XML.orgXML.org
FOCUS AREAS |XML-DEV |XML.org DAILY NEWSLINK |REGISTRY |RESOURCES |ABOUT
OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]
Fwd: [xml-dev] XML Transformation


---------- Forwarded message ----------
From: Anishek Agarwal <anishek@gmail.com>
Date: Wed, Aug 6, 2008 at 2:09 PM
Subject: Re: [xml-dev] XML Transformation
To: Michael Kay <mike@saxonica.com>


Hello,
 
Thanks Michael for the reply. i tried to debug the axis code and found that the socket stream was taken by the SAXParser to parse so i thought it was the parser that converted the stream to xml format. As for namespaces i understand the fact that the definition of the namespace for the given elements is still the same, its just that the prefix has changed. As per my understanding both the xml mentioned in the first mail above, after canocalization should give same xml so that their digest value is same but looks like our case its different, and the thirdparty software guys are claiming that since our parser (or XSLT transformer) has removed the namespace prefix the digest is diferent and hence the digital signature is failing.

Anishek



On Wed, Aug 6, 2008 at 1:51 PM, Michael Kay <mike@saxonica.com> wrote:
Firstly, when you say "parser", I suspect you mean "XSLT processor". (It's a common mistake, but in cases like this it's important to be precise).
 
Secondly, you say that the namespace is being removed from these elements, but I don't think that's true: they are still in the same namespace, only the prefix has changed. Correct me if I have misunderstood.
 
For better or worse, the digital signature mechanisms follow XML Canonicalization by deciding that namespace prefixes are significant: see
 
 
for discussion.
 
XSLT 2.0 gives you complete control over the prefixes that are used in your result tree. XSLT 1.0 gives the implementation a lot of discretion in theory, but in practice it is usually possible to persuade the processor to use the prefixes that you want.
 
Michael Kay

From: Anishek Agarwal [mailto:anishek@gmail.com]
Sent: 06 August 2008 05:54
Subject: [xml-dev] XML Transformation

Hello,
I have a third party incoming XML at the transport layer which has a structure as below

<d:a xmlns:a="...." xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
.....
.....
<dsig:Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> (the dsig namespace is applied to all child elements as well)
......
.....
</dsig:Signature>
</d:a>


When my parser is parsing the xml this is what i am getting

<d:a xmlns:a="...." xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
.....
.....
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> (the dsig namespace is removed from all the child elements)
......
.....
</Signature>
</d:a>

Then when i try to validate the signature it fails. The partner is saying that i have wrongly parsed the xml. They calculated the digest with the "dsig" prefix in their xml where as i am calcuating it after removing "dsig" namespace as there is a default namespace and thus the parser overrides the parent  namespace declaration.

Which one is correct, should my parser have retained the "dsig" namespace even though a default namespace is defined or i am doing the right thing?

We are using apache axis 1.3 for parsing the xml which is comming over SOAP.

thanks in advance for the help

Regards,
Anishek




[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index]

News | XML in Industry | Calendar | XML Registry
Marketplace | Resources | MyXML.org | Sponsors | Privacy Statement

Copyright 1993-2007 XML.org. This site is hosted by OASIS