Hello, I'm fighting with cxf 3.0.9 for more than a week and finally found problem in xmlsec library. Starting from version 2.0.0 the Canonicalizer20010315_ExclOmitCommentsTransformer transformer works incorrectly. When the list of inclusive namespaces is added the transformer adds empty namespaces declarations at the root element if the namespace is not defined already at this element.
So, here's example: inclusiveNamespaces = "SOAP-ENV ec ec1 ns0 ns1 ns11 ns2 ns4 ns9" output root: <SOAP-ENV:Body xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ec="" xmlns:ec1="" xmlns:ns0="" xmlns:ns1="" xmlns:ns11="" xmlns:ns2="" xmlns:ns4="" xmlns:ns9="" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="XWSSGID-1465203363337-2063525437"> As you can see the empty declarations have been added causing the calculated digest doesn't match, so the message is not passing the signature verification. Attached are: sample code and the transformation result. Example was tested with xmlspec 2.0.0 and xmlspec 2.0.6. Old versions 1.5.7, 1.5.8 are working fine - please take a look at: Canonicalizer20010315Excl.java, starting from line 201 -> it's not adding all prefixes defined in "inclusiveNamespaces" but only those for which there's a need. Please help! Best regards, Szymon
NamespaceBug.java
Description: NamespaceBug.java
<SOAP-ENV:Body xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/"; xmlns:ec="" xmlns:ec1="" xmlns:ns0="" xmlns:ns1="" xmlns:ns11="" xmlns:ns2="" xmlns:ns4="" xmlns:ns9="" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd"; wsu:Id="XWSSGID-1465203363337-2063525437"> <ec:SubmitRetrieveInterchangeAgreementsRequestResponse xmlns:ec="ec:services:wsdl:RetrieveInterchangeAgreementsRequest-2" xmlns:ec1="ec:schema:xsd:CommonBasicComponents-0.1"> <ns0:RetrieveInterchangeAgreementsResponse xmlns:ns0="ec:services:wsdl:RetrieveInterchangeAgreementsRequest-2" xmlns:ns1="urn:oasis:names:specification:ubl:schema:xsd:CommonExtensionComponents-2" xmlns:ns11="urn:oasis:names:specification:ubl:schema:xsd:CommonAggregateComponents-2" xmlns:ns2="urn:oasis:names:specification:ubl:schema:xsd:CommonBasicComponents-2" xmlns:ns4="ec:schema:xsd:CommonBasicComponents-1" xmlns:ns9="ec:schema:xsd:CommonAggregateComponents-2"> <ns9:InterchangeAgreement> <ns11:SenderParty> <ns2:EndpointID schemeID="GLN">DEV1_NOTENC_WEB_PARTY</ns2:EndpointID> <ns11:PartyIdentification> <ns2:ID schemeID="GLN">DEV1_NOTENC_WEB_PARTY</ns2:ID> </ns11:PartyIdentification> </ns11:SenderParty> <ns11:ReceiverParty> <ns2:EndpointID schemeID="GLN">DEV1_NOTENC_APP_PARTY</ns2:EndpointID> <ns11:PartyIdentification> <ns2:ID schemeID="GLN">DEV1_NOTENC_APP_PARTY</ns2:ID> </ns11:PartyIdentification> </ns11:ReceiverParty> <ns9:SecurityInformation> <ns4:ConfidentialityLevelCode>0</ns4:ConfidentialityLevelCode> <ns4:IntegrityLevelCode>0</ns4:IntegrityLevelCode> <ns4:AvailabilityLevelCode>0</ns4:AvailabilityLevelCode> </ns9:SecurityInformation> <ns2:DocumentTypeCode></ns2:DocumentTypeCode> <ns2:ProfileID>Bundle</ns2:ProfileID> </ns9:InterchangeAgreement> </ns0:RetrieveInterchangeAgreementsResponse> </ec:SubmitRetrieveInterchangeAgreementsRequestResponse> </SOAP-ENV:Body>
