You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3809 lines
140 KiB
3809 lines
140 KiB
<?xml version="1.0" encoding="utf-8"?>
|
|
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
|
|
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
|
|
|
|
<html xmlns="http://www.w3.org/1999/xhtml">
|
|
<head>
|
|
<meta name="generator" content=
|
|
"HTML Tidy for Mac OS X (vers 31 October 2006 - Apple Inc. build 13), see www.w3.org" />
|
|
<meta http-equiv="Content-Type" content=
|
|
"text/html; charset=utf-8" />
|
|
|
|
<title>Test Cases for C14N 1.1 and XMLDSig
|
|
Interoperability</title>
|
|
<style type="text/css">
|
|
/*<![CDATA[*/
|
|
code { font-family: monospace; }
|
|
|
|
div.constraint,
|
|
div.issue,
|
|
div.note,
|
|
div.notice { margin-left: 2em; }
|
|
|
|
ol.enumar { list-style-type: decimal; }
|
|
ol.enumla { list-style-type: lower-alpha; }
|
|
ol.enumlr { list-style-type: lower-roman; }
|
|
ol.enumua { list-style-type: upper-alpha; }
|
|
ol.enumur { list-style-type: upper-roman; }
|
|
|
|
|
|
div.exampleInner pre { margin-left: 1em;
|
|
margin-top: 0em; margin-bottom: 0em}
|
|
div.exampleOuter {border: 4px double gray;
|
|
margin: 0em; padding: 0em}
|
|
div.exampleInner { background-color: #d5dee3;
|
|
border-top-width: 4px;
|
|
border-top-style: double;
|
|
border-top-color: #d3d3d3;
|
|
border-bottom-width: 4px;
|
|
border-bottom-style: double;
|
|
border-bottom-color: #d3d3d3;
|
|
padding: 4px; margin: 0em }
|
|
div.exampleWrapper { margin: 4px }
|
|
div.exampleHeader { font-weight: bold;
|
|
margin: 4px}
|
|
/*]]>*/
|
|
</style>
|
|
<link rel="stylesheet" type="text/css" href=
|
|
"http://www.w3.org/StyleSheets/TR/base.css" />
|
|
<link rel="stylesheet" type="text/css" href="http://www.w3.org/StyleSheets/TR/W3C-WG-NOTE.css"/>
|
|
</head>
|
|
|
|
<body>
|
|
<div class="head">
|
|
<a href="http://www.w3.org/"><img height="48" width="72"
|
|
alt="W3C" src="http://www.w3.org/Icons/w3c_home"/></a>
|
|
|
|
<h1><a name="title" id="title"></a>Test Cases for C14N 1.1 and
|
|
XMLDSig Interoperability</h1>
|
|
|
|
<h2><a name="w3c-doctype" id="w3c-doctype"></a>W3C Working Group Note
|
|
10 June 2008</h2>
|
|
|
|
<dl>
|
|
<dt>This version:</dt>
|
|
|
|
<dd><a href=
|
|
"http://www.w3.org/TR/2008/NOTE-xmldsig2ed-tests-20080610/">http://www.w3.org/TR/2008/NOTE-xmldsig2ed-tests-20080610/</a></dd>
|
|
|
|
<dt>Latest version:</dt>
|
|
|
|
<dd><a href=
|
|
"http://www.w3.org/TR/xmldsig2ed-tests/">http://www.w3.org/TR/xmldsig2ed-tests/</a></dd>
|
|
|
|
<dt>Editors:</dt>
|
|
|
|
<dd>Juan Carlos Cruellas, UPC <a href=
|
|
"mailto:cruellas@ac.upc.es"><cruellas@ac.upc.es></a></dd>
|
|
|
|
<dd>Konrad Lanz, A-SIT <a href=
|
|
"mailto:Konrad.Lanz@iaik.tugraz.at"><Konrad.Lanz@iaik.tugraz.at></a></dd>
|
|
|
|
<dd>Sean Mullan, Sun Microsystems <a href=
|
|
"mailto:Sean.Mullan@Sun.COM"><Sean.Mullan@Sun.COM></a></dd>
|
|
</dl>
|
|
|
|
<p class="copyright"><a href=
|
|
"http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2008 <a href="http://www.w3.org/"><acronym title="World Wide Web Consortium">W3C</acronym></a><sup>®</sup>
|
|
(<a href="http://www.csail.mit.edu/"><acronym title=
|
|
"Massachusetts Institute of Technology">MIT</acronym></a>,
|
|
<a href="http://www.ercim.org/"><acronym title=
|
|
"European Research Consortium for Informatics and Mathematics">ERCIM</acronym></a>,
|
|
<a href="http://www.keio.ac.jp/">Keio</a>), All Rights
|
|
Reserved. W3C <a href=
|
|
"http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">
|
|
liability</a>, <a href=
|
|
"http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a>
|
|
and <a href=
|
|
"http://www.w3.org/Consortium/Legal/copyright-documents">document
|
|
use</a> rules apply.</p>
|
|
</div>
|
|
<hr />
|
|
|
|
<div>
|
|
<h2><a name="abstract" id="abstract"></a>Abstract</h2>
|
|
|
|
<p>This document defines interoperability test cases for
|
|
Canonical XML 1.1 <a href="#XML-C14N1.1">[XML-C14N1.1]</a> and
|
|
XML Signature Syntax and Processing, Second Edition <a href=
|
|
"#XMLDSIG2">[XMLDSIG2]</a>. The changes tested include C14N11
|
|
handling of attributes in the XML namespace, including xml:id
|
|
and xml:base, appropriate C14N11 nodeset to octet stream
|
|
transform processing, modifications to RFC 3986 dot segment
|
|
processing for C14N11, and RFC 4514 string encoding of
|
|
Distinguished Names. The tests include standalone C14N11 tests
|
|
as well as tests integrated with XML signature generation and
|
|
validation. This document also includes earlier test cases used
|
|
in XML Signature <a href="#XMLDSIG">[XMLDSIG]</a> for
|
|
regression testing.</p>
|
|
</div>
|
|
|
|
<div>
|
|
<h2><a name="status" id="status"></a>Status of this
|
|
Document</h2>
|
|
|
|
<p><em>This section describes the status of this document at
|
|
the time of its publication. Other documents may supersede this
|
|
document. A list of current W3C publications and the latest
|
|
revision of this technical report can be found in the <a href=
|
|
"http://www.w3.org/TR/">W3C technical reports index</a> at
|
|
http://www.w3.org/TR/.</em></p>
|
|
|
|
<p>The set of test cases documented in this report was used to
|
|
provide evidence for implementation support for the Canonical
|
|
XML 1.1 and XML Signature Proposed (Edited) Recommendations.
|
|
While the Working Group might publish revised versions of this
|
|
document to include mild improvements of the test
|
|
documentation, there is no expectation that the core material
|
|
in this document will change. It should be noted that no
|
|
material in this document is normative; in particular, passing
|
|
the tests documented in this document is neither necessary, nor
|
|
sufficient for a conformance claim against either Canonical XML
|
|
1.1 or XML Signature 2nd Edition.</p>
|
|
|
|
<p>This document was developed by the <a href= "http://www.w3.org/2007/xmlsec/">XML Security
|
|
Specifications Maintenance Working Group</a>.</p>
|
|
|
|
<p>Please send comments about this document to
|
|
<a href="mailto:public-xmlsec-comments@w3.org">public-xmlsec-comments@w3.org</a> (with <a href=
|
|
"http://lists.w3.org/Archives/Public/public-xmlsec-comments/">public
|
|
archive</a>).</p>
|
|
|
|
<p>Publication as a Working Group Note does not imply endorsement by the W3C Membership. This is
|
|
a draft document and may be updated, replaced or obsoleted by other documents at any time. It is
|
|
inappropriate to cite this document as other than work in progress.</p>
|
|
|
|
<p>This document was produced by a group operating under the <a href=
|
|
"http://www.w3.org/Consortium/Patent-Policy-20040205/">5 February 2004 W3C Patent Policy</a>.
|
|
W3C maintains a <a href= "http://www.w3.org/2004/01/pp-impl/40279/status">public list of any
|
|
patent disclosures</a> made in connection with the deliverables of the group; that page also
|
|
includes instructions for disclosing a patent. An individual who has actual knowledge of a
|
|
patent which the individual believes contains <a href=
|
|
"http://www.w3.org/Consortium/Patent-Policy-20040205/#def-essential"> Essential Claim(s)</a>
|
|
must disclose the information in accordance with <a href=
|
|
"http://www.w3.org/Consortium/Patent-Policy-20040205/#sec-Disclosure"> section 6 of the W3C
|
|
Patent Policy</a>.</p>
|
|
</div>
|
|
|
|
<div class="toc">
|
|
<h2><a name="contents" id="contents"></a>Table of Contents</h2>
|
|
|
|
<p class="toc">1 <a href="#Introduction">Introduction</a><br />
|
|
1.1 <a href=
|
|
"#Introduction-TestCaseNotation">Test Case Notation</a><br />
|
|
1.2 <a href=
|
|
"#Introduction.RecommendationRefs">Codes for Recommendation
|
|
References (Rec, SubRec)</a><br />
|
|
1.3 <a href=
|
|
"#Introduction.IssuesCodes">Codes for Issues (SpecificIssue)
|
|
and Sub-Issues (SpecificSubIssue)</a><br />
|
|
2 <a href="#acknowledgements">Acknowledgements</a><br />
|
|
3 <a href="#TestCases-Spec">Test Cases specification</a><br />
|
|
3.1 <a href="#TestCases-Legacy">Legacy
|
|
XMLDSig Working Group Test Cases</a><br />
|
|
3.2 <a href="#TestCases-C14n11">Test
|
|
Cases for Canonicalization 1.1</a><br />
|
|
3.2.1 <a href=
|
|
"#XMLLANG">Test Cases for xml:lang attribute</a><br />
|
|
3.2.2 <a href=
|
|
"#XMLSPACE">Test Cases for xml:space attribute</a><br />
|
|
3.2.3 <a href=
|
|
"#XMLID">Test Cases for xml:id attribute</a><br />
|
|
3.2.4 <a href=
|
|
"#XMLBASE">Test Cases for xml:base attribute</a><br />
|
|
3.2.4.1
|
|
<a href="#XMLBASE_PROPAGATION">Test Cases for checking xml:base
|
|
attribute propagation</a><br />
|
|
3.2.4.1.1
|
|
<a href="#c14n11xmlbase-prop-1">Test case
|
|
c14n11/xmlbase-prop-1</a><br />
|
|
3.2.4.1.2
|
|
<a href="#c14n11xmlbase-prop-2">Test case
|
|
c14n11/xmlbase-prop-2</a><br />
|
|
3.2.4.1.3
|
|
<a href="#c14n11xmlbase-prop-3">Test case
|
|
c14n11/xmlbase-prop-3</a><br />
|
|
3.2.4.1.4
|
|
<a href="#c14n11xmlbase-prop-4">Test case
|
|
c14n11/xmlbase-prop-4</a><br />
|
|
3.2.4.1.5
|
|
<a href="#c14n11xmlbase-prop-5">Test case
|
|
c14n11/xmlbase-prop-5</a><br />
|
|
3.2.4.1.6
|
|
<a href="#c14n11xmlbase-prop-6">Test case
|
|
c14n11/xmlbase-prop-6</a><br />
|
|
3.2.4.1.7
|
|
<a href="#c14n11xmlbase-prop-7">Test case
|
|
c14n11/xmlbase-prop-7</a><br />
|
|
3.2.4.2
|
|
<a href="#XMLBASE_C14N11SPEC">Test Cases for checking
|
|
XML-C14N1.1 specification tests</a><br />
|
|
3.2.4.2.1
|
|
<a href="#c14n11xmlbase-c14n11spec-102">Test case
|
|
c14n11/xmlbase-c14n11spec-102</a><br />
|
|
3.2.4.2.2
|
|
<a href="#c14n11xmlbase-c14n11spec2-102">Test case
|
|
c14n11/xmlbase-c14n11spec2-102</a><br />
|
|
3.2.4.2.3
|
|
<a href="#c14n11xmlbase-c14n11spec3-103">Test case
|
|
c14n11/xmlbase-c14n11spec3-103</a><br />
|
|
3.2.5 <a href=
|
|
"#XMLBASE_APPENDIXA">Test Cases for checking examples in the
|
|
XML-C14N1.1 Appendix</a><br />
|
|
3.3 <a href="#TestCases-XMLDSig">Test
|
|
Cases for XMLDSig</a><br />
|
|
3.3.1 <a href=
|
|
"#TestCases-XMLDSig-C14n11">Test Cases for C14N 1.1 in
|
|
XMLDSig</a><br />
|
|
3.3.2 <a href=
|
|
"#TestCases-DefaultCan">Test Cases on nodeset to octet-stream
|
|
conversion by C14n 1.1 explicitly reflected in the chain of
|
|
transforms</a><br />
|
|
3.3.3 <a href=
|
|
"#TestCases-SchemaBasedXPointers">Test Cases on schema based
|
|
XPointers and canonicalization</a><br />
|
|
3.3.4 <a href=
|
|
"#TestCases-DistinguishedName">Test Cases on String encoding of
|
|
Distinguished Names</a><br />
|
|
3.3.4.1
|
|
<a href="#TestCases-DistinguishedName-RFC2253-RFC4514">Test
|
|
Cases on differences identified in RFC 2253 and RFC
|
|
4514</a><br />
|
|
3.3.4.1.1
|
|
<a href="#xmldsigdnamediffRFCs-1">Test case
|
|
xmldsig/dname/diffRFCs-1</a><br />
|
|
3.3.4.1.2
|
|
<a href="#xmldsigdnamediffRFCs-2">Test case
|
|
xmldsig/dname/diffRFCs-2</a><br />
|
|
3.3.4.1.3
|
|
<a href="#xmldsigdnamediffRFCs-3">Test case
|
|
xmldsig/dname/diffRFCs-3</a><br />
|
|
3.3.4.1.4
|
|
<a href="#xmldsigdnamediffRFCs-4">Test case
|
|
xmldsig/dname/diffRFCs-4</a><br />
|
|
3.3.4.1.5
|
|
<a href="#xmldsigdnamediffRFCs-5">Test case
|
|
xmldsig/dname/diffRFCs-5</a><br />
|
|
3.3.4.2
|
|
<a href="#TestCases-DistinguishedName-RFC4514">Test Cases for
|
|
RFC 4514</a><br />
|
|
3.3.4.2.1
|
|
<a href="#xmldsigdnamednString-4">Test case
|
|
xmldsig/dname/dnString-4</a><br />
|
|
3.3.4.2.2
|
|
<a href="#xmldsigdnamednString-6">Test case
|
|
xmldsig/dname/dnString-6</a><br />
|
|
3.3.4.2.3
|
|
<a href="#xmldsigdnamednString-8">Test case
|
|
xmldsig/dname/dnString-8</a><br />
|
|
4 <a href="#References">References</a><br /></p>
|
|
</div>
|
|
<hr />
|
|
|
|
<div class="body">
|
|
<div class="div1">
|
|
<h2><a name="Introduction" id="Introduction"></a>1
|
|
Introduction</h2>
|
|
|
|
<p>The test cases include standalone C14N 1.1 tests and test
|
|
cases involving XML signature generation and validation. XML
|
|
signatures are generated according to the details specified
|
|
in this document.</p>
|
|
|
|
<p>All the test cases are positive (signatures that are
|
|
valid).</p>
|
|
|
|
<p>Applications should validate these signatures and check
|
|
that they are valid.</p>
|
|
|
|
<div class="div2">
|
|
<h3><a name="Introduction-TestCaseNotation" id=
|
|
"Introduction-TestCaseNotation"></a>1.1 Test Case
|
|
Notation</h3>
|
|
|
|
<p>This section summarizes the notation used for
|
|
identification of test cases.</p>
|
|
|
|
<p>A test case identifier matches the following pattern,
|
|
and the syntax for describing the pattern is borrowed from
|
|
<a href=
|
|
"http://www.w3.org/TR/xmldsig-core/#sec-Overview">section
|
|
2.0</a> of <a href="#XMLDSIG">[XMLDSIG]</a> (where "?"
|
|
denotes zero or one occurrence; "+" denotes one or more
|
|
occurrences; "*" denotes zero or more occurrences) and "|"
|
|
denotes a choice.</p>
|
|
|
|
<div class="exampleInner">
|
|
<pre>
|
|
Rec/(SubRec/)?(SpecificIssue-(SpecificSubIssue-)?)+TestNumber
|
|
</pre>
|
|
</div>
|
|
|
|
<p>The <code>Rec</code> part identifies the source
|
|
recommendation for the test case.</p>
|
|
|
|
<p>The <code>SubRec</code> part identifies a recommendation
|
|
that is tested in the context of <code>Rec</code>.</p>
|
|
|
|
<p>The <code>SpecificIssue</code> part identifies the issue
|
|
to be tested by the test case. The optional
|
|
<code>SpecificSubIssue</code> part further refines the
|
|
issue to be tested.</p>
|
|
|
|
<p>The <code>TestNumber</code> part numbers the test case.
|
|
It must be an integer number or an integer number followed
|
|
by a lowercase letter.</p>
|
|
|
|
<p>The next section identifies codes used throughout this
|
|
document.</p>
|
|
</div>
|
|
|
|
<div class="div2">
|
|
<h3><a name="Introduction.RecommendationRefs" id=
|
|
"Introduction.RecommendationRefs"></a>1.2 Codes for
|
|
Recommendation References (<code>Rec</code>,
|
|
<code>SubRec</code>)</h3>
|
|
|
|
<p>The following codes are used for identifying the source
|
|
recommendations for the test cases:</p>
|
|
|
|
<ul>
|
|
<li>
|
|
<p><code>c14n11</code> identifies the standalone
|
|
Canonical XML 1.1 <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> test cases.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p><code>xmldsig</code> identifies the XML Signature
|
|
Second Edition <a href="#XMLDSIG2">[XMLDSIG2]</a> test
|
|
cases.</p>
|
|
|
|
<ul>
|
|
<li>
|
|
<p><code>c14n11</code> identifies the test cases
|
|
that test <code>c14n11</code> with
|
|
<code>xmldsig</code>.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p><code>dname</code> identifies the test cases
|
|
that test <a href="#RFC-4514">[RFC 4514]</a> versus
|
|
<a href="#RFC-2253">[RFC 2253]</a> with
|
|
<code>xmldsig</code>.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p><code>xpointer</code> identifies the test cases
|
|
that test <a href=
|
|
"#XPointer-Framework">[XPointer-Framework]</a>,
|
|
<a href="#XPointer-Element">[XPointer-Element]</a>
|
|
and <a href=
|
|
"#XPointer-xpointer">[XPointer-xpointer]</a> with
|
|
<code>xmldsig</code>.</p>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
|
|
<p id="directory-structure">This structure is reflected in
|
|
the directories <a href="c14n11/">c14n11/</a>, <a href=
|
|
"xmldsig/">xmldsig/</a>, <a href=
|
|
"xmldsig/c14n11/">xmldsig/c14n11/</a>, <a href=
|
|
"xmldsig/dname/">xmldsig/dname/</a> and <a href=
|
|
"xmldsig/xpointer/">xmldsig/xpointer/</a>.</p>
|
|
</div>
|
|
|
|
<div class="div2">
|
|
<h3><a name="Introduction.IssuesCodes" id=
|
|
"Introduction.IssuesCodes"></a>1.3 Codes for Issues
|
|
(<code>SpecificIssue</code>) and Sub-Issues
|
|
(<code>SpecificSubIssue</code>)</h3>
|
|
|
|
<p>The following codes are used for identifying the issues
|
|
and sub-issues for the test cases:</p>
|
|
|
|
<ul>
|
|
<li>
|
|
<p><code>defCan</code> identifies the test cases that
|
|
test the <a href="#XMLDSIG2">[XMLDSIG2]</a> implicit
|
|
and explicit rules managing the final canonicalization
|
|
that precedes the digest computation..</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p><code>xmllang</code> identifies the test cases that
|
|
test the C14N11 handling of the <code>xml:lang</code>
|
|
attribute.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p><code>xmlspace</code> identifies the test cases that
|
|
test the C14N11 handling of the <code>xml:space</code>
|
|
attribute.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p><code>xmlid</code> identifies the test cases that
|
|
test the C14N11 handling of the <code>xml:id</code>
|
|
attribute.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p><code>xmlbase</code> identifies the test cases that
|
|
test the C14N11 handling of the <code>xml:base</code>
|
|
attribute.</p>
|
|
|
|
<p>The following sub-issues are associated with this
|
|
issue:</p>
|
|
|
|
<ul>
|
|
<li>
|
|
<p><code>prop</code> identifies the test cases that
|
|
test the C14N11 propagation of the
|
|
<code>xml:base</code> attribute through the node
|
|
tree.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p><code>annexA</code> identifies the test cases
|
|
that test the C14N11 Remove Dot Segments examples
|
|
listed in Appendix A of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a>.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p><code>c14n11spec</code> identifies the test
|
|
cases that test the examples in the <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> specification.</p>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
|
|
<li>
|
|
<p><code>dnString</code> identifies the test cases that
|
|
test the string encoding of Distinguished Names.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p><code>diffRFCs</code> identifies the test cases that
|
|
test the differences between <a href="#RFC-2253">[RFC
|
|
2253]</a> and <a href="#RFC-4514">[RFC 4514]</a>.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p><code>xpointer</code> identifies the test cases that
|
|
test the handling of XPointer Reference URIs as
|
|
specified in <a href="#XMLDSIG2">[XMLDSIG2]</a></p>
|
|
</li>
|
|
</ul>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="div1">
|
|
<h2><a name="acknowledgements" id="acknowledgements"></a>2
|
|
Acknowledgements</h2>
|
|
|
|
<p>Major contributions to this document were received from
|
|
Juan Carlos Cruellas, UPC; Konrad Lanz, A-SIT; Sean Mullan,
|
|
Sun Microsystems; Pratik Datta, Oracle; Frederick Hirsch,
|
|
Nokia; Bruce Rich, IBM; Thomas Roessler, W3C. The test cases
|
|
in this document were reviewed by the members of the W3C XML
|
|
Security Specifications Maintenance Working Group.</p>
|
|
</div>
|
|
|
|
<div class="div1">
|
|
<h2><a name="TestCases-Spec" id="TestCases-Spec"></a>3 Test
|
|
Cases specification</h2>
|
|
|
|
<p>The following sub-sections describe each of the test cases
|
|
and are grouped by Recommendation and Issue.</p>
|
|
|
|
<div class="div2">
|
|
<h3><a name="TestCases-Legacy" id=
|
|
"TestCases-Legacy"></a>3.1 Legacy XMLDSig Working Group
|
|
Test Cases</h3>
|
|
|
|
<p>The IETF/W3C XML-DSig Working Group produced an
|
|
interoperability test matrix that can be found at <a href=
|
|
"#XMLDSIG-interop">[XMLDSIG-interop]</a>.</p>
|
|
</div>
|
|
|
|
<div class="div2">
|
|
<h3><a name="TestCases-C14n11" id=
|
|
"TestCases-C14n11"></a>3.2 Test Cases for Canonicalization
|
|
1.1</h3>
|
|
|
|
<p>The set of test cases in this section are designed to
|
|
test the C14N11 handling of attributes in the xml
|
|
namespace. The input for each of these test cases is an XML
|
|
document and an XPath document subset expression. Two
|
|
different sets of tests are included based on the test
|
|
cases in this section.</p>
|
|
|
|
<ul>
|
|
<li>
|
|
<p>Standalone tests: no XML signature generation or
|
|
validation is required. The XPath document subset
|
|
expression is applied to the input document. These
|
|
tests are used to check that the implementation for
|
|
<a href="#XML-C14N1.1">[XML-C14N1.1]</a> behaves
|
|
correctly.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p>Integrated tests with XML signatures: In these set
|
|
of tests, an XML signature is generated based on the
|
|
input document and a corresponding XPath Filtering
|
|
Transform as indicated in the tables. For these set of
|
|
tests, the following rules apply:</p>
|
|
|
|
<ul>
|
|
<li>
|
|
<p>The XML Signature is generated using the
|
|
HMAC-SHA1 SignatureMethod algorithm and a secret
|
|
key with the value:
|
|
<code>"secret".getBytes("ASCII")</code>.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p>The <code>Transforms</code> element contains a
|
|
sequence of two transforms:</p>
|
|
|
|
<ul>
|
|
<li>
|
|
<p>An XPath Filtering Transform that contains
|
|
an XPath expression that depends on the test
|
|
case.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p>A Canonical XML 1.1 Transform.</p>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
</li>
|
|
</ul>
|
|
|
|
<div class="div3">
|
|
<h4><a name="XMLLANG" id="XMLLANG"></a>3.2.1 Test Cases
|
|
for <code>xml:lang</code> attribute</h4>
|
|
|
|
<p>The set of test cases in this section test the C14N11
|
|
handling of <code>xml:lang</code> attributes.</p>
|
|
|
|
<p>Below is the <a href=
|
|
"c14n11/xmllang-input.xml">input document</a> for the
|
|
test cases in this section:</p>
|
|
|
|
<div class="exampleInner">
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<ietf:c14n11Xmllang xmlns:ietf="http://www.ietf.org"
|
|
xmlns:w3c="http://www.w3.org">
|
|
<ietf:e1 xml:lang="EN">
|
|
<ietf:e11>
|
|
<ietf:e111 />
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<ietf:e121 />
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
<ietf:e2 >
|
|
<ietf:e21 />
|
|
</ietf:e2>
|
|
</ietf:c14n11Xmllang>
|
|
</pre>
|
|
</div>
|
|
|
|
<div class="note">
|
|
<p class="prefix"><b>Note:</b></p>
|
|
|
|
<p>Document subset expressions for document subsets
|
|
computation are defined as in <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a>.</p>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmllang-1" id=
|
|
"c14n11xmllang-1"></a>3.2.1.1 Test case
|
|
c14n11/xmllang-1</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>To-Be-Signed (TBS henceforth) data object
|
|
with ONLY a <code>xml:lang</code> attribute in a
|
|
certain element <code>e</code> whose content
|
|
includes other elements. The
|
|
<code>ds:Transform</code> contains a XPath
|
|
expression whose result is a node set that
|
|
includes element <code>e</code>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> handle xml:lang
|
|
attributes as defined in <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="c14n11/xmllang-1.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* |
|
|
//namespace::*)[ancestor-or-self::ietf:e1]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmllang-1.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org" xml:lang="EN">
|
|
<ietf:e11>
|
|
<ietf:e111></ietf:e111>
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<ietf:e121></ietf:e121>
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmllang-2" id=
|
|
"c14n11xmllang-2"></a>3.2.1.2 Test case
|
|
c14n11/xmllang-2</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>TBS data object with ONLY a
|
|
<code>xml:lang</code> attribute in a certain
|
|
element <code>e</code> whose content includes
|
|
other elements. The <code>ds:Transform</code>
|
|
contains a XPath expression whose result is a
|
|
node set that DOES NOT include neither element
|
|
<code>e</code> nor any of its children
|
|
elements.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> handle xml:lang
|
|
attributes as defined in <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="c14n11/xmllang-2.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* |
|
|
//namespace::*)[ancestor-or-self::ietf:e2]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmllang-2.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e2 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org">
|
|
<ietf:e21></ietf:e21>
|
|
</ietf:e2>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmllang-3" id=
|
|
"c14n11xmllang-3"></a>3.2.1.3 Test case
|
|
c14n11/xmllang-3</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>TBS with ONLY a <code>xml:lang</code>
|
|
attribute in a certain element <code>e</code>
|
|
whose content includes a sequence of one element.
|
|
The <code>ds:Transform</code> contains a XPath
|
|
expression whose result is a node set that DOES
|
|
NOT include element <code>e</code> but includes
|
|
one child element.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> handle xml:lang
|
|
attributes as defined in <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="c14n11/xmllang-3.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* |
|
|
//namespace::*)[ancestor-or-self::ietf:e11]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmllang-3.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e11 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org" xml:lang="EN">
|
|
<ietf:e111></ietf:e111>
|
|
</ietf:e11>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmllang-4" id=
|
|
"c14n11xmllang-4"></a>3.2.1.4 Test case
|
|
c14n11/xmllang-4</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>TBS with ONLY a <code>xml:lang</code>
|
|
attribute in a certain element <code>e</code>
|
|
whose content includes a sequence of more than
|
|
one element (these children may in turn contain
|
|
children elements). The <code>ds:Transform</code>
|
|
contains a XPath expression whose result is a
|
|
node set that DOES NOT include element
|
|
<code>e</code> but includes more than one of its
|
|
children elements.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> handle xml:lang
|
|
attributes as defined in <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="c14n11/xmllang-4.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* |
|
|
//namespace::*)[ancestor-or-self::ietf:e11 or
|
|
ancestor-or-self::ietf:e12]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmllang-4.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e11 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org" xml:lang="EN">
|
|
<ietf:e111></ietf:e111>
|
|
</ietf:e11>\
|
|
+ <ietf:e12 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org" at="2" xml:lang="EN">
|
|
<ietf:e121></ietf:e121>
|
|
</ietf:e12>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="div3">
|
|
<h4><a name="XMLSPACE" id="XMLSPACE"></a>3.2.2 Test Cases
|
|
for <code>xml:space</code> attribute</h4>
|
|
|
|
<p>The set of test cases in this section test the C14N11
|
|
handling of <code>xml:space</code> attributes.</p>
|
|
|
|
<p>Below is the <a href=
|
|
"c14n11/xmlspace-input.xml">input document</a> for the
|
|
test cases in this section:</p>
|
|
|
|
<div class="exampleInner">
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<ietf:c14n11XmlSpaceDoc1 xmlns:ietf="http://www.ietf.org"
|
|
xmlns:w3c="http://www.w3.org">
|
|
<ietf:e1 xml:space="true">
|
|
<ietf:e11>
|
|
<ietf:e111 />
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<ietf:e121 />
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
<ietf:e2 >
|
|
<ietf:e21 />
|
|
</ietf:e2>
|
|
</ietf:c14n11XmlSpaceDoc1>
|
|
</pre>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlspace-1" id=
|
|
"c14n11xmlspace-1"></a>3.2.2.1 Test case
|
|
c14n11/xmlspace-1</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>TBS data object with ONLY a
|
|
<code>xml:space</code> attribute in a certain
|
|
element <code>e</code> whose content includes
|
|
other elements. The <code>ds:Transform</code>
|
|
contains a XPath expression whose result is a
|
|
node set that includes element
|
|
<code>e</code>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> handle xml:space
|
|
attributes as defined in <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="c14n11/xmlspace-1.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)
|
|
[ancestor-or-self::ietf:e1]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlspace-1.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org" xml:space="true">
|
|
<ietf:e11>
|
|
<ietf:e111></ietf:e111>
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<ietf:e121></ietf:e121>
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlspace-2" id=
|
|
"c14n11xmlspace-2"></a>3.2.2.2 Test case
|
|
c14n11/xmlspace-2</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>TBS data object with ONLY a
|
|
<code>xml:space</code> attribute in a certain
|
|
element <code>e</code> whose content includes
|
|
other elements. The <code>ds:Transform</code>
|
|
contains a XPath expression whose result is a
|
|
node set that DOES NOT include neither element
|
|
<code>e</code> nor any of its children
|
|
elements.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> handle xml:space
|
|
attributes as defined in <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="c14n11/xmlspace-2.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)
|
|
[ancestor-or-self::ietf:e2]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlspace-2.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e2 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org">
|
|
<ietf:e21></ietf:e21>
|
|
</ietf:e2>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlspace-3" id=
|
|
"c14n11xmlspace-3"></a>3.2.2.3 Test case
|
|
c14n11/xmlspace-3</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>TBS with ONLY a <code>xml:space</code>
|
|
attribute in a certain element <code>e</code>
|
|
whose content includes a sequence of one element.
|
|
The <code>ds:Transform</code> contains a XPath
|
|
expression whose result is a node set that DOES
|
|
NOT include element <code>e</code> but includes
|
|
its child element.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> handle xml:space
|
|
attributes as defined in <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="c14n11/xmlspace-3.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)
|
|
[ancestor-or-self::ietf:e11]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlspace-3.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e11 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org" xml:space="true">
|
|
<ietf:e111></ietf:e111>
|
|
</ietf:e11>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlspace-4" id=
|
|
"c14n11xmlspace-4"></a>3.2.2.4 Test case
|
|
c14n11/xmlspace-4</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>TBS with ONLY a <code>xml:space</code>
|
|
attribute in a certain element <code>e</code>
|
|
whose content includes a sequence of more than
|
|
one element (these children may in turn contain
|
|
children elements). The <code>ds:Transform</code>
|
|
contains a XPath expression whose result is a
|
|
node set that DOES NOT include element
|
|
<code>e</code> but includes more than one of its
|
|
children elements.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> handle xml:space
|
|
attributes as defined in <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="c14n11/xmlspace-4.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)
|
|
[ancestor-or-self::ietf:e11 or
|
|
ancestor-or-self::ietf:e12]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlspace-4.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e11 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org" xml:space="true">
|
|
<ietf:e111></ietf:e111>
|
|
</ietf:e11>\
|
|
+ <ietf:e12 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org" at="2" xml:space="true">
|
|
<ietf:e121></ietf:e121>
|
|
</ietf:e12>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="div3">
|
|
<h4><a name="XMLID" id="XMLID"></a>3.2.3 Test Cases for
|
|
<code>xml:id</code> attribute</h4>
|
|
|
|
<p>The set of test cases in this section test the C14N11
|
|
handling of <code>xml:id</code> attributes.</p>
|
|
|
|
<p>Below is the <a href="c14n11/xmlid-input.xml">input
|
|
document</a> for all the test cases in this section:</p>
|
|
|
|
<div class="exampleInner">
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<ietf:c14n11XmlIdDoc1 xmlns:ietf="http://www.ietf.org"
|
|
xmlns:w3c="http://www.w3.org">
|
|
<ietf:e1 xml:id="IdInterop">
|
|
<ietf:e11>
|
|
<ietf:e111 />
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<ietf:e121 />
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
<ietf:e2 >
|
|
<ietf:e21 />
|
|
</ietf:e2>
|
|
</ietf:c14n11XmlIdDoc1>
|
|
</pre>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlid-1" id=
|
|
"c14n11xmlid-1"></a>3.2.3.1 Test case
|
|
c14n11/xmlid-1</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>TBS with ONLY a <code>xml:id</code> attribute
|
|
in a certain element <code>e</code> whose content
|
|
includes other elements. The
|
|
<code>ds:Transform</code> contains a XPath
|
|
expression whose result is a node set that
|
|
includes element <code>e</code>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> handle xml:id
|
|
attributes as defined in <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="c14n11/xmlid-1.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)
|
|
[ancestor-or-self::ietf:e1]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlid-1.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org" xml:id="IdInterop">
|
|
<ietf:e11>
|
|
<ietf:e111></ietf:e111>
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<ietf:e121></ietf:e121>
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlid-2" id=
|
|
"c14n11xmlid-2"></a>3.2.3.2 Test case
|
|
c14n11/xmlid-2</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>TBS with ONLY a <code>xml:id</code> attribute
|
|
in a certain element <code>e</code> whose content
|
|
includes other elements. The
|
|
<code>ds:Transform</code> contains a XPath
|
|
expression whose result is a node set that DOES
|
|
NOT include the element <code>e</code> but some
|
|
of the children of the element
|
|
<code>e</code>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> handle xml:id
|
|
attributes as defined in <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a></td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="c14n11/xmlid-2.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)
|
|
[ancestor-or-self::ietf:e11 or
|
|
ancestor-or-self::ietf:e12]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlid-2.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e11 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org">
|
|
<ietf:e111></ietf:e111>
|
|
</ietf:e11>\
|
|
+ <ietf:e12 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org" at="2">
|
|
<ietf:e121></ietf:e121>
|
|
</ietf:e12>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="div3">
|
|
<h4><a name="XMLBASE" id="XMLBASE"></a>3.2.4 Test Cases
|
|
for <code>xml:base</code> attribute</h4>
|
|
|
|
<p>The set of test cases in this section test the C14N11
|
|
handling of <code>xml:base</code> attributes.</p>
|
|
|
|
<p>Three sets of test cases have been defined:</p>
|
|
|
|
<ul>
|
|
<li>
|
|
<p>Tests that check if the implementation correctly
|
|
propagates the <code>xml:base</code> attributes
|
|
through the node tree.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p>Tests that check if the implementation correctly
|
|
processes the examples involving xml:base propagation
|
|
in the <a href="#XML-C14N1.1">[XML-C14N1.1]</a>
|
|
specification.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p>Tests that check if the implementation correctly
|
|
processes the examples in the Appendix of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a></p>
|
|
</li>
|
|
</ul>
|
|
|
|
<div class="div4">
|
|
<h5><a name="XMLBASE_PROPAGATION" id=
|
|
"XMLBASE_PROPAGATION"></a>3.2.4.1 Test Cases for
|
|
checking <code>xml:base</code> attribute
|
|
propagation</h5>
|
|
|
|
<p>This section defines test cases that test how
|
|
implementations propagate <code>xml:base</code>
|
|
attributes through the tree when the result of the
|
|
filtering is a document subset.</p>
|
|
|
|
<p>Below is the <a href=
|
|
"c14n11/xmlbase-prop-input.xml">input document</a>
|
|
for the test cases in this section:</p>
|
|
|
|
<div class="exampleInner">
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<ietf:c14n11XmlBaseDoc1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org"\
|
|
+ xml:base="http://xmlbase.example.org/xmlbase0/">
|
|
<ietf:e1 xml:base="/xmlbase1/">
|
|
<ietf:e11 xml:base="/xmlbase11/">
|
|
<ietf:e111 xml:base="/xmlbase111/"/>
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<ietf:e121 xml:base="/xmlbase121/"/>
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
<ietf:e2>
|
|
<ietf:e21 xml:base="/xmlbase21/"/>
|
|
</ietf:e2>
|
|
<ietf:e3>
|
|
<ietf:e31 at="3"/>
|
|
</ietf:e3>
|
|
</ietf:c14n11XmlBaseDoc1>
|
|
</pre>
|
|
</div>
|
|
|
|
<p>The document's root element
|
|
<code>ietf:c14n11XmlBaseDoc1</code> defines an
|
|
<code>xml:base</code> attribute. This element contains
|
|
three children elements.</p>
|
|
|
|
<p>The first element <code>ietf:e1</code> has another
|
|
<code>xml:base</code> attribute. All the
|
|
<code>ietf:e1</code>'s descendant elements have a
|
|
<code>xml:base</code> attribute. Transforms that select
|
|
subsets of <code>ietf:e1</code>'s descendants will test
|
|
how each level in the tree of elements incorporates its
|
|
corresponding part to the value of the final
|
|
<code>xml:base</code>.</p>
|
|
|
|
<p>The second element <code>ietf:e2</code> does not
|
|
have a <code>xml:base</code> attribute, but its child
|
|
element, <code>ietf:e21</code> has a
|
|
<code>xml:base</code> attribute. Transforms that select
|
|
<code>ietf:e21</code> will test how it takes the value
|
|
of <code>xml:base</code> from an ancestor different
|
|
than its parent.</p>
|
|
|
|
<p>As for the third element, neither it nor any of its
|
|
descendants have a <code>xml:base</code> attribute.
|
|
Transforms that select <code>ietf:e3</code> or any of
|
|
its descendants will test how they inherit the
|
|
<code>xml:base</code> attribute from the root element
|
|
without any further processing.</p>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlbase-prop-1" id=
|
|
"c14n11xmlbase-prop-1"></a>3.2.4.1.1 Test case
|
|
c14n11/xmlbase-prop-1</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The document shown above. The
|
|
<code>ds:Transform</code> contains a XPath
|
|
expression whose result is a node set that
|
|
includes element
|
|
<code>ietf:c14n11XmlBaseDoc1</code> and the
|
|
child <code>ietf:e1</code> and its
|
|
descendant.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> work properly
|
|
when the <code>xml:base</code> origin appears
|
|
in the output document subset and also children
|
|
with <code>xml:base</code>, which do not
|
|
require further processing, are also
|
|
present.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-1.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)
|
|
[ancestor-or-self::ietf:c14n11XmlBaseDoc1 and
|
|
not(ancestor-or-self::ietf:e2)]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-1.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:c14n11XmlBaseDoc1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org"\
|
|
+ xml:base="http://xmlbase.example.org/xmlbase0/">
|
|
<ietf:e1 xml:base="/xmlbase1/">
|
|
<ietf:e11 xml:base="/xmlbase11/">
|
|
<ietf:e111 xml:base="/xmlbase111/"></ietf:e111>
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<ietf:e121 xml:base="/xmlbase121/"></ietf:e121>
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
|
|
<ietf:e3>
|
|
<ietf:e31 at="3"></ietf:e31>
|
|
</ietf:e3>
|
|
</ietf:c14n11XmlBaseDoc1>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlbase-prop-2" id=
|
|
"c14n11xmlbase-prop-2"></a>3.2.4.1.2 Test case
|
|
c14n11/xmlbase-prop-2</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The document shown above. The
|
|
<code>ds:Transform</code> contains a XPath
|
|
expression whose result is a node set that
|
|
includes element <code>ietf:e1</code> and its
|
|
descendant but not
|
|
<code>ietf:c14n11XmlBaseDoc1</code>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> properly build
|
|
the <code>xml:base</code> at the first level
|
|
(<code>ietf:e1</code>).</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-2.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)
|
|
[ancestor-or-self::ietf:e1]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-2.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org"\
|
|
+ xml:base="http://xmlbase.example.org/xmlbase1/">
|
|
<ietf:e11 xml:base="/xmlbase11/">
|
|
<ietf:e111 xml:base="/xmlbase111/"></ietf:e111>
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<ietf:e121 xml:base="/xmlbase121/"></ietf:e121>
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlbase-prop-3" id=
|
|
"c14n11xmlbase-prop-3"></a>3.2.4.1.3 Test case
|
|
c14n11/xmlbase-prop-3</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The document shown above. The
|
|
<code>ds:Transform</code> contains a XPath
|
|
expression whose result is a node set that
|
|
includes element <code>ietf:e11</code> and its
|
|
descendant. Elements
|
|
<code>ietf:c14n11XmlBaseDoc1</code> and
|
|
<code>ietf:e1</code> do not appear.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> properly build
|
|
the <code>xml:base</code> if one of
|
|
intermediate the levels (<code>ietf:e1</code>)
|
|
are absent from the document subset.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-3.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)
|
|
[ancestor-or-self::ietf:e11]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-3.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e11 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org"\
|
|
+ xml:base="http://xmlbase.example.org/xmlbase11/">
|
|
<ietf:e111 xml:base="/xmlbase111/"></ietf:e111>
|
|
</ietf:e11>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlbase-prop-4" id=
|
|
"c14n11xmlbase-prop-4"></a>3.2.4.1.4 Test case
|
|
c14n11/xmlbase-prop-4</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The document shown above. The
|
|
<code>ds:Transform</code> contains a XPath
|
|
expression whose result is a node set that
|
|
includes element <code>ietf:e111</code> and its
|
|
descendant. Elements
|
|
<code>ietf:c14n11XmlBaseDoc1</code>,
|
|
<code>ietf:e11</code> and <code>ietf:e1</code>
|
|
do not appear.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> properly build
|
|
the <code>xml:base</code> if several
|
|
intermediate levels (<code>ietf:e1</code> and
|
|
<code>ietf:e11</code>) are absent from the
|
|
document subset.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-4.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)
|
|
[ancestor-or-self::ietf:e111]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-4.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e111 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org"\
|
|
+ xml:base="http://xmlbase.example.org/xmlbase111/"></ietf:e111>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlbase-prop-5" id=
|
|
"c14n11xmlbase-prop-5"></a>3.2.4.1.5 Test case
|
|
c14n11/xmlbase-prop-5</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The document shown above. The
|
|
<code>ds:Transform</code> contains a XPath
|
|
expression whose result is a node set that
|
|
includes element <code>ietf:e2</code> and its
|
|
descendant. Elements
|
|
<code>ietf:c14n11XmlBaseDoc1</code>,
|
|
<code>ietf:e1</code> and its descendant, and
|
|
<code>ietf:e3</code> and its descendant do not
|
|
appear.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> properly build
|
|
the <code>xml:base</code> if one intermediate
|
|
level (<code>ietf:e2</code>) without any
|
|
<code>xml:base</code> attribute is absent from
|
|
the document subset.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-5.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)
|
|
[ancestor-or-self::ietf:e21]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-5.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e21 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org"\
|
|
+ xml:base="http://xmlbase.example.org/xmlbase21/"></ietf:e21>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlbase-prop-6" id=
|
|
"c14n11xmlbase-prop-6"></a>3.2.4.1.6 Test case
|
|
c14n11/xmlbase-prop-6</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The document shown above. The
|
|
<code>ds:Transform</code> contains a XPath
|
|
expression whose result is a node set that
|
|
includes element <code>ietf:e3</code> and its
|
|
descendant. Elements
|
|
<code>ietf:c14n11XmlBaseDoc1</code>,
|
|
<code>ietf:e1</code> and its descendant, and
|
|
<code>ietf:e2</code> and its descendant do not
|
|
appear.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> properly build
|
|
the <code>xml:base</code> in one element that
|
|
originally had no <code>xml:base</code>
|
|
attribute.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-6.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)
|
|
[ancestor-or-self::ietf:e3]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-6.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:e3 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org"\
|
|
+ xml:base="http://xmlbase.example.org/xmlbase0/">
|
|
<ietf:e31 at="3"></ietf:e31>
|
|
</ietf:e3>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlbase-prop-7" id=
|
|
"c14n11xmlbase-prop-7"></a>3.2.4.1.7 Test case
|
|
c14n11/xmlbase-prop-7</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The document shown above. The
|
|
<code>ds:Transform</code> contains a XPath
|
|
expression whose result is a node set that
|
|
includes elements
|
|
<code>ietf:c14n11XmlBaseDoc1</code> and
|
|
<code>ietf:e3</code> and its descendant.
|
|
Elements <code>ietf:e1</code> and its
|
|
descendant, and <code>ietf:e2</code> and its
|
|
descendant do not appear.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> do not pass
|
|
the <code>xml:base</code> to another element
|
|
when it is not necessary.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-7.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)
|
|
[ancestor-or-self::ietf:c14n11XmlBaseDoc1 and
|
|
not(ancestor-or-self::ietf:e1 or
|
|
ancestor-or-self::ietf:e2)]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-prop-7.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<ietf:c14n11XmlBaseDoc1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org"\
|
|
+ xml:base="http://xmlbase.example.org/xmlbase0/">
|
|
|
|
|
|
<ietf:e3>
|
|
<ietf:e31 at="3"></ietf:e31>
|
|
</ietf:e3>
|
|
</ietf:c14n11XmlBaseDoc1>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="div4">
|
|
<h5><a name="XMLBASE_C14N11SPEC" id=
|
|
"XMLBASE_C14N11SPEC"></a>3.2.4.2 Test Cases for
|
|
checking XML-C14N1.1 specification tests</h5>
|
|
|
|
<p>This section defines test cases that are based on
|
|
the examples in the C14N11 specification that propagate
|
|
<code>xml:base</code> attributes through the tree when
|
|
the result of the filtering is a document subset.</p>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlbase-c14n11spec-102" id=
|
|
"c14n11xmlbase-c14n11spec-102"></a>3.2.4.2.1 Test
|
|
case c14n11/xmlbase-c14n11spec-102</h6>
|
|
|
|
<p>Below is the <a href=
|
|
"c14n11/xmlbase-c14n11spec-input.xml">input
|
|
document</a> from section 3.8 of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> for the test case
|
|
c14n11/xmlbase-c14n11spec-102 below:</p>
|
|
|
|
<div class="exampleInner">
|
|
<pre>
|
|
<!DOCTYPE doc [
|
|
<!ATTLIST e2 xml:space (default|preserve) 'preserve'>
|
|
<!ATTLIST e3 id ID #IMPLIED>
|
|
]>
|
|
<doc xmlns="http://www.ietf.org" xmlns:w3c="http://www.w3.org"\
|
|
+ xml:base="http://www.example.com/something/else">
|
|
<e1>
|
|
<e2 xmlns="" xml:id="abc" xml:base="../bar/">
|
|
<e3 id="E3" xml:base="foo"/>
|
|
</e2>
|
|
</e1>
|
|
</doc>
|
|
|
|
</pre>
|
|
</div>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The input document shown above.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that correct xml:base fixup is
|
|
performed.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-c14n11spec-102.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)[self::ietf:e1
|
|
or (parent::ietf:e1 and not(self::text() or
|
|
self::e2)) or
|
|
count(id("E3")|ancestor-or-self::node()) =
|
|
count(ancestor-or-self::node())]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-c14n11spec-102.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<e1 xmlns="http://www.ietf.org" xmlns:w3c="http://www.w3.org"\
|
|
+ xml:base="http://www.example.com/something/else">\
|
|
+ <e3 xmlns="" id="E3" xml:base="../bar/foo" xml:space="preserve">\
|
|
+ </e3></e1>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlbase-c14n11spec2-102" id=
|
|
"c14n11xmlbase-c14n11spec2-102"></a>3.2.4.2.2 Test
|
|
case c14n11/xmlbase-c14n11spec2-102</h6>
|
|
|
|
<p>Below is the <a href=
|
|
"c14n11/xmlbase-c14n11spec2-input.xml">input
|
|
document</a> similar to the example from section 3.8
|
|
of <a href="#XML-C14N1.1">[XML-C14N1.1]</a> for the
|
|
test case c14n11/xmlbase-c14n11spec-102 below. The
|
|
main difference is that the value of the xml:base
|
|
attribute of the e2 element is "bar/" instead of
|
|
"../bar".</p>
|
|
|
|
<div class="exampleInner">
|
|
<pre>
|
|
<!DOCTYPE doc [
|
|
<!ATTLIST e2 xml:space (default|preserve) 'preserve'>
|
|
<!ATTLIST e3 id ID #IMPLIED>
|
|
]>
|
|
<doc xmlns="http://www.ietf.org" xmlns:w3c="http://www.w3.org"\
|
|
+ xml:base="something/else">
|
|
<e1>
|
|
<e2 xmlns="" xml:id="abc" xml:base="bar/">
|
|
<e3 id="E3" xml:base="foo"/>
|
|
</e2>
|
|
</e1>
|
|
</doc>
|
|
|
|
</pre>
|
|
</div>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The input document shown above.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that correct xml:base fixup is
|
|
performed.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-c14n11spec2-102.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*)[self::ietf:e1
|
|
or (parent::ietf:e1 and not(self::text() or
|
|
self::e2)) or
|
|
count(id("E3")|ancestor-or-self::node()) =
|
|
count(ancestor-or-self::node())]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-c14n11spec2-102.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<e1 xmlns="http://www.ietf.org" xmlns:w3c="http://www.w3.org"\
|
|
+ xml:base="something/else">\
|
|
+ <e3 xmlns="" id="E3" xml:base="bar/foo" xml:space="preserve">\
|
|
+ </e3></e1>
|
|
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlbase-c14n11spec3-103" id=
|
|
"c14n11xmlbase-c14n11spec3-103"></a>3.2.4.2.3 Test
|
|
case c14n11/xmlbase-c14n11spec3-103</h6>
|
|
|
|
<p>Below is the <a href=
|
|
"c14n11/xmlbase-c14n11spec3-input.xml">input
|
|
document</a> from section 2.4 of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> for the test case
|
|
c14n11/xmlbase-c14n11spec-103 below.</p>
|
|
|
|
<div class="exampleInner">
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<a xml:base="foo/bar">
|
|
<b xml:base="..">
|
|
<c xml:base="..">
|
|
<d xml:base="x">
|
|
</d>
|
|
</c>
|
|
</b>
|
|
</a>
|
|
|
|
</pre>
|
|
</div>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The input document shown above.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that correct xml:base fixup is
|
|
performed. This test illustrates the
|
|
modification of the "Remove Dot Segments"
|
|
algorithm.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-c14n11spec3-103.xpath">Document
|
|
subset expression</a></th>
|
|
|
|
<td>(//. | //@* | //namespace::*) [self::a or
|
|
ancestor-or-self::d]</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/xmlbase-c14n11spec3-103.output">Output</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<a xml:base="foo/bar"><d xml:base="../../x">
|
|
</d></a>
|
|
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="div3">
|
|
<h4><a name="XMLBASE_APPENDIXA" id=
|
|
"XMLBASE_APPENDIXA"></a>3.2.5 Test Cases for checking
|
|
examples in the XML-C14N1.1 Appendix</h4>
|
|
|
|
<p>This section defines test cases for checking if
|
|
implementations are compliant with <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a>, specifically the
|
|
normative rules in the <a href=
|
|
"http://www.w3.org/TR/2008/PR-xml-c14n11-20080129/#DocSubsets">
|
|
Document Subsets</a> section. Informative examples are
|
|
given in <a href=
|
|
"http://www.w3.org/TR/2008/PR-xml-c14n11-20080129/#appendix">
|
|
the Appendix</a> of C14N11.</p>
|
|
|
|
<p>Each test case in this section specifies an input
|
|
string, representing a URI that must be processed
|
|
according to the modified Remove Dot Segments algorithm
|
|
described in Section 2.4 (Document Subsets) of <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a>.</p>
|
|
|
|
<p>Each test case appears in a row of the table shown
|
|
below. The first column identifies the input URI that has
|
|
to be processed. The second column shows the
|
|
corresponding output.</p>
|
|
|
|
<div class="div5">
|
|
<h6><a name="c14n11xmlbase-annexa" id=
|
|
"c14n11xmlbase-annexa"></a>3.2.5.1 Test case
|
|
c14n11/xmlbase-annexa</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th><a href=
|
|
"c14n11/appendixa/inputs.txt">inputs.txt</a></th>
|
|
|
|
<th><a href=
|
|
"c14n11/appendixa/outputs.txt">outputs.txt</a></th>
|
|
</tr>
|
|
|
|
<tr>
|
|
<td>
|
|
<pre>
|
|
no/.././/pseudo-netpath/seg/file.ext
|
|
no/..//.///pseudo-netpath/seg/file.ext
|
|
yes/no//..//.///pseudo-netpath/seg/file.ext
|
|
no/../yes
|
|
no/../yes/
|
|
no/../yes/no/..
|
|
../../no/../..
|
|
no/../..
|
|
no/..
|
|
no/../
|
|
/a/b/c/./../../g
|
|
mid/content=5/../6
|
|
../../..
|
|
no/../../
|
|
..yes/..no/..no/..no/../../../..yes
|
|
..yes/..no/..no/..no/../../../..yes/
|
|
../..
|
|
../../../
|
|
.
|
|
./
|
|
./.
|
|
//no/..
|
|
../../no/..
|
|
../../no/../
|
|
yes/no/../
|
|
yes/no/no/../..
|
|
yes/no/no/no/../../..
|
|
yes/no/../yes/no/no/../..
|
|
yes/no/no/no/../../../yes
|
|
yes/no/no/no/../../../yes/
|
|
/no/../
|
|
/yes/no/../
|
|
/yes/no/no/../..
|
|
/yes/no/no/no/../../..
|
|
../../..no/..
|
|
../../..no/../
|
|
..yes/..no/../
|
|
..yes/..no/..no/../..
|
|
..yes/...no/..no/..no/../../..
|
|
..yes/..no/../..yes/..no/..no/../..
|
|
/..no/../
|
|
/..yes/..no/../
|
|
/..yes/..no/..no/../..
|
|
/..yes/..no/..no/..no/../../..
|
|
/
|
|
/.
|
|
/./
|
|
/./.
|
|
/././
|
|
/..
|
|
/../..
|
|
/../../..
|
|
/../../..
|
|
//..
|
|
//..//..
|
|
//..//..//..
|
|
/./..
|
|
/./.././..
|
|
/./.././.././..
|
|
.
|
|
./
|
|
./.
|
|
..
|
|
../
|
|
</pre>
|
|
</td>
|
|
|
|
<td>
|
|
<pre>
|
|
pseudo-netpath/seg/file.ext
|
|
pseudo-netpath/seg/file.ext
|
|
yes/pseudo-netpath/seg/file.ext
|
|
yes
|
|
yes/
|
|
yes/
|
|
../../../
|
|
../
|
|
/a/g
|
|
mid/6
|
|
../../../
|
|
../
|
|
..yes/..yes
|
|
..yes/..yes/
|
|
../../
|
|
../../../
|
|
/
|
|
../../
|
|
../../
|
|
yes/
|
|
yes/
|
|
yes/
|
|
yes/yes/
|
|
yes/yes
|
|
yes/yes/
|
|
/
|
|
/yes/
|
|
/yes/
|
|
/yes/
|
|
../../
|
|
../../
|
|
..yes/
|
|
..yes/
|
|
..yes/
|
|
..yes/..yes/
|
|
/
|
|
/..yes/
|
|
/..yes/
|
|
/..yes/
|
|
/
|
|
/
|
|
/
|
|
/
|
|
/
|
|
/
|
|
/
|
|
/
|
|
/
|
|
/
|
|
/
|
|
/
|
|
/
|
|
/
|
|
/
|
|
../
|
|
../
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="div2">
|
|
<h3><a name="TestCases-XMLDSig" id=
|
|
"TestCases-XMLDSig"></a>3.3 Test Cases for XMLDSig</h3>
|
|
|
|
<div class="div3">
|
|
<h4><a name="TestCases-XMLDSig-C14n11" id=
|
|
"TestCases-XMLDSig-C14n11"></a>3.3.1 Test Cases for C14N
|
|
1.1 in XMLDSig</h4>
|
|
|
|
<p>The test cases in section <a href=
|
|
"#TestCases-C14n11">[TestCases-C14n11]</a> are performed
|
|
in the context of XMLDSig as well. Here it should be
|
|
noted that this is performed in a different location
|
|
(i.e. <a href="xmldsig/c14n11/">xmldsig/c14n11/</a>)
|
|
and the XPath-Filter expression in the
|
|
<code>ds:Transform/ds:XPath</code> should be equal to the
|
|
filter step of the XPath expressions in section <a href=
|
|
"#TestCases-C14n11">[TestCases-C14n11]</a> (cf. <a href=
|
|
"http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Sep/0017.html">
|
|
explanation</a>). The test cases are specified by an
|
|
"unsigned" <code>ds:Signature</code> (without
|
|
<code>ds:DigestValue</code> and
|
|
<code>ds:SignatureValue</code>) in files in <a href=
|
|
"xmldsig/c14n11/">xmldsig/c14n11/</a> having the
|
|
postfix <code>...-template.xml</code>.</p>
|
|
</div>
|
|
|
|
<div class="div3">
|
|
<h4><a name="TestCases-DefaultCan" id=
|
|
"TestCases-DefaultCan"></a>3.3.2 Test Cases on nodeset to
|
|
octet-stream conversion by C14n 1.1 explicitly reflected
|
|
in the chain of transforms</h4>
|
|
|
|
<p>The set of test cases in this section test the
|
|
<a href="http://www.w3.org/2007/xmlsec/Drafts/xmldsig-core/#sec-ReferenceGeneration">
|
|
Reference Generation</a> steps of <a href=
|
|
"#XMLDSIG2">[XMLDSIG2]</a> and its rules that manage the
|
|
contents of the <code>Transforms</code> element when
|
|
nodeset to octet-stream conversions are to be performed
|
|
by canonicalization.</p>
|
|
|
|
<p>General rules for these test cases:</p>
|
|
|
|
<ul>
|
|
<li>
|
|
<p>Test cases contain a <code>ds:Transforms</code>
|
|
element with one child, containing a XPath filter
|
|
that depends on the test case.</p>
|
|
</li>
|
|
</ul>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigdefCan-1" id=
|
|
"xmldsigdefCan-1"></a>3.3.2.1 Test case
|
|
xmldsig/defCan-1</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The same <a href=
|
|
"xmldsig/c14n11/xml-base-input.xml">input
|
|
document</a> as in section <a href=
|
|
"#XMLBASE">[XMLBASE]</a>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations and APIs of
|
|
<a href="#XMLDSIG2">[XMLDSIG2]</a> honor the
|
|
recommendation to use <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> in section 3.1.1
|
|
"Reference Generation" of <a href=
|
|
"#XMLDSIG2">[XMLDSIG2]</a> and make its use
|
|
explicit as a <code>ds:Transform</code>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/defCan-1-template.xml">Template</a></th>
|
|
|
|
<td>This <a href=
|
|
"xmldsig/defCan-1-template.xml">template</a>
|
|
can be used to instruct some API to create a
|
|
signature with a chain of transforms that would
|
|
require implicit transformations from a node set
|
|
to an octet stream. It is expected that c14n11 is
|
|
inserted at the relevant places.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/defCan-1-signature.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>\
|
|
+ <Reference URI="c14n11/xml-base-input.xml"><Transforms>\
|
|
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">\
|
|
+ <XPath xmlns:ietf="http://www.ietf.org">\
|
|
+ ancestor-or-self::ietf:c14n11XmlBaseDoc1 and\
|
|
+ not(ancestor-or-self::ietf:e2)</XPath></Transform>\
|
|
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ </Transforms>\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>t7d2cL8Ink8A5i3cS9/bu9MBBU8=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>LR4s+Nxoq3VZO1NiCLoiovfCpK4=</SignatureValue>\
|
|
+ </Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigdefCan-2" id=
|
|
"xmldsigdefCan-2"></a>3.3.2.2 Test case
|
|
xmldsig/defCan-2</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The same <a href=
|
|
"xmldsig/c14n11/xml-base-input.xml">input
|
|
document</a> as in section <a href=
|
|
"#XMLBASE">[XMLBASE]</a>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations and APIs of
|
|
<a href="#XMLDSIG2">[XMLDSIG2]</a> honor the
|
|
recommendation to use <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> in section 3.1.1
|
|
"Reference Generation" of <a href=
|
|
"#XMLDSIG2">[XMLDSIG2]</a> and make it's use
|
|
explicit as a <code>ds:Transform</code>. It is
|
|
expected that c14n11 is inserted at the relevant
|
|
places.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/defCan-2-template.xml">Template</a></th>
|
|
|
|
<td>This <a href=
|
|
"xmldsig/defCan-2-template.xml">template</a>
|
|
can be used to instruct some API to create a
|
|
signature with a chain of transforms that would
|
|
require implicit transformations from a node set
|
|
to an octet stream. The focus in this test case
|
|
is to assure that c14n11 is inserted before
|
|
transforms requiring an octet stream as input and
|
|
also at the end of the chain of transforms if
|
|
necessary because the last transform resulted in
|
|
a node set.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/defCan-2-signature.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>\
|
|
+ <Reference URI="c14n11/xml-base-input.xml"><Transforms>\
|
|
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">\
|
|
+ <XPath xmlns:ietf="http://www.ietf.org">\
|
|
+ ancestor-or-self::ietf:e21</XPath></Transform>\
|
|
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">\
|
|
+ <xsl:stylesheet version="1.0"\
|
|
+ xmlns="http://www.w3.org/1999/XSL/Transform"\
|
|
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">\
|
|
+ <xsl:template match="@*|node()"><xsl:copy>\
|
|
+ <xsl:apply-templates select="@*|node()"/></xsl:copy>\
|
|
+ </xsl:template></xsl:stylesheet></Transform>\
|
|
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">\
|
|
+ <XPath xmlns:ietf="http://www.ietf.org">1</XPath>\
|
|
+ </Transform>\
|
|
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ </Transforms>\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>fL7Igzs0LL7lKHJzAJIKYCphYBo=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>bKQLywY51VZwjutUX/CUMsVs6RE=</SignatureValue>\
|
|
+ </Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigdefCan-3" id=
|
|
"xmldsigdefCan-3"></a>3.3.2.3 Test case
|
|
xmldsig/defCan-3</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The same <a href=
|
|
"xmldsig/c14n11/xml-base-input.xml">input
|
|
document</a> as in section <a href=
|
|
"#XMLBASE">[XMLBASE]</a>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations and APIs of
|
|
<a href="#XMLDSIG2">[XMLDSIG2]</a> honor the
|
|
recommendation to use <a href=
|
|
"#XML-C14N1.1">[XML-C14N1.1]</a> in section 3.1.1
|
|
"Reference Generation" of <a href=
|
|
"#XMLDSIG2">[XMLDSIG2]</a> and make it's use
|
|
explicit as a <code>ds:Transform</code>. It is
|
|
expected that c14n11 is inserted at the relevant
|
|
places. The focus in this test case is to assure
|
|
that c14n11 is inserted before transforms
|
|
requiring an octet stream as input but not
|
|
inserted at the end of the chain of transforms,
|
|
which is not necessary because the last transform
|
|
resulted in an octet stream.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/defCan-3-template.xml">Template</a></th>
|
|
|
|
<td>This <a href=
|
|
"xmldsig/defCan-3-template.xml">template</a>
|
|
can be used to instruct some API to create a
|
|
signature with a chain of transforms that would
|
|
require implicit transformations from a node set
|
|
to an octet stream.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/defCan-3-signature.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>\
|
|
+ <Reference URI="c14n11/xml-base-input.xml"><Transforms>\
|
|
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">\
|
|
+ <XPath xmlns:ietf="http://www.ietf.org">\
|
|
+ ancestor-or-self::ietf:e21</XPath></Transform>\
|
|
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">\
|
|
+ <xsl:stylesheet version="1.0"\
|
|
+ xmlns="http://www.w3.org/1999/XSL/Transform"\
|
|
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">\
|
|
+ <xsl:template match="@*|node()"><xsl:copy>\
|
|
+ <xsl:apply-templates select="@*|node()"/></xsl:copy>\
|
|
+ </xsl:template></xsl:stylesheet></Transform>\
|
|
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">\
|
|
+ <XPath xmlns:ietf="http://www.ietf.org">1</XPath>\
|
|
+ </Transform>\
|
|
+ <Transform Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">\
|
|
+ <xsl:stylesheet version="1.0"\
|
|
+ xmlns="http://www.w3.org/1999/XSL/Transform"\
|
|
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform">\
|
|
+ <xsl:template match="@*|node()"><xsl:copy>\
|
|
+ <xsl:apply-templates select="@*|node()"/></xsl:copy>\
|
|
+ </xsl:template></xsl:stylesheet></Transform>\
|
|
+ </Transforms>\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>hqabUu4fEZp7GK5JRyFC26W5JBk=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>9+wp0W9xwL5X3kSttxABZ7p/kU0=</SignatureValue>\
|
|
+ </Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="div3">
|
|
<h4><a name="TestCases-SchemaBasedXPointers" id=
|
|
"TestCases-SchemaBasedXPointers"></a>3.3.3 Test Cases on
|
|
schema based XPointers and canonicalization</h4>
|
|
|
|
<p>This section defines test cases that test if
|
|
implementations behave correctly when processing both
|
|
schema-based xpointers and short-name xpointers with
|
|
regards to comments present in the to be signed xml data
|
|
object.</p>
|
|
|
|
<p>The following rules apply to the test cases in this
|
|
section:</p>
|
|
|
|
<ul>
|
|
<li>
|
|
<p>As the model processing is defined in <a href=
|
|
"#XMLDSIG2">[XMLDSIG2]</a>, the test cases are based
|
|
on XML signatures. For each test case, an XML
|
|
signature will be generated and validated. The
|
|
signatures will be enveloped signatures when the
|
|
<code>URI</code> attribute is referencing the root
|
|
element and enveloping when the <code>URI</code>
|
|
attribute is referencing an element using its Id
|
|
attribute.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p>The input for the test cases is the to be signed
|
|
xml data object shown below and the
|
|
<code>ds:Reference</code>'s <code>URI</code>
|
|
attribute value (a schema-based xpointer or a
|
|
short-name pointer).</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p>The <code>ds:Reference</code> for enveloped
|
|
signatures will eventually contain two
|
|
<code>Transform</code> elements, namely; the
|
|
enveloped signature transform and the conversion from
|
|
node set data to octet stream (canonical XML
|
|
1.1).</p>
|
|
</li>
|
|
</ul>
|
|
|
|
<p>Below is the input document for the test cases in this
|
|
section:</p>
|
|
|
|
<div class="exampleInner">
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>
|
|
<ietf:c14n11XmlPointerDoc1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org" >
|
|
\
|
|
+ <!-- This is a xml document for checking behaviour of tools with\
|
|
+ regards to comments when using scheme-based xpointers in the\
|
|
+ ds:Reference's URI attribute -->
|
|
<ietf:e1 xml:id="e1ID">
|
|
<!-- This is a comment for ietf:e1 element -->
|
|
<ietf:e11 >
|
|
<!-- This is a comment for ietf:e11 element -->
|
|
<ietf:e111 />
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<!-- This is a comment for ietf:e12 element -->
|
|
<ietf:e121 />
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
<ietf:e2 xml:id="e2ID">
|
|
<!-- This is a comment for ietf:e2 element -->
|
|
<ietf:e21 />
|
|
</ietf:e2>
|
|
<ietf:e3 xml:id="e3ID">
|
|
<ietf:e31 at="3"/>
|
|
</ietf:e3>
|
|
</ietf:c14n11XmlPointerDoc1>
|
|
</pre>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigxpointer-1" id=
|
|
"xmldsigxpointer-1"></a>3.3.3.1 Test case
|
|
xmldsig/xpointer-1</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The signature is an enveloped signature. It
|
|
appears as the last child of the root element.
|
|
The document enveloping the signature is the one
|
|
shown at the beginning of this section. The value
|
|
of the <code>URI</code> attribute is
|
|
"#xpointer(/)" (find it <a href=
|
|
"xmldsig/xpointer/xpointer-1.pointervalue">here</a>).</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations, following the
|
|
rules stated in the <a href=
|
|
"#XMLDSIG2">[XMLDSIG2]</a> model, dereference the
|
|
URI getting the root element and its descendant,
|
|
and that comments are preserved before proceeding
|
|
with the computation of digest.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/xpointer/xpointer-1-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>\
|
|
+ <ietf:c14n11XmlPointerDoc1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org">
|
|
\
|
|
+ <!-- This is a xml document for checking behaviour of tools with\
|
|
+ regards to comments when using scheme-based xpointers in the\
|
|
+ ds:Reference's URI attribute -->
|
|
<ietf:e1 xml:id="e1ID">
|
|
<!-- This is a comment for ietf:e1 element -->
|
|
<ietf:e11>
|
|
<!-- This is a comment for ietf:e11 element -->
|
|
<ietf:e111/>
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<!-- This is a comment for ietf:e12 element -->
|
|
<ietf:e121/>
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
<ietf:e2 xml:id="e2ID">
|
|
<!-- This is a comment for ietf:e2 element -->
|
|
<ietf:e21/>
|
|
</ietf:e2>
|
|
<ietf:e3 xml:id="e3ID">
|
|
<ietf:e31 at="3"/>
|
|
</ietf:e3>
|
|
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>\
|
|
+ <Reference URI="#xpointer(/)"><Transforms>\
|
|
+ <Transform\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>\
|
|
+ <Transform\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/>\
|
|
+ </Transforms>\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>/IZyGLL72rXhisXRkB617TxJrL8=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>E4gxKwllVjvvlUQFe9p/ssO7Yxw=</SignatureValue>\
|
|
+ </Signature></ietf:c14n11XmlPointerDoc1>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigxpointer-2" id=
|
|
"xmldsigxpointer-2"></a>3.3.3.2 Test case
|
|
xmldsig/xpointer-2</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The signature is an enveloping signature. The
|
|
enveloped document is the one shown at the
|
|
beginning of this section. The value of the
|
|
<code>URI</code> attribute is
|
|
"#xpointer(id('e1ID'))" (find it <a href=
|
|
"xmldsig/xpointer/xpointer-2.pointervalue">here</a>).</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations, following the
|
|
rules stated in the <a href=
|
|
"#XMLDSIG2">[XMLDSIG2]</a> model, dereference the
|
|
URI getting an element identified by its id
|
|
attribute as well as its descendant, and that
|
|
comments are preserved before proceeding with the
|
|
computation of digest.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/xpointer/xpointer-2-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>\
|
|
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>\
|
|
+ <Reference URI="#xpointer(id('e1ID'))"><Transforms>\
|
|
+ <Transform\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/>\
|
|
+ </Transforms>\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>XhSsDpWTt+ti0kcU9XYpleRDHfQ=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>brEpICVA4lg7eQwz7i/rlBmYXiU=</SignatureValue>\
|
|
+ <Object>\
|
|
+ <ietf:c14n11XmlPointerDoc1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org">
|
|
\
|
|
+ <!-- This is a xml document for checking behaviour of tools with\
|
|
+ regards to comments when using scheme-based xpointers in the\
|
|
+ ds:Reference's URI attribute -->
|
|
<ietf:e1 xml:id="e1ID">
|
|
<!-- This is a comment for ietf:e1 element -->
|
|
<ietf:e11>
|
|
<!-- This is a comment for ietf:e11 element -->
|
|
<ietf:e111/>
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<!-- This is a comment for ietf:e12 element -->
|
|
<ietf:e121/>
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
<ietf:e2 xml:id="e2ID">
|
|
<!-- This is a comment for ietf:e2 element -->
|
|
<ietf:e21/>
|
|
</ietf:e2>
|
|
<ietf:e3 xml:id="e3ID">
|
|
<ietf:e31 at="3"/>
|
|
</ietf:e3>
|
|
</ietf:c14n11XmlPointerDoc1></Object></Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigxpointer-3" id=
|
|
"xmldsigxpointer-3"></a>3.3.3.3 Test case
|
|
xmldsig/xpointer-3</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The signature is an enveloped signature. It
|
|
appears as the last child of the root element.
|
|
The document enveloping the signature is the one
|
|
shown at the beginning of this section. The value
|
|
of the <code>URI</code> attribute is "".</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations, following the
|
|
rules stated in the <a href=
|
|
"#XMLDSIG2">[XMLDSIG2]</a> model, dereference the
|
|
URI getting the root element and its descendant,
|
|
and that comments are not preserved before
|
|
proceeding with the computation of digest.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/xpointer/xpointer-3-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>\
|
|
+ <ietf:c14n11XmlPointerDoc1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org">
|
|
\
|
|
+ <!-- This is a xml document for checking behaviour of tools with\
|
|
+ regards to comments when using scheme-based xpointers in the\
|
|
+ ds:Reference's URI attribute -->
|
|
<ietf:e1 xml:id="e1ID">
|
|
<!-- This is a comment for ietf:e1 element -->
|
|
<ietf:e11>
|
|
<!-- This is a comment for ietf:e11 element -->
|
|
<ietf:e111/>
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<!-- This is a comment for ietf:e12 element -->
|
|
<ietf:e121/>
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
<ietf:e2 xml:id="e2ID">
|
|
<!-- This is a comment for ietf:e2 element -->
|
|
<ietf:e21/>
|
|
</ietf:e2>
|
|
<ietf:e3 xml:id="e3ID">
|
|
<ietf:e31 at="3"/>
|
|
</ietf:e3>
|
|
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>\
|
|
+ <Reference URI=""><Transforms>\
|
|
+ <Transform\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>\
|
|
+ <Transform\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/>\
|
|
+ </Transforms>\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>gaV5r7qC3Ve/t641+d3ykN8JFSc=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>gS1QKSwAH/6eE3OFi/L9O0oKKig=</SignatureValue>\
|
|
+ </Signature></ietf:c14n11XmlPointerDoc1>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigxpointer-4" id=
|
|
"xmldsigxpointer-4"></a>3.3.3.4 Test case
|
|
xmldsig/xpointer-4</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The signature is an enveloping signature. The
|
|
enveloped document is the one shown at the
|
|
beginning of this section. The value of the
|
|
<code>URI</code> attribute is "#e1ID" (find it
|
|
<a href=
|
|
"xmldsig/xpointer/xpointer-4.pointervalue">here</a>).</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations, following the
|
|
rules stated in the <a href=
|
|
"#XMLDSIG2">[XMLDSIG2]</a> model, dereference the
|
|
URI getting an element identified by its id
|
|
attribute as well as its descendant, and that
|
|
comments are not preserved before proceeding with
|
|
the computation of digest.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/xpointer/xpointer-4-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>\
|
|
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>\
|
|
+ <Reference URI="#e1ID"><Transforms>\
|
|
+ <Transform\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/>\
|
|
+ </Transforms>\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>3K+K4MbR2EW7l/ry59XockKqt4g=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>dgyjONUs9rBjW7PH25seGqcMNZY=</SignatureValue>\
|
|
+ <Object>\
|
|
+ <ietf:c14n11XmlPointerDoc1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org">
|
|
\
|
|
+ <!-- This is a xml document for checking behaviour of tools with\
|
|
+ regards to comments when using scheme-based xpointers in the\
|
|
+ ds:Reference's URI attribute -->
|
|
<ietf:e1 xml:id="e1ID">
|
|
<!-- This is a comment for ietf:e1 element -->
|
|
<ietf:e11>
|
|
<!-- This is a comment for ietf:e11 element -->
|
|
<ietf:e111/>
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<!-- This is a comment for ietf:e12 element -->
|
|
<ietf:e121/>
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
<ietf:e2 xml:id="e2ID">
|
|
<!-- This is a comment for ietf:e2 element -->
|
|
<ietf:e21/>
|
|
</ietf:e2>
|
|
<ietf:e3 xml:id="e3ID">
|
|
<ietf:e31 at="3"/>
|
|
</ietf:e3>
|
|
</ietf:c14n11XmlPointerDoc1></Object></Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigxpointer-5" id=
|
|
"xmldsigxpointer-5"></a>3.3.3.5 Test case
|
|
xmldsig/xpointer-5</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The signature is an enveloping signature and
|
|
signs three elements from the document. The
|
|
enveloped document is the one shown at the
|
|
beginning of this section. There are three
|
|
<code>ds:Reference</code> elements. For the first
|
|
one the value of the <code>URI</code> attribute
|
|
is "#xpointer(id('e1ID'))" (find it <a href=
|
|
"xmldsig/xpointer/xpointer-5-firsturi.pointervalue">
|
|
here</a>). For the second, it is
|
|
"#xpointer(id('e2ID'))" (find it <a href=
|
|
"xmldsig/xpointer/xpointer-5-seconduri.pointervalue">
|
|
here</a>). For the third one, it is
|
|
"#xpointer(id('e3ID'))" (find it <a href=
|
|
"xmldsig/xpointer/xpointer-5-thirduri.pointervalue">
|
|
here</a>).</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check implementation's behaviour when
|
|
processing several elements (with and without
|
|
comments) referenced by its Id attribute using a
|
|
schema-based xpointer.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/xpointer/xpointer-5-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>\
|
|
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>\
|
|
+ <Reference URI="#xpointer(id('e1ID'))"><Transforms>\
|
|
+ <Transform\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/>\
|
|
+ </Transforms>\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>XhSsDpWTt+ti0kcU9XYpleRDHfQ=</DigestValue>\
|
|
+ </Reference><Reference URI="#xpointer(id('e2ID'))">\
|
|
+ <Transforms>\
|
|
+ <Transform\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/>\
|
|
+ </Transforms>\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>abyA1j4yzf1IgQLWwDwKuU9l8Ik=</DigestValue>\
|
|
+ </Reference><Reference URI="#xpointer(id('e3ID'))">\
|
|
+ <Transforms>\
|
|
+ <Transform\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/>\
|
|
+ </Transforms>\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>RUUBiUeFf8uRqTlpCyutkXDqnJ4=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>sG+0pHk9TB6v7jES9RZUIVKMFos=</SignatureValue>\
|
|
+ <Object>\
|
|
+ <ietf:c14n11XmlPointerDoc1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org">
|
|
\
|
|
+ <!-- This is a xml document for checking behaviour of tools with\
|
|
+ regards to comments when using scheme-based xpointers in the\
|
|
+ ds:Reference's URI attribute -->
|
|
<ietf:e1 xml:id="e1ID">
|
|
<!-- This is a comment for ietf:e1 element -->
|
|
<ietf:e11>
|
|
<!-- This is a comment for ietf:e11 element -->
|
|
<ietf:e111/>
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<!-- This is a comment for ietf:e12 element -->
|
|
<ietf:e121/>
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
<ietf:e2 xml:id="e2ID">
|
|
<!-- This is a comment for ietf:e2 element -->
|
|
<ietf:e21/>
|
|
</ietf:e2>
|
|
<ietf:e3 xml:id="e3ID">
|
|
<ietf:e31 at="3"/>
|
|
</ietf:e3>
|
|
</ietf:c14n11XmlPointerDoc1></Object></Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigxpointer-6" id=
|
|
"xmldsigxpointer-6"></a>3.3.3.6 Test case
|
|
xmldsig/xpointer-6</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The signature is an enveloping signature and
|
|
signs two elements from the document. The
|
|
enveloped document is the one shown at the
|
|
beginning of this section. There are three
|
|
<code>ds:Reference</code> elements. For the first
|
|
one the value of the <code>URI</code> attribute
|
|
is "#e1ID" (find it <a href=
|
|
"xmldsig/xpointer/xpointer-6-firsturi.pointervalue">
|
|
here</a>). For the second, it is "#e2ID" (find it
|
|
<a href=
|
|
"xmldsig/xpointer/xpointer-6-seconduri.pointervalue">
|
|
here</a>). For the third one, it is "#e3ID" (find
|
|
it <a href=
|
|
"xmldsig/xpointer/xpointer-6-thirduri.pointervalue">
|
|
here</a>).</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check implementation's behaviour when
|
|
processing several elements (with and without
|
|
comments) referenced by its Id attribute using a
|
|
short-name xpointer.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/xpointer/xpointer-6-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8"?>\
|
|
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>\
|
|
+ <Reference URI="#e1ID"><Transforms>\
|
|
+ <Transform\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/>\
|
|
+ </Transforms>\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>3K+K4MbR2EW7l/ry59XockKqt4g=</DigestValue>\
|
|
+ </Reference><Reference URI="#e2ID"><Transforms>\
|
|
+ <Transform\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/>\
|
|
+ </Transforms>\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>hnKFjGFr/jwLCCTckZpaclOwe28=</DigestValue>\
|
|
+ </Reference><Reference URI="#e3ID"><Transforms>\
|
|
+ <Transform\
|
|
+ Algorithm="http://www.w3.org/2006/12/xml-c14n11#WithComments"/>\
|
|
+ </Transforms>\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>RUUBiUeFf8uRqTlpCyutkXDqnJ4=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>XzEJQ+whhHUYlqiCEt8XFxC8wpk=</SignatureValue>\
|
|
+ <Object>\
|
|
+ <ietf:c14n11XmlPointerDoc1 xmlns:ietf="http://www.ietf.org"\
|
|
+ xmlns:w3c="http://www.w3.org">
|
|
\
|
|
+ <!-- This is a xml document for checking behaviour of tools with\
|
|
+ regards to comments when using scheme-based xpointers in the\
|
|
+ ds:Reference's URI attribute -->
|
|
<ietf:e1 xml:id="e1ID">
|
|
<!-- This is a comment for ietf:e1 element -->
|
|
<ietf:e11>
|
|
<!-- This is a comment for ietf:e11 element -->
|
|
<ietf:e111/>
|
|
</ietf:e11>
|
|
<ietf:e12 at="2">
|
|
<!-- This is a comment for ietf:e12 element -->
|
|
<ietf:e121/>
|
|
</ietf:e12>
|
|
</ietf:e1>
|
|
<ietf:e2 xml:id="e2ID">
|
|
<!-- This is a comment for ietf:e2 element -->
|
|
<ietf:e21/>
|
|
</ietf:e2>
|
|
<ietf:e3 xml:id="e3ID">
|
|
<ietf:e31 at="3"/>
|
|
</ietf:e3>
|
|
</ietf:c14n11XmlPointerDoc1></Object></Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="div3">
|
|
<h4><a name="TestCases-DistinguishedName" id=
|
|
"TestCases-DistinguishedName"></a>3.3.4 Test Cases on
|
|
String encoding of Distinguished Names</h4>
|
|
|
|
<div class="div4">
|
|
<h5><a name=
|
|
"TestCases-DistinguishedName-RFC2253-RFC4514" id=
|
|
"TestCases-DistinguishedName-RFC2253-RFC4514"></a>3.3.4.1
|
|
Test Cases on differences identified in RFC 2253 and
|
|
RFC 4514</h5>
|
|
|
|
<p>This Working group has identified a number of
|
|
differences between <a href="#RFC-4514">[RFC 4514]</a>
|
|
and <a href="#RFC-2253">[RFC 2253]</a>. They are
|
|
described in this <a href=
|
|
"http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2007Jul/0024.html">
|
|
e-mail</a> within the XML Security Specifications
|
|
Maintenance Working Group e-mail list archive. This
|
|
section contains test cases designed for checking that
|
|
applications can parse and generate RFC 4514
|
|
Distinguished Names with these differences.</p>
|
|
|
|
<p>The following rules apply for the test cases defined
|
|
in this section:</p>
|
|
|
|
<ul>
|
|
<li>
|
|
<p>The input to each test case is an XML Signature.
|
|
Each signature contains an X509SubjectName or
|
|
X509IssuerSerial element with an RFC 4514
|
|
Distinguished Name.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p>To resolve the key, the application must find a
|
|
certificate containing a matching issuer/serial or
|
|
subject DN from the certificates that are contained
|
|
in the "certs" directory. This verifies that the
|
|
implementation can parse the RFC 4514 DN and find a
|
|
matching certificate with an equivalent subject or
|
|
issuer DN.</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p>Signature generation is also required. A PKCS#12
|
|
KeyStore containing the private keys used to
|
|
generate the signatures is in the file
|
|
"certs/keystore.p12". The keystore password is
|
|
"secret". The key entry name is the same as the
|
|
corresponding certificate file name (without the
|
|
".crt" part).</p>
|
|
</li>
|
|
|
|
<li>
|
|
<p>The generated signature should contain an
|
|
X509SubjectName or X509IssuerSerial element with an
|
|
RFC 4514 distinguished name as specified in the
|
|
"[RFC-4514] DN" row of each of the tables in this
|
|
section. However, if an implementation does not
|
|
support an optional encoding as specified by RFC
|
|
4514, it is acceptable to generate a DN that is not
|
|
strictly equivalent to those in the table but that
|
|
is still RFC 4514 compliant.</p>
|
|
</li>
|
|
</ul>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigdnamediffRFCs-1" id=
|
|
"xmldsigdnamediffRFCs-1"></a>3.3.4.1.1 Test case
|
|
xmldsig/dname/diffRFCs-1</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The input is an XML Signature containing an
|
|
X509SubjectName in RFC 4514 format. The DN
|
|
contains one Relative Distinguished Name whose
|
|
attribute type keyword is encoded with one
|
|
alphabetic character, and another Relative
|
|
Distinguished Name whose attribute type keyword
|
|
is encoded with two characters. RFC 4514 allows
|
|
attribute type keywords to be of length 1,
|
|
whereas RFC 2253 (erroneously) requires them to
|
|
be at least length 2.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check processing of attribute type keywords
|
|
by tools implementing <a href="#RFC-4514">[RFC
|
|
4514]</a>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="#RFC-4514">[RFC 4514]</a> DN</th>
|
|
|
|
<td>CN=John,C=US</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/dname/diffRFCs-1-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>\
|
|
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>\
|
|
+ <Reference URI="#object">\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>nxGVxTzX3uQVeaZ7vtWMLc+V6CE=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>\
|
|
+ DOz4KhJHOvhzPiKjxl0WVsrXPuZ9XQtdDvKN0KuLQGIzXkljfkFEQA==</SignatureValue>\
|
|
+ <KeyInfo><X509Data>\
|
|
+ <X509SubjectName>CN=John,C=US</X509SubjectName>\
|
|
+ </X509Data></KeyInfo>\
|
|
+ <Object Id="object">Approved</Object></Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigdnamediffRFCs-2" id=
|
|
"xmldsigdnamediffRFCs-2"></a>3.3.4.1.2 Test case
|
|
xmldsig/dname/diffRFCs-2</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The input is an XML Signature containing an
|
|
X509SubjectName in RFC 4514 format. The DN
|
|
contains a Relative Distinguished Name
|
|
containing space characters. <a href=
|
|
"#RFC-2253">[RFC 2253]</a> (erroneously) does
|
|
not allow escaping, whereas <a href=
|
|
"#RFC-4514">[RFC 4514]</a> allows space
|
|
characters to be escaped.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check escaping of space characters by tools
|
|
implementing <a href="#RFC-4514">[RFC
|
|
4514]</a>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="#RFC-4514">[RFC 4514]</a> DN</th>
|
|
|
|
<td>CN=\ Spacey\ ,C=US</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/dname/diffRFCs-2-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>\
|
|
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>\
|
|
+ <Reference URI="#object">\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>nxGVxTzX3uQVeaZ7vtWMLc+V6CE=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>\
|
|
+ V18nxls1pqn4IyA/GNosGfqLHEE6INnyuV9TmHlYt/sYsaagHCH9Xw==</SignatureValue>\
|
|
+ <KeyInfo><X509Data>\
|
|
+ <X509SubjectName>CN=\ Spacey\ ,C=US</X509SubjectName>\
|
|
+ </X509Data></KeyInfo>\
|
|
+ <Object Id="object">Approved</Object></Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigdnamediffRFCs-3" id=
|
|
"xmldsigdnamediffRFCs-3"></a>3.3.4.1.3 Test case
|
|
xmldsig/dname/diffRFCs-3</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The input is an XML Signature containing an
|
|
X509SubjectName in RFC 4514 format. The DN
|
|
contains a Relative Distinguished Name
|
|
containing a null character. <a href=
|
|
"#RFC-2253">[RFC 2253]</a> does not require
|
|
null characters to be escaped, whereas <a href=
|
|
"#RFC-4514">[RFC 4514]</a> requires null
|
|
characters to be hex escaped.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check escaping of null characters by tools
|
|
implementing <a href="#RFC-4514">[RFC
|
|
4514]</a>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="#RFC-4514">[RFC 4514]</a> DN</th>
|
|
|
|
<td>CN=\00,C=US</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/dname/diffRFCs-3-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>\
|
|
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>\
|
|
+ <Reference URI="#object">\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>nxGVxTzX3uQVeaZ7vtWMLc+V6CE=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>\
|
|
+ N6jHpYnYpggrfADJkvZfggCaUq9dzU9M3EQ+27wA8f92nWwmrlyUQQ==</SignatureValue>\
|
|
+ <KeyInfo><X509Data>\
|
|
+ <X509SubjectName>CN=\00,C=US</X509SubjectName>\
|
|
+ </X509Data></KeyInfo>\
|
|
+ <Object Id="object">Approved</Object></Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigdnamediffRFCs-4" id=
|
|
"xmldsigdnamediffRFCs-4"></a>3.3.4.1.4 Test case
|
|
xmldsig/dname/diffRFCs-4</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The input is an XML Signature containing an
|
|
X509SubjectName in RFC 4514 format. The DN
|
|
contains a Relative Distinguished Name
|
|
containing a non-leading number sign character
|
|
that is not escaped. <a href="#RFC-2253">[RFC
|
|
2253]</a> requires escaping of non-leading
|
|
number sign characters, whereas <a href=
|
|
"#RFC-4514">[RFC 4514]</a> does not.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check processing of non-leading number sign
|
|
characters that are not escaped by tools
|
|
implementing <a href="#RFC-4514">[RFC
|
|
4514]</a>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="#RFC-4514">[RFC 4514]</a> DN</th>
|
|
|
|
<td>CN=Num#ber,C=US</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/dname/diffRFCs-4-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>\
|
|
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>\
|
|
+ <Reference URI="#object">\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>nxGVxTzX3uQVeaZ7vtWMLc+V6CE=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>\
|
|
+ QN8dVUz4674CG7tnHJ+VSDFKbttZ3Ywa5rizoYS2EGUD8/33RFlZJA==</SignatureValue>\
|
|
+ <KeyInfo><X509Data>\
|
|
+ <X509SubjectName>CN=Num#ber,C=US</X509SubjectName>\
|
|
+ </X509Data></KeyInfo>\
|
|
+ <Object Id="object">Approved</Object></Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigdnamediffRFCs-5" id=
|
|
"xmldsigdnamediffRFCs-5"></a>3.3.4.1.5 Test case
|
|
xmldsig/dname/diffRFCs-5</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The input is an XML Signature containing an
|
|
X509SubjectName in RFC 4514 format. The DN
|
|
contains a Relative Distinguished Name
|
|
containing an equals sign character that is not
|
|
escaped. <a href="#RFC-2253">[RFC 2253]</a>
|
|
requires escaping of equals sign characters,
|
|
whereas <a href="#RFC-4514">[RFC 4514]</a> does
|
|
not.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check processing of equals sign characters
|
|
that are not escaped by tools implementing
|
|
<a href="#RFC-4514">[RFC 4514]</a>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="#RFC-4514">[RFC 4514]</a> DN</th>
|
|
|
|
<td>CN=Eq=uals,C=US</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/dname/diffRFCs-5-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>\
|
|
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>\
|
|
+ <Reference URI="#object">\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>nxGVxTzX3uQVeaZ7vtWMLc+V6CE=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>\
|
|
+ TEFSu5hmr8r5JU78U9MgS0mdZIZOXUjORTRzDFaBWh9DhFjPjxxW4w==</SignatureValue>\
|
|
+ <KeyInfo><X509Data>\
|
|
+ <X509SubjectName>CN=Eq=uals,C=US</X509SubjectName>\
|
|
+ </X509Data></KeyInfo>\
|
|
+ <Object Id="object">Approved</Object></Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="div4">
|
|
<h5><a name="TestCases-DistinguishedName-RFC4514" id=
|
|
"TestCases-DistinguishedName-RFC4514"></a>3.3.4.2 Test
|
|
Cases for RFC 4514</h5>
|
|
|
|
<p>The set of test cases in this section are designed
|
|
to test the representation of Distinguished Names as
|
|
Strings as specified by <a href="#RFC-4514">[RFC
|
|
4514]</a> and augmented by the optional encoding rules
|
|
of section 4.4.4.1 of <a href=
|
|
"#XMLDSIG2">[XMLDSIG2]</a>.</p>
|
|
|
|
<p>The same rules defined in section 3.3.4.1 apply to
|
|
the test cases in this section.</p>
|
|
|
|
<p>Also, with respect to signature generation, if an
|
|
implementation does not support an optional encoding as
|
|
specified by RFC 4514 or XMLDSIG2, it is acceptable to
|
|
generate a DN that is not strictly equivalent to those
|
|
in the table but that is still RFC 4514 compliant.</p>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigdnamednString-4" id=
|
|
"xmldsigdnamednString-4"></a>3.3.4.2.1 Test case
|
|
xmldsig/dname/dnString-4</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The input is an XML Signature containing an
|
|
X509SubjectName in RFC 4514 format. The DN
|
|
contains a Relative Distinguished Name
|
|
containing trailing space characters that have
|
|
been escaped as "\20" instead of "\ ", as
|
|
specified by the optional encoding rules of
|
|
<a href="#XMLDSIG2">[XMLDSIG2]</a>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations correctly manage
|
|
escaping of trailing space characters.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="#RFC-4514">[RFC 4514]</a> DN</th>
|
|
|
|
<td>CN=Trailing\20\20,C=US</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/dname/dnString-4-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>\
|
|
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>\
|
|
+ <Reference URI="#object">\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>nxGVxTzX3uQVeaZ7vtWMLc+V6CE=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>\
|
|
+ ONd8OoOnv9OThyiTPkneEcsdgVt65w6AgUAxidekHeKmjyQxnYEdWA==</SignatureValue>\
|
|
+ <KeyInfo><X509Data>\
|
|
+ <X509SubjectName>CN=Trailing\20\20,C=US</X509SubjectName>\
|
|
+ </X509Data></KeyInfo>\
|
|
+ <Object Id="object">Approved</Object></Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigdnamednString-6" id=
|
|
"xmldsigdnamednString-6"></a>3.3.4.2.2 Test case
|
|
xmldsig/dname/dnString-6</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The input is an XML Signature containing an
|
|
X509SubjectName in RFC 4514 format. The DN
|
|
contains a Relative Distinguished Name
|
|
containing an ASCII control character that has
|
|
been escaped as "\09" (instead of not escaping
|
|
it), as specified by the optional encoding
|
|
rules of <a href=
|
|
"#XMLDSIG2">[XMLDSIG2]</a>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations correctly handle
|
|
escaping of an ASCII control character.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="#RFC-4514">[RFC 4514]</a> DN</th>
|
|
|
|
<td>CN=Con\09trol,C=US</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/dname/dnString-6-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>\
|
|
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>\
|
|
+ <Reference URI="#object">\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>nxGVxTzX3uQVeaZ7vtWMLc+V6CE=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>\
|
|
+ V34pKGIfKacwJtTEShfSXx4M2dhSOTqZVCIL6nO66lm+JTQ//wCKaA==</SignatureValue>\
|
|
+ <KeyInfo><X509Data>\
|
|
+ <X509SubjectName>CN=Con\09trol,C=US</X509SubjectName>\
|
|
+ </X509Data></KeyInfo>\
|
|
+ <Object Id="object">Approved</Object></Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
|
|
<div class="div5">
|
|
<h6><a name="xmldsigdnamednString-8" id=
|
|
"xmldsigdnamednString-8"></a>3.3.4.2.3 Test case
|
|
xmldsig/dname/dnString-8</h6>
|
|
|
|
<table border="1">
|
|
<tbody>
|
|
<tr>
|
|
<th>Input details</th>
|
|
|
|
<td>The input is an XML Signature containing an
|
|
X509SubjectName in RFC 4514 format. The DN
|
|
contains a Relative Distinguished Name
|
|
containing several characters that must be
|
|
escaped, as specified by <a href=
|
|
"#RFC-4514">[RFC 4514]</a>.</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th>Rationale</th>
|
|
|
|
<td>Check that implementations correctly manage
|
|
escaping of the special characters (except '"',
|
|
'lt;' and '>').</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href="#RFC-4514">[RFC 4514]</a> DN</th>
|
|
|
|
<td>CN=E\+s\,c\;aped,C=US</td>
|
|
</tr>
|
|
|
|
<tr>
|
|
<th><a href=
|
|
"xmldsig/dname/dnString-8-SUN.xml">Signature</a></th>
|
|
|
|
<td>
|
|
<pre>
|
|
<?xml version="1.0" encoding="UTF-8" standalone="no"?>\
|
|
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">\
|
|
+ <SignedInfo>\
|
|
+ <CanonicalizationMethod\
|
|
+ Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>\
|
|
+ <SignatureMethod\
|
|
+ Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>\
|
|
+ <Reference URI="#object">\
|
|
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>\
|
|
+ <DigestValue>nxGVxTzX3uQVeaZ7vtWMLc+V6CE=</DigestValue>\
|
|
+ </Reference></SignedInfo>\
|
|
+ <SignatureValue>\
|
|
+ L2r+QCiO0qOPgDYybThQEbP7A8Iq8AomDGBXgQqe4mkuLMnroTxnGA==</SignatureValue>\
|
|
+ <KeyInfo><X509Data>\
|
|
+ <X509SubjectName>CN=E\+s\,c\;aped,C=US</X509SubjectName>\
|
|
+ </X509Data></KeyInfo>\
|
|
+ <Object Id="object">Approved</Object></Signature>
|
|
</pre>
|
|
</td>
|
|
</tr>
|
|
</tbody>
|
|
</table>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
</div>
|
|
|
|
<div class="div1">
|
|
<h2><a name="References" id="References"></a>4
|
|
References</h2>
|
|
|
|
<dl>
|
|
<dt class="label"><a name="RFC-2253" id="RFC-2253"></a>RFC
|
|
2253</dt>
|
|
|
|
<dd><a href="http://www.ietf.org/rfc/rfc2253.txt"><cite>RFC
|
|
2253: Lightweight Directory Access Protocol (v3): UTF-8
|
|
String Representation of Distinguished Names</cite></a>. M.
|
|
Wahl, S. Kille, T. Howes. Ed. December 1997. This document
|
|
is <a href=
|
|
"http://www.ietf.org/rfc/rfc2253.txt">http://www.ietf.org/rfc/rfc2253.txt</a>.</dd>
|
|
|
|
<dt class="label"><a name="RFC-4514" id="RFC-4514"></a>RFC
|
|
4514</dt>
|
|
|
|
<dd><a href="http://www.ietf.org/rfc/rfc4514.txt"><cite>RFC
|
|
4514: Lightweight Directory Access Protocol (LDAP): String
|
|
Representation of Distinguished Names.</cite></a> K.
|
|
Zeilenga, Ed. June 2006. This document is <a href=
|
|
"http://www.ietf.org/rfc/rfc4514.txt">http://www.ietf.org/rfc/rfc4514.txt</a>.</dd>
|
|
|
|
<dt class="label"><a name="XML-C14N1.1" id=
|
|
"XML-C14N1.1"></a>XML-C14N1.1</dt>
|
|
|
|
<dd><a href=
|
|
"http://www.w3.org/TR/2008/PR-xml-c14n11-20080129/"><cite>Canonical
|
|
XML Version 1.1. W3C Proposed Recommendation</cite></a>.
|
|
John Boyer, Glenn Marcy. January 2008. This document is
|
|
<a href=
|
|
"http://www.w3.org/TR/2008/PR-xml-c14n11-20080129/">http://www.w3.org/TR/2008/PR-xml-c14n11-20080129/</a>.
|
|
The <a href="http://www.w3.org/TR/xml-c14n11/">latest
|
|
version</a> is <a href=
|
|
"http://www.w3.org/TR/xml-c14n11/">http://www.w3.org/TR/xml-c14n11/</a>.</dd>
|
|
|
|
<dt class="label"><a name="XMLDSIG" id=
|
|
"XMLDSIG"></a>XMLDSIG</dt>
|
|
|
|
<dd><a href=
|
|
"http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/"><cite>
|
|
XML-Signature Syntax and Processing</cite></a>. W3C
|
|
Recommendation. Donald Eastlake, Joseph Reagle, David Solo.
|
|
February 2002. This document is <a href=
|
|
"http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/">http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/</a>.
|
|
The latest version is <a href=
|
|
"http://www.w3.org/TR/xmldsig-core/">http://www.w3.org/TR/xmldsig-core</a>.</dd>
|
|
|
|
<dt class="label"><a name="XMLDSIG-interop" id=
|
|
"XMLDSIG-interop"></a>XMLDSIG-interop</dt>
|
|
|
|
<dd><a href=
|
|
"http://www.w3.org/Signature/2001/04/05-xmldsig-interop.html">
|
|
<cite>XML-Signature Interoperability</cite></a>. Joseph
|
|
Reagle. April 2001.</dd>
|
|
|
|
<dt class="label"><a name="XMLDSIG2" id=
|
|
"XMLDSIG2"></a>XMLDSIG2</dt>
|
|
|
|
<dd><a href=
|
|
"http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/"><cite>
|
|
XML-Signature Syntax and Processing (Second
|
|
Edition)</cite></a>. W3C Recommendation. Donald Eastlake, Joseph Reagle, David
|
|
Solo, Frederick Hirsch, Thomas Roessler. June 2008. This
|
|
document is <a href=
|
|
"http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/">http://www.w3.org/TR/2008/REC-xmldsig-core-20080610/</a>.
|
|
The latest version is <a href=
|
|
"http://www.w3.org/TR/xmldsig-core/">http://www.w3.org/TR/xmldsig-core</a>.</dd>
|
|
|
|
<dt class="label"><a name="XPointer-Element" id=
|
|
"XPointer-Element"></a>XPointer-Element</dt>
|
|
|
|
<dd><a href=
|
|
"http://www.w3.org/TR/2003/REC-xptr-element-20030325"><cite>
|
|
XPointer element() Scheme</cite></a>. W3C Recommendation.
|
|
P. Grosso, E. Maler, J. Marsh, N. Walsh. March 2003. This
|
|
document is <a href=
|
|
"http://www.w3.org/TR/2003/REC-xptr-element-20030325">http://www.w3.org/TR/2003/REC-xptr-element-20030325</a>.
|
|
The <a href="http://www.w3.org/TR/xptr-element">latest
|
|
version</a> is <a href=
|
|
"http://www.w3.org/TR/xptr-element">http://www.w3.org/TR/xptr-element</a>.</dd>
|
|
|
|
<dt class="label"><a name="XPointer-Framework" id=
|
|
"XPointer-Framework"></a>XPointer-Framework</dt>
|
|
|
|
<dd><a href=
|
|
"http://www.w3.org/TR/2003/REC-xptr-framework-20030325/"><cite>
|
|
XPointer Framework</cite></a>. W3C Recommendation. P.
|
|
Grosso, E. Maler, J. Marsh, N. Walsh. March 2003. This
|
|
document is <a href=
|
|
"http://www.w3.org/TR/2003/REC-xptr-framework-20030325/">http://www.w3.org/TR/2003/REC-xptr-framework-20030325/</a>.
|
|
The latest version is <a href=
|
|
"http://www.w3.org/TR/xptr-framework/">http://www.w3.org/TR/xptr-framework/</a>.</dd>
|
|
|
|
<dt class="label"><a name="XPointer-xpointer" id=
|
|
"XPointer-xpointer"></a>XPointer-xpointer</dt>
|
|
|
|
<dd><a href=
|
|
"http://www.w3.org/TR/2002/WD-xptr-xpointer-20021219/"><cite>
|
|
XPointer xpointer() Scheme</cite></a>. W3C Working Draft
|
|
(Work in Progress). S. DeRose, E. Maler, R. Daniel.
|
|
December 2002. This document is <a href=
|
|
"http://www.w3.org/TR/2002/WD-xptr-xpointer-20021219/">http://www.w3.org/TR/2002/WD-xptr-xpointer-20021219/</a>.
|
|
The latest version is <a href=
|
|
"http://www.w3.org/TR/xptr-xpointer/">http://www.w3.org/TR/xptr-xpointer/</a>.</dd>
|
|
</dl>
|
|
</div>
|
|
</div>
|
|
</body>
|
|
</html>
|