Oracle® Application Server Release Notes 10g (10.1.4) for Linux x86 Part Number B28193-08 |
|
|
View PDF |
This chapter describes issues associated with Oracle Security Developer Tools. It includes the following topics:
This section describes general issue and workaround. It includes the following topic:
This bug relates to a parameter used to create a signature with Oracle Security Developer Tools.
An XML Signature can use either Inclusive or Exclusive Canonicalization to canonicalize the Reference or the SignedInfo:
In Inclusive Canonicalization, all the specified and inherited namespaces are written out.
In Exclusive Canonicalization, only namespaces that are actually used are written out.
The behavior of Exclusive Canonicalization can be modified by specifying the InclusiveNamespaces
parameter, which is a list of namespaces that are exceptions, that is, namespaces which should be written out even if they are not used.
Because of this bug, the InclusiveNamespaces
parameter is ignored when used for canonicalizing the SignedInfo (but considered when canonicalizing a reference). As a result, when you use the Oracle XML Security API of Oracle Security Developer Tools to create a signature that uses the InclusiveNamespaces
parameter, the signature value will be computed incorrectly. Similarly, when you verify a signature that uses the InclusiveNamespace
parameter, the verification will incorrectly return a false.