Raul Benito <raul <at> apache.org> writes:
>
> It seems really weird to me
> the correct one mast be with xmlns=""
> <SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#";>
> <CanonicalizationMethod xmlns=""
>
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></CanonicalizationMethod>
>
> But this case is really tested and stressed in real life.
> Can you post the code(it is a bonus if it can compile cut'n'pasting
> it), to dignase it further?
>
> Regards
>
package org.apache.xml.security.samples.canonicalization;
import java.io.ByteArrayInputStream;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
import org.apache.xpath.XPathAPI;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
/**
*
* @author Christian Geuer-Pollmann
*/
public class CanonSubTree {
//J-
static String input = ""
+ "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+ "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\";>\n"
+ " <SignedInfo><!-- comment inside -->\n"
+ " <CanonicalizationMethod xmlns=\"\"
Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"; />\n"
+ " <SignatureMethod
Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"; />\n"
+ " <Reference URI=\"http://www.w3.org/TR/xml-stylesheet\";>\n"
+ " <DigestMethod
Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"; />\n"
+ " <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>\n"
+ " </Reference>\n"
+ " </SignedInfo>\n"
+ " <SignatureValue>\n"
+ " fKMmy9GYF2s8rLFrZdVugTOFuWx19ccX7jh5HqFd4vMOY7LWAj52ykjSdvtW3fNY\n"
+ " PPYGC4MFL19oPSId5GEsMtFMpGXB3XaCtoKjMCHQsN3+kom8YnGf7Ge1JNRcGty5\n"
+ " 0UsoP6Asj47+QR7QECT64uoziha4WRDVyXjDrg24W+U=\n"
+ " </SignatureValue>\n"
+ " <KeyInfo>\n"
+ " <KeyName>Lugh</KeyName>\n"
+ " </KeyInfo>\n"
+ "</Signature>\n"
;
//J+
/**
* Method main
*
* @param args
* @throws Exception
*/
public static void main(String args[]) throws Exception {
org.apache.xml.security.Init.init();
DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
dfactory.setNamespaceAware(true);
dfactory.setValidating(true);
DocumentBuilder documentBuilder = dfactory.newDocumentBuilder();
// this is to throw away all validation warnings
documentBuilder
.setErrorHandler(new org.apache.xml.security.utils
.IgnoreAllErrorHandler());
byte inputBytes[] = input.getBytes();
Document doc =
documentBuilder.parse(new ByteArrayInputStream(inputBytes));
Canonicalizer c14n =
Canonicalizer
.getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315";);
Element nscontext = XMLUtils.createDSctx(doc, "ds",
Constants.SignatureSpecNS);
Node signedInfo = XPathAPI.selectSingleNode(doc, "//ds:SignedInfo",
nscontext);
byte outputBytes[] = c14n.canonicalizeSubtree(signedInfo);
if (outputBytes != null) {
System.out.println(new String(outputBytes));
}
}
}
