Comments (6)
any use case for that? it is just a refactor of this commit and we'll probably remove that code because it is supporting malformed xml. see this thread for more information.
but i'm curious if you're relying on this behaviour for something in particular
from xml-crypto.
also, i will take the opportunity to ask.. would you like to join efforts with us? i ask this because i've noticed that you guys (the auth0 team) have a fork of xml-crypto, i've seen other libraries relying on that fork and i think this is bad, we're just duplicating efforts and really the auth0 fork only have some commits different to the main repo.
would you like to tell us about why you guys have decided to fork xml-crypto? so we can fix it and maintain only one repository for the good of all.
cc @yaronn
from xml-crypto.
any use case for that? it is just a refactor of this commit and we'll probably remove that code because it is supporting malformed xml.
Cool, I think I'm OK with the specified commit.
also, i will take the opportunity to ask.. would you like to join efforts with us? i ask this because i've noticed that you guys (the auth0 team) have a fork of xml-crypto...
That would be great. If you are OK, I can send you a PR with the following changes:
And the tricky one (maybe you found a better solution, it's related to #48, #60 and #72):
from xml-crypto.
cool!, unfourtanly i have no experience with InclusiveNamespaces
so we'll need the help of @yaronn here.
@yaronn the workaround looks good to you? how it can be less tricky?
from xml-crypto.
It would be great to join efforts, really like the idea!
As for the workaround - I think another approach could be to have this code inside the canonization class such that the class is aware of the inclusive namespaces and can embed them on the right element in a generic manner (not just a fixed list of nodes). There shouldn't be a need to wait for the failure of the initial validation since we can tell up front there are namespaces to include. I think for now we can merge the workaround and open a task for later. Also would be great to have a unit test on this.
Anyway this issue did repeat in several posts so great to include a solution for it.
from xml-crypto.
Closing this for now. The commits cited in this issue have either been implemented independently or merged through other means (as is the case of #172)
from xml-crypto.
Related Issues (20)
- A Proposal for Moving Forward HOT 1
- refactor: deprecate `SignedXml.signingKey` in favor of `SignedXml.publicKey` and `SignedXml.privateKey` HOT 1
- `xpath` dependency "problem" HOT 10
- [ENHANCEMENT]: Signature compliant to http://www.w3.org/2007/05/xmldsig-more#sha256-rsa-MGF1 HOT 5
- [ENHANCEMENT]: Export `C14nCanonicalization`, `ExclusiveCanonicalization` HOT 1
- [ENHANCEMENT]: Remove files, folders not needed on the release HOT 2
- Add Reference for the KeyInfo node
- [BUG]: keyInfo usage HOT 4
- invalid signature: for uri calculated digest is '*' but the xml to validate supplies digest '*' HOT 9
- Issue with Signature Verification When 'Transforms' Tag is Absent in 'Reference' Element HOT 5
- How to sign a SAML assertion? HOT 1
- Potentially unsafe default impl for `getKeyInfo()` HOT 2
- [BUG?]: duplicate reference in signature HOT 6
- The declared digest does not match the actual calculated digest HOT 3
- Bug/Outdated README: unclear whether signatureAlgorithm required or not HOT 2
- [ENHANCEMENT]: AddObject to SignedXml instance HOT 4
- [ENHANCEMENT]: wssecurity - getCertFromKeyInfo not possible HOT 1
- [ENHANCEMENT]: Improve experience of adding a `Reference` to the `Signature`.
- [ENHANCEMENT]: Making the signature wrap the content that it's signing HOT 4
- digest is invalid because the computed digest differs from the digest in the XML HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from xml-crypto.