OK - first up I'm not an expert on the Java library, more on the C++
library.
The two examples you sent through are completely separate - one is for
sig and one encryption. So my guess is that in your situation you could
set the namespace prefix to "" for the dsig namespace when you are doing
a signature and to "" for the xenc namespace when you are doing
encryption. I.e. do one or the other - not both. If you need to do
both encryption and signature in one document, I'm not sure whether the
library will let you do that easily. I know you can't have both
namespaces as the default, but maybe you can switch between each other
as the default depending on what you are trying to do.
Hopefully someone else can comment in that case.
As a side note - namespace support is mandatory according to the spec.
What is optional is the use of "dsig" as the namespace prefix. So in
reality a compliant implementation needs to support the use of a prefix
for the signature and encryption namespaces.
Cheers,
Berin
Eric Tournier wrote:
Hi Berin :)
I hope your baby goes well and let you sleep :)
Was the previously posted XML useful ? I checked the W3 XMLEnc and XMLDSig
references and found that thes two namespaces were optional (§1.3), so could
you help me to configure XMLSecurity classe to produce signed XML without ds:
then produce with this doc a encrypted XML without xenc: ?
Thanks in advance
Eric
-----Message d'origine-----
De : Berin Lautenbach [mailto:[EMAIL PROTECTED]
Envoyé : mercredi 18 avril 2007 14:05
À : security-dev@xml.apache.org
Objet : Re: Namespaces
Can you post a signature from the implementation you use to
see what it looks like?
Cheers,
Berin
Eric Tournier wrote:
Hi Berin :)
I'm using a home-made XML Encryption implementation but
unfortunately I'm not the developer of it. This
implementation does not support ds: and xenc: prefixes, so I
try not to have them. In order to test interoperability of it
with well-known API, I'm trying to encrypt a XML document
with XML Security and decrypt the result with my
implementation, and vice-versa.
My intent is not to have two different namespaces as the
default namespace for the Signature element, but trying not
to have any of the ds: and xenc: prefix into the final
encrypted then signed XML document : element <Signature
instead of <ds:Signature and <CipherValue instead of
<xenc:CipherValue.
Thanks for your help
Eric
-----Message d'origine-----
De : Berin Lautenbach [mailto:[EMAIL PROTECTED] Envoyé :
mercredi 18 avril 2007 11:36 À :
security-dev@xml.apache.org Objet :
Re: Namespaces
As far as I can see - effectively your trying to have two
different
namespaces as the default namespace for the Signature
element. Which
can't really be done. Or am I misreading your intent?
Why do you not want the namespaces? Both specs exist inside a
specific namespace, so you can't not use them.
Cheers,
Berin
Eric Tournier wrote:
Hi :)
I wish to encrypt then sign a XML document without the
'ds;' and
'xenc:' namespaces. Unfortunately, I can only suppress on
of these
namespaces :| The following code throws
XmlSecurityException always on
the second line independent from its nature
(EncryptionConstants.setEncryptionSpecNSprefixor or
Constants.setSignatureSpecNSprefix) :
(...)
static
{
org.apache.xml.security.Init.init();
JCA.setProvider();
}
public XMLSecurityResource() throws XMLSecurityException
{
// Suppression du namespace 'xenc:'
EncryptionConstants.setEncryptionSpecNSprefix("");
// Suppression du namespace 'ds:'
Constants.setSignatureSpecNSprefix("");
}
(...)
Could someone tell me how to resolve this ?
Thanks
Eric
Eric TOURNIER
Ingénieur concepteur objet senior - Expertise technique
Java/J2EE/XML/AOP - Spring/Hibernate/Maven
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
STERIA
Département Banque, Assurance et Finance 46, rue Camille
Desmoulins -
92782 Issy-Les-Moulineaux Cedex 9 Tél : 01 53 94 22 94 -
Mob : 06 17
98 32 51 [EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
//
