DO NOT REPLY [Bug 44999] New: DOMException is thrown at XMLSignature creation (1.4.2 beta2)

Wed, 14 May 2008 17:38:34 -0700 

https://issues.apache.org/bugzilla/show_bug.cgi?id=44999

           Summary: DOMException is thrown at XMLSignature creation (1.4.2
                    beta2)
           Product: Security
           Version: unspecified
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Signature
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: [EMAIL PROTECTED]


Description:
------------
After an "upgrade" from version 1.4.1 to 1.4.2beta2, I started receiving an
org.w3c.dom.DOMException when calling public XMLSignature(Document doc, String
BaseURI, String SignatureMethodURI). The stacktrace is:

org.w3c.dom.DOMException: NAMESPACE_ERR: An attempt is made to create or change
an object in a way which is incorrect with regard to namespaces.
        at org.apache.xerces.dom.CoreDocumentImpl.checkNamespaceWF(Unknown
Source)
        at org.apache.xerces.dom.AttrNSImpl.setName(Unknown Source)
        at org.apache.xerces.dom.AttrNSImpl.<init>(Unknown Source)
        at org.apache.xerces.dom.CoreDocumentImpl.createAttributeNS(Unknown
Source)
        at org.apache.xerces.dom.ElementImpl.setAttributeNS(Unknown Source)
        at
org.apache.xml.security.signature.XMLSignature.<init>(XMLSignature.java:206)
        at
org.apache.xml.security.signature.XMLSignature.<init>(XMLSignature.java:149)
...

Cause:
------
Before calling the constructor

public XMLSignature(Document doc, String BaseURI, String SignatureMethodURI)

we set namespace prefix to "" (Constants.setSignatureSpecNSprefix("");) to
disable prefixes. It was ok previously - now the new code at

org.apache.xml.security.signature.XMLSignature, lines 200-208

breaks that:

1. Setting the namespace prefix to "" results in the entry (namespace,
"xmlns:") being added to _prefixMappingsBindings Map
(org.apache.xml.security.utils.ElementProxy:519).
2. XMLSignature constructor gets that prefix (200-201), checks if it is "empty"
(202), gets false and calls this._constructionElement.setAttributeNS() with
that prefix (206), what results in the exception being thrown.

Possible fix:
-------------
In case of "" prefix, ElementProxy.setDefaultPrefix() should put either "xmlns"
or "" to the _prefixMappingsBindings Map.
Or, maybe, different checks should be performed at XMLSignature:200-208 and
similar places, first getting ElementProxy.getDefaultPrefix(namespace); and
then, if it is not empty, calling
ElementProxy.getDefaultPrefixBindings(namespace). Something like in
ElementProxy.createElementForFamily():136-152.

Assignment XMLUtils.xmlnsDsPrefix="xmlns:"+prefix; (ElementProxy:516) should
probably be fixed as well (not sure; however, it seems the variable
xmlnsDsPrefix is not used at all).


-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Reply via email to