DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=41462>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=41462 Summary: Xml canonization - UTF-8 encoding issue in Xml security 1.4.0 Product: Security Version: unspecified Platform: PC OS/Version: Windows XP Status: NEW Severity: critical Priority: P1 Component: Canonicalization AssignedTo: security-dev@xml.apache.org ReportedBy: [EMAIL PROTECTED] Overview Description: Implementation of c14n canonization method generates wrong canonical form of Xml document with latin characters. Steps to Reproduce: Generate canonical form of Xml document witch contains latin characters using Canonicalizer20010315OmitComments class and compare it with canonical form generated with Stylus Studio 2007 or Microsoft.NET 2.0. Actual Results: Canonicalizer20010315OmitComments class generates canonical form of Xml document with latin characters encoded in a wrong way. The problem is caused by wrong recognition if character is represented with one or many bytes in file "CanonicalizerBase.java" in method static final void outputTextToWriter(final String text, final OutputStream writer) in line 829 ("if ((c & 0x80) ==0)") Example: let c = 0x15B //(int)c gives 347, a character 'ś' c & 0x80 == 0 is true so c is written to OutputStream as single byte 0x5B - '[' character (line 830). As a result canonical form of input Xml document is generated in a wrong way. Wrong canonical form causes interoperability problems in verifying digital signature of files generated with libraries of other vendors. Expected Results: Xml security libraries for Apache should generate correct canonical form of Xml documents which contains latin characters. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
