Arne,
Could you please give an exact example that shows the problem
using the testC14N command? For example, for the xml snippet
from your previous email I generated C14N and I see no xmlns=""
definitions:
$ testC14N --with-comments test.xml > test-c14n.xml
Thanks
Aleksey
Arne Mueller wrote:
Am Sonntag, den 24.08.2008, 21:21 -0700 schrieb Aleksey Sanin:
Hi, Arne!
Sorry, but as I have replied in xmlsec mailing list, I believe
that libxml2 is doing the right thing here.
Aleksey
Hi Aleksey,
you might be perfectly right with adding one empty namespace.
But I think one thing is buggy non the less, in the c14n-specification
it says:
<quote>
4.6 Superfluous Namespace Declarations
Unnecessary namespace declarations are not made in the canonical form.
Whether for an empty default namespace, a non-empty default namespace,
or a namespace prefix binding, the XML canonicalization method omits a
declaration if it determines that the immediate parent element in the
canonical form has an equivalent declaration in scope. The root document
element is handled specially since it has no parent element. All
namespace declarations in it are retained, except the declaration of an
empty default namespace is automatically omitted.
</quote>
Thus, there should be at most one empty namespace declaration, because
an parent element has already defined the empty namespace declaration.
The same holds for the redefinition of "dsig" in the XPath element.
Arne
<dsig:SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"; xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>
<dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315";></dsig:CanonicalizationMethod>
<dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1";></dsig:SignatureMethod><dsig:Reference URI="">
<dsig:Transforms>
<dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116";><dsig:XPath>
count(ancestor-or-self::dsig:Signature | here()/ancestor::dsig:Signature[1])
> count(ancestor-or-self::dsig:Signature)
</dsig:XPath>
</dsig:Transform>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1";></dsig:DigestMethod>
<dsig:DigestValue>nDF2V/bzRd0VE3EwShWtsBzTEDc=</dsig:DigestValue></dsig:Reference>
</dsig:SignedInfo>
<dsig:SignedInfo
xmlns="http://www.w3.org/2000/09/xmldsig#";
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>
<dsig:CanonicalizationMethod
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<dsig:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="">
<dsig:Transforms>
<dsig:Transform
Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116";><dsig:XPath
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#";>
count(ancestor-or-self::dsig:Signature | here()/ancestor::dsig:Signature[1])
> count(ancestor-or-self::dsig:Signature)
</dsig:XPath>
</dsig:Transform>
</dsig:Transforms>
<dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<dsig:DigestValue>nDF2V/bzRd0VE3EwShWtsBzTEDc=</dsig:DigestValue></dsig:Reference>
</dsig:SignedInfo>
_______________________________________________
xml mailing list, project page http://xmlsoft.org/
[email protected]
http://mail.gnome.org/mailman/listinfo/xml
