Hi. we have fixed this regression in https://issues.apache.org/jira/browse/SANTUARIO-623 and will release it shortly.
Colm. On Wed, Sep 11, 2024 at 9:01 AM Micha Wensveen <[email protected]> wrote: > Hi Colm > > First, thank you for the time your putting into this. It is really > appreciated. > > I created 2 unittest. > One for generating the signature and one for validation.. > Both tests fail on 4.0.2 but are successful on 3.0.4. > > The validation unit test uses a signature that is created with Santuario > 3.0.4 > > I hope these unit tests help. > > If you need more information or other unit tests please let me know. > > kind regards, > > Micha Wensveen > > Solution Architect > > Visma Connect B.V. > > Lange Kleiweg 6 > > 2288 GK Rijswijk, The Netherlands > > Mobile +31658872337 > > www.suresync.nl > > > This communication is intended for the person(s) named above only. It > contains information that is confidential and legally privileged. If > received in error, please delete this e-mail and notify the sender. > > > > On Tue, 10 Sept 2024 at 03:25, Colm O hEigeartaigh <[email protected]> > wrote: > >> Hi Micha, >> >> Can you modify the test case a bit so that verification fails with XMLSec >> 4.0.0 and submit it in the format of a unit test case to the project? >> That'll allow us to diagnose it better. >> >> I did a git bisect and it appears this massive commit is the problem: >> >> ccac0cb862a9e8b0632f017e9970906f2e1c6543 is the first bad commit >> commit ccac0cb862a9e8b0632f017e9970906f2e1c6543 >> Author: David Matějček <[email protected]> >> Date: Tue Aug 8 15:08:17 2023 +0200 >> >> New version, Java 11, System.Logger, AutoCloseable, XmlSignatureInput >> types (#192) >> >> Colm. >> >> >> On Wed, Sep 4, 2024 at 12:27 PM Micha Wensveen <[email protected]> >> wrote: >> >>> Hi, >>> >>> I created a small test project that generates a signature with an XPath >>> transformation >>> I did some tests and found >>> 1) the result of the transformation is the same hen using Santuario >>> 3.0.4 and when using Santurio 4.0.2 >>> (based on the result of >>> org.apache.xml.security.signature.Reference.getContentsAfterTransformation) >>> 2) The digest in the signature created by Santuario 3.0.4 is different >>> than the digest created by Santuario 4.0.2 >>> 3) When using a different XPath expression, Santuario 3.0.4 generates a >>> different digest (as expected because the result of the transformation is >>> different). >>> But Santurio 4.0.2 generates the same digest as the first XPath >>> expression. >>> >>> >>> <ds:DigestValue>47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU=</ds:DigestValue> >>> >>> Enclosed also the results of the signature generation and the >>> contentsAfterGeneration and a hash of the contentAfterGeneration. >>> >>> Any help will be appreciated. >>> >>> kind regards, >>> >>> Micha Wensveen >>> >>> Solution Architect >>> >>> Visma Connect B.V. >>> >>> Lange Kleiweg 6 >>> >>> 2288 GK Rijswijk, The Netherlands >>> >>> Mobile +31658872337 >>> >>> www.suresync.nl >>> >>> >>> This communication is intended for the person(s) named above only. It >>> contains information that is confidential and legally privileged. If >>> received in error, please delete this e-mail and notify the sender. >>> >>> >>> >>> On Mon, 2 Sept 2024 at 12:52, Colm O hEigeartaigh <[email protected]> >>> wrote: >>> >>>> Hi, >>>> >>>> I don't see anything obvious as to why it doesn't work, maybe a bug. >>>> Can you create a testcase please that reproduces the problem? >>>> >>>> Colm. >>>> >>>> On Mon, Sep 2, 2024 at 7:49 AM Micha Wensveen <[email protected]> >>>> wrote: >>>> > >>>> > Good Morning, >>>> > >>>> > I hope somebody can help me. >>>> > >>>> > I upgraded my application from using xmlsec 3.0.4 to 4.0.2. >>>> > However when I validate a digital signature that has been created >>>> with version 3.0.4 it fails validation with these logmessages >>>> > >>>> > 2024-09-02 06:32:17,581 [main] WARN >>>> o.a.xml.security.signature.Reference - Verification failed for URI >>>> "myfile.xml" >>>> > 2024-09-02 06:32:17,582 [main] WARN >>>> o.a.xml.security.signature.Reference - Expected Digest: >>>> dsslKYCcuSb+MHq9e36/JbugIuP7LdkLlUqiScdqgXs= >>>> > 2024-09-02 06:32:17,582 [main] WARN >>>> o.a.xml.security.signature.Reference - Actual Digest: >>>> 47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU= >>>> > >>>> > This only happens when using xpath transformation >>>> > >>>> > <ds:Reference Id="xmldsig-ref1" URI="myfile.xml"> >>>> > <ds:Transforms> >>>> > <ds:Transform Algorithm=" >>>> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/> >>>> > <ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2";> >>>> > <dsig-xpath:XPath xmlns:dsig-xpath=" >>>> http://www.w3.org/2002/06/xmldsig-filter2"; xmlns:xbrli=" >>>> http://www.xbrl.org/2003/instance"; >>>> Filter="intersect">xbrli:xbrl//*[@id!='' and not(starts-with(@id, >>>> 'kvk-i_DocumentAdoption'))]</dsig-xpath:XPath> >>>> > </ds:Transform> >>>> > </ds:Transforms> >>>> > <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256 >>>> "/> >>>> > >>>> <ds:DigestValue>dsslKYCcuSb+MHq9e36/JbugIuP7LdkLlUqiScdqgXs=</ds:DigestValue> >>>> > </ds:Reference> >>>> > >>>> > Is there a migration document to migrate to version 4? >>>> > Is there something that I need to change in my code? >>>> > >>>> > Any help will be appreciated. >>>> > >>>> > >>>> > kind regards, >>>> > >>>> > >>>> > Micha Wensveen >>>> > >>>> > >>>> > >>>> > This communication is intended for the person(s) named above only. It >>>> contains information that is confidential and legally privileged. If >>>> received in error, please delete this e-mail and notify the sender. >>>> > >>>> > >>>> >>>
