Since you are canonicalizing XPath node-sets, try calling
XMLUtils.circumventBug2650(Document) before you canonicalize to work
around a bug in Xalan. See my other email for details.
--Sean
Da Cruz Pinto, Juan M wrote:
Raul,
Thanks for your answer!
I've been looking at the code of that class, and I noticed that a
signature verification is done, and then the c14n parts are extracted
from the XMLSignature object, using something similar to
signature.getSignedInfo().item(i).getContentsAfterTransformation().getBy
tes().
What I'm trying to do is to perform plain c14n with out the signature
verification, so I created a command line that allows you to
canonicalize an XML document, and with filtering capabilities: you can
use an XPath expression to select an XPath-node set
(canonicalizeXPathNodeSet method[1]) or to select a node for doing
subtree c14n (canonicalizeSubtree method[2]). In the case of the Y4 test
verctors, [1] is useful for c14ning each of the SignedInfo references,
and [2] is useful for c14ning the SignedInfo element (the entire
subtree) itself.
With this approach, I was hopping to get the same results, just by using
the 9 XPath expressions inside "Signature.xml", each of them with the
three combinations of algorithms: inclusive, exclusive, and exclusive
with "#default" in the inlcusive namespace prefix list.
I must be doing something wrong when I filter with the xpath expressions
(only when using "canonicalizeXpathNodeSet", because subtree c14n is
working just fine for me), but don't now what yet...
Thanks for your time!
Marcelo.
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf Of Raul Benito
Sent: Tuesday, May 29, 2007 10:38
To: security-dev@xml.apache.org
Subject: Re: c14n test vectors
We have this test vector in our test suite. And they are passing, can
you look at this data:
xml-se/data/interop/c14n/Y4
And the test code
xml-sec/src_unitTests/org/apache/xml/security/test/c14n/implementations/
ExclusiveC14NInterop.java
Regards,
Raul
On 5/29/07, Da Cruz Pinto, Juan M <[EMAIL PROTECTED]>
wrote:
Hi Raul,
I'm attaching the files which where different in my case (for
merlin-c14n-three). Again, I'm still trying to figure out what I did
wrong, but the steps I did where quite simple.
I'm also attaching a file called "xpaths01.txt" which holds the XPath
expressions used to filter the XML content. Each of the 9 XPath
expressions is used for the tests from 00 to 26 (they repeat for
inclusive, exclusive & exclusive with inclusive prefix list... which
are
the first 27 tests). The last test (c14n-27.txt) just canonicalizes
the
entire SignedInfo subtree.
Thanks in advanced,
Marcelo.
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]
On Behalf Of Raul Benito
Sent: Tuesday, May 29, 2007 05:07
To: security-dev@xml.apache.org
Subject: Re: c14n test vectors
Hi Marcelo,
It is strange, I think that Merlin interop test is our unittest suite.
Can you send the differences?
Regards,
Raul
On 5/28/07, Da Cruz Pinto, Juan M <[EMAIL PROTECTED]>
wrote:
Hi Everybody,
Are there any unit tests in the code to test c14n interoperability?
I've
been trying to test the "merlin-c14n-three" test vectors, but some
of
the
tests inside it are failing.
My environment:
- XML Security 1.4.1 library
- Using XMLUtils.circumventBug2650(document) to spread
namespaces
declaration.
- Using XMLUtils.createDSctx(...) to create a namespace
context.
- Using XPathAPI.selectNodeList(document, xpath, nsc) to
select the
XPath node-set.
- Using
Canonicalizer.canonicalizeXPathNodeSet(NodeList) to
canonicalize the XPath node-set.
The tests (of merlin-c14n-three) that are failing are 03, 10, 18 &
19.
I'm
quite sure I'm doing something wrong... but don't now what.
Thanks in advanced!
Marcelo.
--
http://r-bg.com
