Berin, Sean, Many thanks for your help and your suggestions :) It really helps me to understand my problem and the working solution is : 1- set the dsig prefix to "" and the enc prefix to "xenc" while signing ; 2- set the dsig prefix to "ds" and the enc prefix to "" while encrypting.
I know this is a workaround because I should modify my API to support namespaces :)) Eric > -----Message d'origine----- > De : [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Envoyé : mercredi 25 avril 2007 22:58 > À : security-dev@xml.apache.org > Objet : Re: Namespaces > > I assume you are using the Apache XML Security APIs and not > the standard JSR 105 API. In that case, try calling the > following static methods before you sign/encrypt your data: > > to set the dsig prefix to "": > > org.apache.xml.security.utils.Constants.setSignatureSpecNSprefix(""); > > to set the enc prefix to "": > > org.apache.xml.security.utils.ElementProxy.setPrefix(org.apach > e.xml.security.encryption.EncryptionConstants.EncryptionSpecNS, > ""); > > Let me know if that works. > > --Sean > > Berin Lautenbach wrote: > > OK - first up I'm not an expert on the Java library, more > on the C++ > > library. > > > > The two examples you sent through are completely separate - > one is for > > sig and one encryption. So my guess is that in your situation you > > could set the namespace prefix to "" for the dsig namespace > when you > > are doing a signature and to "" for the xenc namespace when you are > > doing encryption. I.e. do one or the other - not both. If > you need > > to do both encryption and signature in one document, I'm not sure > > whether the library will let you do that easily. I know you can't > > have both namespaces as the default, but maybe you can > switch between > > each other as the default depending on what you are trying to do. > > > > Hopefully someone else can comment in that case. > > > > As a side note - namespace support is mandatory according > to the spec. > > What is optional is the use of "dsig" as the namespace > prefix. So in > > reality a compliant implementation needs to support the use of a > > prefix for the signature and encryption namespaces. > > > > Cheers, > > Berin > > > > Eric Tournier wrote: > >> Hi Berin :) > >> > >> I hope your baby goes well and let you sleep :) > >> > >> Was the previously posted XML useful ? I checked the W3 > XMLEnc and > >> XMLDSig references and found that thes two namespaces were > optional > >> (§1.3), so could you help me to configure XMLSecurity classe to > >> produce signed XML without ds: then produce with this doc > a encrypted > >> XML without xenc: ? > >> > >> Thanks in advance > >> Eric > >> > >>> -----Message d'origine----- > >>> De : Berin Lautenbach [mailto:[EMAIL PROTECTED] Envoyé : > >>> mercredi 18 avril 2007 14:05 > >>> À : security-dev@xml.apache.org > >>> Objet : Re: Namespaces > >>> > >>> Can you post a signature from the implementation you use > to see what > >>> it looks like? > >>> > >>> Cheers, > >>> Berin > >>> > >>> Eric Tournier wrote: > >>>> Hi Berin :) > >>>> > >>>> I'm using a home-made XML Encryption implementation but > >>> unfortunately I'm not the developer of it. This > implementation does > >>> not support ds: and xenc: prefixes, so I try not to have them. In > >>> order to test interoperability of it with well-known API, > I'm trying > >>> to encrypt a XML document with XML Security and decrypt > the result > >>> with my implementation, and vice-versa. > >>>> My intent is not to have two different namespaces as the > >>> default namespace for the Signature element, but trying > not to have > >>> any of the ds: and xenc: prefix into the final encrypted > then signed > >>> XML document : element <Signature instead of <ds:Signature and > >>> <CipherValue instead of <xenc:CipherValue. > >>>> Thanks for your help > >>>> > >>>> Eric > >>>> > >>>>> -----Message d'origine----- > >>>>> De : Berin Lautenbach [mailto:[EMAIL PROTECTED] Envoyé : > >>>>> mercredi 18 avril 2007 11:36 À : > >>> security-dev@xml.apache.org Objet : > >>>>> Re: Namespaces > >>>>> > >>>>> As far as I can see - effectively your trying to have two > >>> different > >>>>> namespaces as the default namespace for the Signature > >>> element. Which > >>>>> can't really be done. Or am I misreading your intent? > >>>>> > >>>>> Why do you not want the namespaces? Both specs exist inside a > >>>>> specific namespace, so you can't not use them. > >>>>> > >>>>> Cheers, > >>>>> Berin > >>>>> > >>>>> Eric Tournier wrote: > >>>>>> Hi :) > >>>>>> > >>>>>> I wish to encrypt then sign a XML document without the > >>> 'ds;' and > >>>>>> 'xenc:' namespaces. Unfortunately, I can only suppress on > >>> of these > >>>>>> namespaces :| The following code throws > >>>>> XmlSecurityException always on > >>>>>> the second line independent from its nature > >>>>>> (EncryptionConstants.setEncryptionSpecNSprefixor or > >>>>>> Constants.setSignatureSpecNSprefix) : > >>>>>> (...) > >>>>>> static > >>>>>> { > >>>>>> org.apache.xml.security.Init.init(); > >>>>>> JCA.setProvider(); > >>>>>> } > >>>>>> > >>>>>> public XMLSecurityResource() throws XMLSecurityException > >>>>>> { > >>>>>> // Suppression du namespace 'xenc:' > >>>>>> EncryptionConstants.setEncryptionSpecNSprefix(""); > >>>>>> // Suppression du namespace 'ds:' > >>>>>> Constants.setSignatureSpecNSprefix(""); > >>>>>> } > >>>>>> (...) > >>>>>> > >>>>>> Could someone tell me how to resolve this ? > >>>>>> Thanks > >>>>>> Eric > >>>>>> > >>>>>> Eric TOURNIER > >>>>>> Ingénieur concepteur objet senior - Expertise technique > >>>>>> Java/J2EE/XML/AOP - Spring/Hibernate/Maven > >>>>>> ¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯ > >>>>>> STERIA > >>>>>> Département Banque, Assurance et Finance 46, rue Camille > >>>>> Desmoulins - > >>>>>> 92782 Issy-Les-Moulineaux Cedex 9 Tél : 01 53 94 22 94 - > >>>>> Mob : 06 17 > >>>>>> 98 32 51 [EMAIL PROTECTED] > >>> <mailto:[EMAIL PROTECTED]> > >>>>>> // > >>>> > >> > >> > > >
