Marcel Ammerlaan wrote:
Hi,
I'm currently testing some interop scenario's and ran into an issue
where the IssuerSerial is sent as a hexadecimal number.
I couldn't find any definitive spec on this, but found plenty of
examples showing the serial in Hex (including the BSP of WS-I).
In the current implementation of xml-sec there is a statement in
XML509IssuerSerial.java that parses the serial assuming it
is decimal instead. I made a local change to parse it in radix-16 to
parse hex numbers as well, but am wondering who is to
blame in this situation. Should I report an issue ?
I don't think this is a problem in the Apache implementation. See
section 4.4.4 of the XML Signature Recommendation for more details, in
particular the schema, which defines the serial number as an integer:
<complexType name="X509IssuerSerialType">
<sequence>
<element name="X509IssuerName" type="string"/>
<element name="X509SerialNumber" type="integer"/>
</sequence>
</complexType>
I would ask someone working on BSP about this, as to why the serial
numbers are hex. Let me know what you find out.
--Sean
Regards,
Marcel Ammerlaan.
