

Re: Questions about xml-security-1.4.2 and Java 1.6

It seems a nice question & answers for our faq... On Tue, Aug 19, 2008 at 6:30 PM, dan costelloe <[EMAIL PROTECTED]> wrote: > > Many thanks for your suggestions Sean. > I will give them a try. > > Regards, > dan > > > > >

Re: Signature validation problem - C14N transform returns null

Sathis, I think that particular code is correct, it is strange because the api, that the transformation and the c14n is using looks like a pipeline one, but after profiling it I change it to a visitor one, the problem is that in some parts of the code there are some users as pipeline that is why I

Re: Signature verification issue

es? > > > Edward Thompson > > (704) 383-9933 > 401 South Tryon Street > Three Wachovia Center, Sixth floor > Charlotte, NC 28202 > > Authentication & Entitlements > > > > "Raul Benito" <[EMAIL PROTECTED]> > Sent by: [EMAIL PROTECTED] >

Re: Signature verification issue

> .compile("//saml:Assertion/ds:Signature"); > > Element sigElement = null; > > sigElement = (Element) expr.evaluate(doc2, > XPathConstants.NODE); > > XMLSignature signature = null; > >

Re: Signature verification issue

You have to serialize the signature and deserialize it sadly the internal structures doesn't manage signing and verifying and the same time. On Mon, Aug 4, 2008 at 1:42 PM, <[EMAIL PROTECTED]> wrote: > > I am trying to create, then verify a signature, without much success. I > assume something I

Re: dansh...@gmail.com

Can you paste the output of ant and send to the list? Regards, Raul On Tue, Jul 15, 2008 at 10:52 AM, Daniil Shved <[EMAIL PROTECTED]> wrote: > > xml security 1.4.2 fails the unit tests > > Hello. I've downloaded the xml-security-1.4.2 binary package and tried to > run the unit tests. I have a j

Re: Java XMLSec 1.4.2 Release

I took the last one. But also we need to define the way of selecting the behavior. I suppose that in the config.xml will be good. Anyway even without this thing we can cut 1.4.2 On Wed, Mar 12, 2008 at 7:30 AM, Vishal Mahajan <[EMAIL PROTECTED]> wrote: > Regarding 40897 (String comparisons using

Re: svn down?

It is working here! On Jan 15, 2008 7:59 AM, Davanum Srinivas <[EMAIL PROTECTED]> wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Did you try from a browser? i can get to it just fine. > > - -- dims > > > Sean Mullan wrote: > | Has anyone been able to access the svn repository in the

Re: Changes in ElementProxy

lso be required, without > which my tests fail. I am doing some more testing and will let you know > if I find anything more. > > Thanks! > Vishal > > > on 1/2/2008 3:15 AM Raul Benito wrote: > > > Hello everybody and happy 2008, > > I wish that this new year I

Re: Changes in ElementProxy

so far can only change by changing the code. I will submit latter the change to do it by Init means() On Jan 3, 2008 8:24 AM, Sean Mullan <[EMAIL PROTECTED]> wrote: > > Raul Benito wrote: > > Hello everybody and happy 2008, > > I wish that this new year I can give mo

Changes in ElementProxy

Hello everybody and happy 2008, I wish that this new year I can give more love to the Santuario project. There are a lot of plans and a lack of time, let see what happens... In the meantime and for warming up I have do some refactoring of ElementProxy to implement the fix for bug before http://iss

Re: Benchmarks?

On anything else, I probably wouldn't > care, but this is sort of critical. > > -Jason > > > > > > On Sep 27, 2007 1:59 PM, Raul Benito <[EMAIL PROTECTED]> wrote: > > Hi Jason, > > I understand your concerns, and I think you are right stating t

Re: Is there a difference in memory usage between Apache-Java-XmlSecurity and Apache-C++-XmlSecurity?

Hi Andre, Your memory problems are DOM realated the XML-SEC library only needs 10MB to verify any document. So in order to improve it you must look using the expermiental STAX implementation or the SAX one. Regards, Raul p.s. I haven't take a deep look to the encrypt/decrypting part so perahps

Re: Benchmarks?

ed to discover that you're actually getting > worse performance than BufferedOutputStream, having hurt your > performance by bifurcating the code paths that Hotspot has to > investigate. Only under JDK 1.4 does this code still genuinely > accomplish something, and I'm n

Re: Bug 40819

100% agree with scott. public String *getLocalName*() Returns the local part of the qualified name of this node. For nodes of any type other than ELEMENT_NODE and ATTRIBUTE_NODE and nodes created with a DOM Level 1 method, such as cr

Re: [Fwd: [VOTE] Put Apache Juice into dormant status]

On 7/16/07, Scott Cantor <[EMAIL PROTECTED]> wrote: > Juice uses openSSL as its engine, this provides a 3-6 time > improvement when compared to BouncyCastle. It is a matter of opinion whether that is enough to bother. As a participant in the project that gave birth to that code, it wasn't enoug

Re: [Fwd: [VOTE] Put Apache Juice into dormant status]

In an ideal world I would love develop Juice. Sadly in the real world I don't have even time for xmlsec (and there are a lot things that we can improve the speed of it). So I'm not going to vote as I cannot put any support on it. I think it is a nice addition. And I can contribute a patch or two,

Re: JavaDocs are missing from the site

Good question, I should investigate how they are update. Regards, Raul On 7/12/07, Sean Mullan <[EMAIL PROTECTED]> wrote: You're right, http://xml.apache.org/security/Java/api/index.html is broken. Raul, do you know why the javadocs are not there? --Sean Maximilian Hütter wrote: > Hi all,

Re: Signature verification fails due to Java object reference mismatch in ElementProxy#guaranteeThatElementInCorrectSpace()

Hi Ruchith, What XML parser are you using? All common XML parsers intern the namespaces. Anyway I'm working in plug-able corrects in order to change this behavior even disable it. Regards, On 7/15/07, Ruchith Fernando <[EMAIL PROTECTED]> wrote: Hi Devs, ElementProxy#guaranteeThatElementInCorr

Re: SignatureAlgorithm problem with initSign and initVerify methods (xmlsec-1.4.1)

Hi Kevin, It seems a bug, can you write a test case that shows the same problem? and attached it to a bugzilla entry Regards, Raul On 6/12/07, Kevin Troy <[EMAIL PROTECTED]> wrote: Hi, We're migrating a working web application from Java 1.4.2 to Java 1.5. Our 1.4.2 application used xmlsec-1.2

Re: XPointer ResourceResolver support

Please do it. We need to think how to handle compilation in older versions of java, but I think is a great feature. Regards, On 6/6/07, Wolfgang Glas <[EMAIL PROTECTED]> wrote: Brent Putman schrieb: > One of our OpenSAML users was inquiring about support for verifying > signatures with XPoint

Re: Signature and children - redundant namespace declarations

Can you post an example of the behaviour (a code and an output)? On 5/29/07, Brent Putman <[EMAIL PROTECTED]> wrote: When I generate a signature using XMLSignature, the library is redundantly adding the signature namespace declaration on every child element of the ds:Signature element. Is there

Re: Signature and children - redundant namespace declarations

Hi all, First of all sorry for the delay, Regarding the circumventBug2560 should only be invoked when there is an xpath transformation and the transformation contains the word nodespace. In theory the only need to do this when the xpath use the nodespace axis, but this approximation is good enough

Re: c14n test vectors

edInfo subtree. Thanks in advanced, Marcelo. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raul Benito Sent: Tuesday, May 29, 2007 05:07 To: security-dev@xml.apache.org Subject: Re: c14n test vectors Hi Marcelo, It is strange, I think that Merlin

Re: c14n test vectors

Hi Marcelo, It is strange, I think that Merlin interop test is our unittest suite. Can you send the differences? Regards, Raul On 5/28/07, Da Cruz Pinto, Juan M <[EMAIL PROTECTED]> wrote: Hi Everybody, Are there any unit tests in the code to test c14n interoperability? I've been tryi

Re: [VOTE] 1.4.1 Release

Raise a enhancement bug into http://issues.apache.org, And we can consider it. Regards, Raul On 4/25/07, Wolfgang Glas <[EMAIL PROTECTED]> wrote: Raul Benito wrote: > I haven't recived any bad thing about 1.4.1 releas (ok, I have only receive > only one ok but that is enoug

[VOTE] 1.4.1 Release

I haven't recived any bad thing about 1.4.1 releas (ok, I have only receive only one ok but that is enought) What do you think of changing the name of 1.4.1Beta1 into 1.4.1 release? [ ] +1 We have all the test we need [ ] 0 Perhaps we should wait for more people say ok [ ] -1 Regards, Raul -

Re: New Committer

Welcome Scott!!! On 4/16/07, Berin Lautenbach <[EMAIL PROTECTED]> wrote: Hi all, I am pleased to announce that Scott Cantor will be joining us as a committer on the xml-security library, with a focus on the C++ code. Scott has been active on the mailing list for a number of years, providing a

Re: 1.4.1Beta1 Release

egards. Yvan Hess -- *From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] *On Behalf Of *Raul Benito *Sent:* vendredi, 6. avril 2007 11:56 *To:* security-dev@xml.apache.org *Subject:* 1.4.1Beta1 Release I have tag and upload a beta for the 1.4.1 java release. Please downlo

Re: 1.4.1Beta1 Release

thread for quick reference. It'll be great if we can get this resolve for 1.4.1. Let me know what you think. Thanks, Vishal Raul Benito wrote: I have tag and upload a beta for the 1.4.1 java release. Please download and see if all the bugs reported are fixed. http://people.apache.org/~raul/d

Re: Benchmarks?

There is no such thing as xml security benchmark, I try to do one myself several time, but the lack of time always made me postpone. In order to test my changes I use a slightly modified copy of the old xmlbench, it only tests inclusive-c14n and enveloping signatures. But it works for seeing what

1.4.1Beta1 Release

I have tag and upload a beta for the 1.4.1 java release. Please download and see if all the bugs reported are fixed. http://people.apache.org/~raul/dist/xmlsec-1.4.1Beta1.jar Regards, Raul -- http://r-bg.com

Re: What is XMLUtils::addReturnToElement for?

I think, you can change the code as much as you want. But there is some feature to make this return optionals. The only place where the standard force it are in the Base64 representation of the digest and signature value, that must be split at 80 chars (apache xmlsec does not have any problem with

Re: What is XMLUtils::addReturnToElement for?

Hi Mike, With your notation I think you are referring to C++ version. Don't you? On 4/4/07, Michael McIntosh <[EMAIL PROTECTED]> wrote: I know what XMLUtils::addReturnToElement does, by why do it? I acknowledge that adding the occasional line to an XML document makes it more readable in certain

Re: Verifying Signature

I think you should add envelope-signature transformation to the signature, it should help you, On 3/27/07, Phillip Duba <[EMAIL PROTECTED]> wrote: I'm hoping this is the right list to be emailing this question to. I created a function to do verification of a SAML Assertion, well at least the d

1.4.1 Release planning

Hi all, I have open a bug entry for tracing 1.4.1 bugs, my plan is to call for beta on Friday next week. What do you think? So please test 1.4 as hard you can and write bugs for it. Regards, Raul -- http://r-bg.com

Re: Microsoft Office12 Postmark will not verify

Any fail of a reference or the Signedinfo is a failure. In the real world it will means that somebody has tampered the signature to fix a tampered referenced. Or somebody has just tampered the referenced and has been lazy to update the signature. But in the developing world use to means wrong tran

Re: Signed document can be corrupted in certain circumstances

test cases before you plan to release a new version to get a second feekback concerning the strongness of the library: 4 eyes is better than 2 eyes :-) > > Regards. Yvan > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raul Benito > Sent: mar

Re: Microsoft Office12 Postmark will not verify

Hi Jean-Luc, I will try to take a look to the issue, but can you send us the document and the code you are using? And thanks for telling. Regards, Raul, On 2/26/07, Jean-Luc Cooke <[EMAIL PROTECTED]> wrote: To help things along, Here's the output from Aleksey's tool. Notice how it verif

bugfix release of java xml-sec?

Hi All, First of sorry for being so silent all this time, but I have change country and jobs and it seems that avoiding sleep in the street took too many time ;) Regarding the 1.4.0 release, it seems that several very nasty bugs have pass our beta/rc testing (well, people seems not to worry with

Re: Converting xmlsec command line utility to Java

Sorry, We have never written anything with pem files in java, we always use keystore files. If you do something feel free to send in the mailling list I think people will appreciate it. Regards On 2/7/07, Milan Zdimal <[EMAIL PROTECTED]> wrote: Hello, I am looking for an example of how to

Re: Signed document can be corrupted in certain circumstances

Hi Hess, It is my fault, we have a "critic" bug http://issues.apache.org/bugzilla/show_bug.cgi?id=41462 , the problem is that I was thinking in 8bits instead of 32bits. now it is quite fixed in head but we are having a problem with some part of unicode. I think I will do a 1.4.1 with this bug and

Re: signature elements indent

>> > 60NvZvtdTB+7UnlLp/H24p7h4bs= >> > >> > >> > >> > KTe1H5Hjp8hwahNFoUqHDuPJNNqhS1U3BBBH5/gByItNIwV18nMiLq4KunzFnOqD >> > xzTuO0/T+wsoYC1xOEuCDxyIujNCaJfLh+rCi5THulnc8KSHHEoPQ+7fA1VjmO31 >> > 2iw1iENOi7m

Re: signature elements indent

Hola Jorge, Sorry no luck, If you change the signature it will be void. No matter what books have told, spaces are an important part of the XML. And it means a lot. You cannot change it without changing the signature. Regards, Raul On 12 Feb 2007 12:00:20 +0100, Jorge Martín Cuervo < [EMAIL PR

Re: Apache XML Security Encoding problem in encrypting/decrypting XML

Please check with the old 1.3 if you still got the problem. On 1/30/07, mathew_pl <[EMAIL PROTECTED]> wrote: Hi Matthew, Also can you tell us which version of xml-sec are you using? Thanks a lot for your answers. I'm using 1.4.Beta0.jar but I've also tried with new, stable 1.4.0 version down

Re: Apache XML Security Encoding problem in encrypting/decrypting XML

Hi Matthew, Also can you tell us which version of xml-sec are you using? Thanls On 1/30/07, Bradley Beddoes <[EMAIL PROTECTED]> wrote: Hi Matthew, This may be relevant it will depend on your setup but because your on a Windows platform I would start by checking that you actually do have the int

Re: Q: Status of JAVA Library XMLSec-1.XX.jar

Hi Thomas The 1.4 is frozen, labeled, and released. We are having problem updating the web page. In case that something weirds happens (big bug or whatever) we will just create a new 1.4.1 version. Sorry for the annoyances Regard, Raul On 1/19/07, Vogler, Thomas <[EMAIL PROTECTED]> wrote: Hi

Re: [Fwd: RE: Last Call for C14N 1.1 (and updated WG notes)]

I haven't but it looks intersting. Not too many changes: 1.-Changes in xml: handling, increase the complexity to decide if the attribute is single inheritance or otherwise. 2.-Changes in xmlns: sorting now is sort on prefix name instead of uri. But the other attributes are still sorted with th

Re: Basic hash value question

Hi Ulrich, It seems to me that you need enveloped transformation. Can you post how you do signing? Regards, On 12/6/06, Ulrich Ackermann <[EMAIL PROTECTED]> wrote: Hello Dominik, If I take your Base64 encoded SHA-1 hash value and make a hex string out of it, I get exactly what you stated as yo

RESULT: Apache XML Security Java Library 1.4 Release

upload the jars. Regards, Raul On 11/22/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote: Hi Raul, Any idea on the date of the release? From the Axis2/Rampart/WSS4J front we are happy with the SVN head and we are planning to release WSS4J and Rampart with xml-sec-1.4. Thanks, Ruchith On 11/13

VOTE: Apache XML Security Java Library 1.4 Release

Do you think that the SVN head of java is in shape for doing the 1.4 release? [ ] +1 , We have delayed it too much [ ] 0 , We should do, but I'm not very confident. [ ] -1, It fails (...) -- http://r-bg.com

Re: PATCH: String Comparison in ElementProxy

tually we decide to change the comparisons to use String.equals() I could give you the list of all relevant occurrences in the code. Thanks, Vishal Raul Benito wrote: > Hi Sean, > > The penalty hit is taken when the strings are not equal, sadly of the > same length. > And have a

Re: Cannot sign-verify twice in the same thread with different XMLSignature instances

On 11/5/06, Ruchith Fernando <[EMAIL PROTECTED]> wrote: Hi Raul, On 11/5/06, Raul Benito <[EMAIL PROTECTED]> wrote: > You Wss4j guy always using untested XMLSignature constructors!!! ;) > Just joking. You hit again another XMLSignature constructor that there > is no un

Re: Cannot sign-verify twice in the same thread with different XMLSignature instances

within the xml-security project. The exception stack trace is here : http://rafb.net/paste/results/QSCZ1587.html Thanks, Ruchith On 11/3/06, Raul Benito <[EMAIL PROTECTED]> wrote: > Can you also post the exception backtrace? > Regards, > > On 11/3/06, Raul Benito <[EMAI

Re: Cannot sign-verify twice in the same thread with different XMLSignature instances

Can you also post the exception backtrace? Regards, On 11/3/06, Raul Benito <[EMAIL PROTECTED]> wrote: Hi Ruchith, It is not feasible for me to checkout the whole wss4j in order to see the problem. Did the problem arise when you do something like this? PrivateKey xk; Public

Re: Cannot sign-verify twice in the same thread with different XMLSignature instances

ar in the lib dir with the latest. Thanks, Ruchith [1] http://issues.apache.org/bugzilla/show_bug.cgi?id=40880 [2] https://svn.apache.org/repos/asf/webservices/wss4j/trunk On 11/3/06, Raul Benito <[EMAIL PROTECTED]> wrote: > Hi Ruchith, > > It looks strange to me, because all the jun

Re: Cannot sign-verify twice in the same thread with different XMLSignature instances

Hi Ruchith, It looks strange to me, because all the junits that we pass do in essence what are you describing(several verifying in one thread). But on the other hand your explanation looks sound. What version of xmlsec are you using? Can you post a simple test case that triggers this error? Rega

Re: svn commit: r470407 - /xml/security/trunk/src/org/apache/xml/security/encryption/XMLCipher.java

not kosher to do that :( Please help! -- dims On 11/2/06, Raul Benito <[EMAIL PROTECTED]> wrote: > Hi Dim, > The change seem small and it seems a good feature. > The problem is that 1.4 release is being delayed a lot(And sadly > mainly because of my fault). So I must agree wit

Re: svn commit: r470407 - /xml/security/trunk/src/org/apache/xml/security/encryption/XMLCipher.java

Hi Dim, The change seem small and it seems a good feature. The problem is that 1.4 release is being delayed a lot(And sadly mainly because of my fault). So I must agree with Sean that perhaps is better to postpone it till 1.4 release. Do you think of any other solution? or perhaps we should quick

apache java xml sec library release 1.4RC3 jar has been uploaded.

Hi I've uploaded a new jar of the 1.4RC3 to http://people.apache.org/~raul/dist/xmlsec-1.4.RC3.jar . Please download and test it. I hope this is the last RC and we can make a final release soon. Thanks to all the guys testing it. Raul Changelog: New in 1.4RC3 Fixed bug 40796

Re: XADES

After a quick browse of the Spec, it seems to me that is easy to implement all the standard above the library. But currently there are no plan to implement it that I'm aware of. Anyway we are more than glad to accept any contributions regarding this spec ;) Regards, On 10/30/06, Marcin Cinik <[

Re: DO NOT REPLY [Bug 40796] - KeyResolverSpi derived classes require default constructor

apache bugzilla is not working. But this bug is fixed in SVN head I will cut a new RC tonight. Let's hope it's last. Regards, On 10/19/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote: DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT

apache java xmlsec 1.4RC2a release

I've just tag & upload a new release candidate of apache java xmlsec library. This version is very likely to be rename to 1.4 in a week if no bugs are found. You can download it here: http://people.apache.org/~raul/dist/xmlsec-1.4.RC2a.jar The changes from last announced version are: New in 1.4R

Re: PATCH: String Comparison in ElementProxy

d and there's a potential risk of running out of >> memory. Also you mention that xerces might be interning namespace >> stings but looking at their code I was unable to find that. Can you >> point me to the relevant piece of code? >> >> Thanks, >> >> V

Re: PATCH: String Comparison in ElementProxy

otential risk of running out of > memory. Also you mention that xerces might be interning namespace > stings but looking at their code I was unable to find that. Can you > point me to the relevant piece of code? > > Thanks, > > Vishal > > Raul Benito wrote: >> Vishal th

Re: Compile Error Fix

Done thanks for the patch. Regarding your svn karma, can you still login to people.apache.org? On 10/2/06, Raul Benito <[EMAIL PROTECTED]> wrote: Thanks Vishal, I will apply this patch ASAP. On 10/2/06, Vishal Mahajan <[EMAIL PROTECTED]> wrote: > I am compiling wi

Re: PATCH: String Comparison in ElementProxy

to be something like this. In any case, I think we should keep string comparison safe. Vishal Raul Benito wrote: > Hi Vishal, > > The namespaces strings are intern, at least in xerces. > > Can you post the code that is failing? > > On 10/2/06, Vishal Mahajan <[EMAIL PROTECTED]&g

Re: Compile Error Fix

Thanks Vishal, I will apply this patch ASAP. On 10/2/06, Vishal Mahajan <[EMAIL PROTECTED]> wrote: I am compiling with 1.4. I think String.contains() was introduced only in 1.5. Vishal Raul Benito wrote: > Hi Vishal, > Nice to see you again. We need to take a look to your karma.

Re: Compile Error Fix

Hi Vishal, Nice to see you again. We need to take a look to your karma. Regarding this problem are you compiling with 1.3? Regards, On 10/2/06, Vishal Mahajan <[EMAIL PROTECTED]> wrote: I don't seem to have the commit access in svn, and it has been long period of inactivity on the list for me.

Re: PATCH: String Comparison in ElementProxy

Hi Vishal, The namespaces strings are intern, at least in xerces. Can you post the code that is failing? On 10/2/06, Vishal Mahajan <[EMAIL PROTECTED]> wrote: This problem was not allowing successful creation of signature space elements. Fix attached. Vishal Index: ElementProxy.java ==

Re: Problem: Validating signature with default namespace

This should go to the FAQ. Q: My Signature/C14n don't validate, please HELP!!! A: This can happen for several reasons. But check: 1. is the DocumentBuilder namespace aware? (Check if it the method setNamespaceAware(true) has been called before newDocumentBuilder() used to parse or create the docu

Apache java xmlsec 1.4RC1 released

I have just upload a new release candidate for the java library. You can find it here: http://people.apache.org/~raul/dist/xmlsec-1.4.RC1.jar The changelog are only bugfixes(see bugzilla for more info): New in 1.4RC1 Fixed bug 40290. Fixed bug 40298. Fixed bug 40360. Chang

VOTE: Apache xmlsec 1.4RC1 tonight?

I think we have enough bug fixes to do a RC tonight, what do you think? [ ] +1 [ ] 0 [ ] -1 -- http://r-bg.com

Re: Aleksey's xmlsec

Hi Jean-Luc, I have only used the Aleksey library within xmlbench (http://xmlbench.sourceforge.net/) benchmark. And only for compare the two libraries. But regarding speed I think that the apache library is faster in long running jobs where the jre JIT can kick in. Anyway if you do any compariso

Re: SOAP Header is not available for the messages created in Tomcat 5.5.17

Hi Nilantha, I think you have choose the wrong mail list for this question. Axis issues are discussed in its own list. Please forward this post to it. Regards, On 8/29/06, Nilantha Jayalath <[EMAIL PROTECTED]> wrote: Hi, I have axis.jar (1.2.1) and saaj-impl.jar(1.3) in a same web applica

Re: dumping the canonical form of a Reference to a log or stdout

one please be so kind and help me with that? Thank you in advance, Markus. -- [1] http://xml.apache.org/security/dist/java-library/ Raul Benito schrieb: > Hi Markus, > > The output from the server side is correct. In the client, What > version of xmlsec are you using?. Are you cre

Re: dumping the canonical form of a Reference to a log or stdout

Hi Markus, The output from the server side is correct. In the client, What version of xmlsec are you using?. Are you creating the org.w3c.Document namespace aware? Regards, Raul On 9/2/06, Markus Werner <[EMAIL PROTECTED]> wrote: Hi Sean, The server processes exactly the same message, since

Re: AxisSigner.java Sample doesn't work

let me get the Samples working first. ;) > > JLC > > On Wed, Aug 30, 2006 at 11:29:22AM +0200, Raul Benito wrote: > > http://issues.apache.org/bugzilla/buglist.cgi?product=Security > > > > You are right regarding the web page. It needs some loving, any takers?.

Re: AxisSigner.java Sample doesn't work

Using the search tool doesn't help either. Where do I find it? It would be nice to have a link from the http://xml.apache.org/security/contrib.html page. JLC On Tue, Aug 29, 2006 at 04:44:23PM +0200, Raul Benito wrote: > Thanks, > It seems a problem can you create a bug report in bugz

Re: AxisSigner.java Sample doesn't work

Thanks, It seems a problem can you create a bug report in bugzilla. Regards, Raul On 8/29/06, Jean-Luc Cooke <[EMAIL PROTECTED]> wrote: Team, I've downloaded the 1.3.0 binary package and I'm having trouble runnin the samples. Am I missing somethingi really obvious here? I can't find any ref

Re: .Net interop problem

Well reading the c14n specs in the chapter 1.1 says something regarding this(see second point below). I think that apache we honour the point(I will look for a example when I arrive home). So I think that .NET is having some problems with CR/LF issues. Anyway if we can help you more don't hesitate

xmlsec-1.4beta2 released

I have just tagged compiled & upload a new jar of the xmlsec-1.4.Beta2. The download url: http://people.apache.org/~raul/dist/xmlsec-1.4.Beta2.jar This release contains new functionality, bugfixes & optimizations (some really important). From now on, only bugfixes. Please donwload and test it.

what about 1.4beta2 tonight?

I'm going to cut the 14beta2 tonight(GMT time). So if you have anything you want to be in the beta. do the commit as soon as possible. Regards, Raul -- http://r-bg.com

Request for comments: Handling of X509Data with X509Certifcate

Hi I have detect a problem with the way that handles X509Data KeyInfo subelement in the java library. Right now there is no way of resolving a X509Data with a X509Certiificate inside. I have patch the library so the X509CertificateResolver can handle also X509Data with certificate. But now there

Re: Version 1.4 doesn't sign XML document correctly

is can help you to check if the signed XML documents are valid or not according an other toolkit. Regards. Yvan Hess -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raul Benito Sent: mercredi, 9. août 2006 20:44 To: security-dev@xml.apache.org Subje

Re: Version 1.4 doesn't sign XML document correctly

Moreover, I think it will be great to add a regression test as I have. Document signed with version 1.3 must be valid with higher version. Regards. Yvan Hess -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raul Benito Sent: mercredi, 9. août 2006 12:02 T

Re: Version 1.4 doesn't sign XML document correctly

and I will give you a feedback. Regards. Yvan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raul Benito Sent: lundi, 7. août 2006 18:41 To: security-dev@xml.apache.org Subject: Re: Version 1.4 doesn't sign XML document correctly Then it is a

Re: Version 1.4 doesn't sign XML document correctly

sig-filter2";> pointing into a element of my XML document that doesn't include the signature itself. As I said, it was working like that prior to version 1.4. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Raul Benito Sent: lundi, 7. août 200

  1   2   3   >