DO NOT REPLY New: - Canonicalizer gets exception in meny namespaces.

Email lists > Apache XML Security dev help

Thread: DO NOT REPLY New: - Canonicalizer gets exception in meny namespaces.

Search this list only Search all lists
DO NOT REPLY New: - Canonicalizer gets exception in meny namespaces.
	2006-02-15 12:51:03
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38 655>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=38655 Summary: Canonicalizer gets exception in meny namespaces. Product: Security Version: unspecified Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: Canonicalization AssignedTo: security-devxml.apache.org ReportedBy: youichi_katojustsystem.co.jp Version: java xml-security 1.3.0. OS: all (actuary, I am using Windows-XP) - Problem when xml data has many namespaces, Canonicalizer#canonicalizeSubtree() throws exception. - Reproduce: [java code] public static String toString(final Node n) throws Exception { ByteArrayOutputStream baos = new ByteArrayOutputStream(); Canonicalizer c14n = Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_OMIT_CO MMENTS); byte[] serBytes = c14n.canonicalizeSubtree(n); ... } [using XML data] <?xml version="1.0"?> <wiki xmlns:generated-command="http://foo.com/command&qu ot; xmlns:generated-event="http://foo.com/event" xmlns:command="http://foo.com/command&qu ot; xmlns:ui="http://foo.com/ui" xmlns:event="http://foo.com/event" xmlns:instruction="http://foo/instruction&qu ot; xmlns:directory="http://foo.com/io/directo ry" xmlns:function="http://foo.com/function& quot; xmlns="http://www.w3.org/1999/x html" xmlns:ctrl="http://foo.com/controls& quot; xmlns:wiki="http://foo.com/samples/wi ki"> <wiki:content> <wiki:paragraph /> </wiki:content> </wiki> - Result java.lang.ArrayIndexOutOfBoundsException: 23 at org.apache.xml.security.c14n.implementations.SymbMap.index(U nknown Source) at org.apache.xml.security.c14n.implementations.SymbMap.get(Unk nown Source) at org.apache.xml.security.c14n.implementations.NameSpaceSymbTa ble.addMappingAndRender(Unknown Source) at org.apache.xml.security.c14n.implementations.Canonicalizer20 010315.handleAttributesSubtree(Unknown Source) at org.apache.xml.security.c14n.implementations.CanonicalizerBa se.canonicalizeSubTree(Unknown Source) at org.apache.xml.security.c14n.implementations.CanonicalizerBa se.engineCanonicalizeSubTree(Unknown Source) at org.apache.xml.security.c14n.implementations.CanonicalizerBa se.engineCanonicalizeSubTree(Unknown Source) at org.apache.xml.security.c14n.Canonicalizer.canonicalizeSubtr ee(Unknown Source) ... - My Solution xml-security-1_3_0\src\org\apache\xml\security\c14n\i mplementations\NameSpaceSymbTable.java line 359, protected int index(Object obj) { Object[] set = keys; int length = set.length; //abs of index int index = (obj.hashCode() & 0x7fffffff) % length; Object cur = set[index]; if (cur == null \|\| (cur.equals( obj))) { return index; } do { index=index==length? 0:++index; // <--- Why ? cur = set[index]; } while (cur != null && (!cur.equals(obj))); return index; } when "index == length-1", "index==length? 0:++index" is evaluated length, it is OutOfBounds! I edited the code to "(index+1) % length" , it works good. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=ema il ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

DO NOT REPLY - Canonicalizer gets exception in meny namespaces.
	2007-10-16 04:47:48
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38 655>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=38655 f.merighicineca.it changed: What \|Removed \|Added ------------------------------------------------------------ ---------------- Status\|CLOSED \|REOPENED Resolution\|FIXED \| ------- Additional Comments From f.merighicineca.it 2007-10-16 02:47 ------- Same bug appears in jre 1.6.0_03 and previous. Any suggestion? -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=ema il ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

DO NOT REPLY - Canonicalizer gets exception in meny namespaces.
	2007-10-16 05:05:13
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38 655>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=38655 ------- Additional Comments From raul-infor-bg.com 2007-10-16 03:05 ------- Can you post an example of the problem. The tests are working for this case. Regards, -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=ema il ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

DO NOT REPLY - Canonicalizer gets exception in meny namespaces.
	2007-10-18 10:22:28
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38 655>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=38655 ------- Additional Comments From f.merighicineca.it 2007-10-18 08:22 ------- - Environment: Java version: 1.6.0_03 (suspected on all OS, but currently tested on Windows XP) - Problem: when sign an xml document with more than one namespace, XML Signature throws an exception caused by the Canonicalizer - Reproduce: public static void main(String args[]) throws Exception { DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); Document doc = dbf.newDocumentBuilder().parse( new FileInputStream(args[0])); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); DigestMethod digestMethod = fac.newDigestMethod( "http://w ww.w3.org/2000/09/xmldsig#sha1", null); SignedInfo signedInfo = fac.newSignedInfo(fac.newCanonicalizationMethod ( "http://www.w3.org/TR/2001/REC-xml-c14n-20010315", (C14NMethodParameterSpec) null), fac.newSignatureMethod ( "http://www.w3. org/2000/09/xmldsig#rsa- sha1", null), Collections.singletonList(fac.newReference("", digestMethod, null, "http:/ /www.w3.org/2000/09/xmldsig#object", null))); DOMSignContext signContext = new DOMSignContext( KeyPairGenerator.getInstance("RSA").generateKeyPai r().getPrivate(), doc .getDocumentElement()); fac.newXMLSignature(signedInfo, null).sign(signContext); } With XML input: <?xml version="1.0"?> <wiki xmlns:generated-command="http://foo.com/command&q uot; xmlns:generated-event="http://foo.com/event" xmlns:command="http://foo.com/command&q uot; xmlns:ui="http://foo.com/ui" xmlns:event="http://foo.com/event" xmlns:instruction="http://foo/instruction&q uot; xmlns:directory="http://foo.com/io/d irectory" xmlns:function="http://foo.com/function " xmlns="http://www.w3.org/ 1999/xhtml" xmlns:ctrl="http://foo.com/controls " xmlns:wiki="http://foo.com/ samples/wiki"> <wiki:content> <wiki:paragraph /> </wiki:content> </wiki> - Result: Exception in thread "main" javax.xml.crypto.dsig.XMLSignatureException: java.lang.ArrayIndexOutOfBoundsException: 23 at org.jcp.xml.dsig.internal.dom.DOMReference.transform(Unknown Source) at org.jcp.xml.dsig.internal.dom.DOMReference.digest(Unknown Source) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.digestReferenc e (Unknown Source) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(Unknown Source) at CanonicalizerTest.main(CanonicalizerTest.java:32) Caused by: java.lang.ArrayIndexOutOfBoundsException: 23 at com.sun.org.apache.xml.internal.security.c14n.implementation s.SymbMap.index (Unknown Source) at com.sun.org.apache.xml.internal.security.c14n.implementation s.SymbMap.get (Unknown Source) at com.sun.org.apache.xml.internal.security.c14n.implementation s.NameSpaceSymbTabl e.addMappingAndRender(Unknown Source) at com.sun.org.apache.xml.internal.security.c14n.implementation s.Canonicalizer2001 0315.handleAttributesSubtree(Unknown Source) at com.sun.org.apache.xml.internal.security.c14n.implementation s.CanonicalizerBase .canonicalizeSubTree(Unknown Source) at com.sun.org.apache.xml.internal.security.c14n.implementation s.CanonicalizerBase .engineCanonicalizeSubTree(Unknown Source) at com.sun.org.apache.xml.internal.security.c14n.implementation s.CanonicalizerBase .engineCanonicalize(Unknown Source) at com.sun.org.apache.xml.internal.security.signature.XMLSignat ureInput.updateOutp utStream(Unknown Source) ... 5 more This bug is critical for XML Signature: i've submitted it to Java Developer Bug Report too. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=ema il ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

DO NOT REPLY - Canonicalizer gets exception in meny namespaces.
	2007-10-22 13:40:59
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38 655>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=38655 sean.mullansun.com changed: What \|Removed \|Added ------------------------------------------------------------ ---------------- Status\|REOPENED \|RESOLVED Resolution\| \|FIXED ------- Additional Comments From sean.mullansun.com 2007-10-22 11:40 ------- (In reply to comment #5) > - Environment: Java version: 1.6.0_03 (suspected on all OS, but currently > tested on Windows XP) > > This bug is critical for XML Signature: i've submitted it to Java Developer > Bug Report too. This bug has been fixed in the Apache 1.4 release of XMLSec. It has not been fixed in Sun's implementation that is bundled with JDK 6 (which is based on Apache XMLSec 1.3). So you are correct to report it via Sun's JDC, however I am changing this back to closed as it is fixed in the Apache 1.4 release. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=ema il ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

DO NOT REPLY - Canonicalizer gets exception in meny namespaces.
	2007-10-23 10:41:14
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=38 655>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND· INSERTED IN THE BUG DATABASE. http://issues.apache.org/bugzilla/show_bug.cgi?id=38655 ------- Additional Comments From f.merighicineca.it 2007-10-23 08:41 ------- Thank you very much, Best Regards -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=ema il ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.

[1-6]

about | contact Other archives ( Real Estate discussion Medical topics )