DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38655>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=38655 ------- Additional Comments From [EMAIL PROTECTED] 2007-10-18 08:22 ------- - Environment: Java version: 1.6.0_03 (suspected on all OS, but currently tested on Windows XP) - Problem: when sign an xml document with more than one namespace, XML Signature throws an exception caused by the Canonicalizer - Reproduce: public static void main(String args[]) throws Exception { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); Document doc = dbf.newDocumentBuilder().parse( new FileInputStream(args[0])); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); DigestMethod digestMethod = fac.newDigestMethod( "http://www.w3.org/2000/09/xmldsig#sha1";, null); SignedInfo signedInfo = fac.newSignedInfo(fac.newCanonicalizationMethod ( "http://www.w3.org/TR/2001/REC-xml-c14n-20010315";, (C14NMethodParameterSpec) null), fac.newSignatureMethod ( "http://www.w3.org/2000/09/xmldsig#rsa- sha1", null), Collections.singletonList(fac.newReference("", digestMethod, null, "http://www.w3.org/2000/09/xmldsig#object";, null))); DOMSignContext signContext = new DOMSignContext( KeyPairGenerator.getInstance("RSA").generateKeyPair().getPrivate(), doc .getDocumentElement()); fac.newXMLSignature(signedInfo, null).sign(signContext); } With XML input: <?xml version="1.0"?> <wiki xmlns:generated-command="http://foo.com/command"; xmlns:generated-event="http://foo.com/event"; xmlns:command="http://foo.com/command"; xmlns:ui="http://foo.com/ui"; xmlns:event="http://foo.com/event"; xmlns:instruction="http://foo/instruction"; xmlns:directory="http://foo.com/io/directory"; xmlns:function="http://foo.com/function"; xmlns="http://www.w3.org/1999/xhtml"; xmlns:ctrl="http://foo.com/controls"; xmlns:wiki="http://foo.com/samples/wiki";> <wiki:content> <wiki:paragraph /> </wiki:content> </wiki> - Result: Exception in thread "main" javax.xml.crypto.dsig.XMLSignatureException: java.lang.ArrayIndexOutOfBoundsException: 23 at org.jcp.xml.dsig.internal.dom.DOMReference.transform(Unknown Source) at org.jcp.xml.dsig.internal.dom.DOMReference.digest(Unknown Source) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReference (Unknown Source) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(Unknown Source) at CanonicalizerTest.main(CanonicalizerTest.java:32) Caused by: java.lang.ArrayIndexOutOfBoundsException: 23 at com.sun.org.apache.xml.internal.security.c14n.implementations.SymbMap.index (Unknown Source) at com.sun.org.apache.xml.internal.security.c14n.implementations.SymbMap.get (Unknown Source) at com.sun.org.apache.xml.internal.security.c14n.implementations.NameSpaceSymbTabl e.addMappingAndRender(Unknown Source) at com.sun.org.apache.xml.internal.security.c14n.implementations.Canonicalizer2001 0315.handleAttributesSubtree(Unknown Source) at com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase .canonicalizeSubTree(Unknown Source) at com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase .engineCanonicalizeSubTree(Unknown Source) at com.sun.org.apache.xml.internal.security.c14n.implementations.CanonicalizerBase .engineCanonicalize(Unknown Source) at com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput.updateOutp utStream(Unknown Source) ... 5 more This bug is critical for XML Signature: i've submitted it to Java Developer Bug Report too. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
