|
From: I am using an open source kit that embeds apache xml
sec java 1.2.1 with xml beans version 1.0.x. The kit uses a different version
of xml beans than we do – but the 2 xml beans versions do not seem to be
too different. When we try to use it the kit with our xml beans version I get
the following exception at the line “XMLSignature sig = new
XMLSignature(element, null)”. The moment I switch back to the original
xml beans version, the error goes away. I have rebuilt most of the actual xml
beans that came with the kit using our xml beans version – but the error
persists: org.apache.xml.security.c14n.InvalidCanonicalizerException: Unknown
canonicalizer. No handler installed for URI I have debugged the code upto the point of the exception and I see that
with both xml beans versions, the xml itself does have the canonicalizer uri
– but the Element.getAttributeNS call returns null when our xml beans is
used and then we get the exception. In the code, the only link between the usage of xmlbeans and
xmlsec seems to be when we construct a DOM from an XMLObject using
XMLTokenSource.newDomNode(). Is it possible that something changed in the
implementation of this method between the different xmlbean versions that I am
trying with? Or is this a known dependency/problem between xml beans and
xml sec or has anyone run into this before? Thanks, Vish. Debugged this further - saw the
following difference that seems to be responsible for this issue: - With my xml beans version -
the xmlbeans to dom conversion using xmlobject.newDomNode() results in the node
having namespaceuri="" - With the other xml beans version
- the conversion results in the node having namespaceuri=null So in
SignedInfo.getCanonicalizationMethodURI,
Element.getAttributeNS(null,"Algorithm") matches the null uri in the
latter case and so it works. I am thinking of changing
the line in SignedInfo to Element.getAttributeNS("Algorithm") i.e.
eliminate the null namespaceuri parameter - that works. Does anyone remember there
were any initialization changes between xmlbeans versions that could be leading
to this issue? Thanks, Vish. |
- Problems with xml beans and xml security Pantvaidya, Vishwajit
- RE: Problems with xml beans and xml security Pantvaidya, Vishwajit

