Unstable interaction between signing and DOM reuse
Basics
Technical
Logistics
Basics
Technical
Logistics
Description
Tracking a bug in some code that:
parses an XML document
adds an ID-based signature to the root element
remarshalls/signs using the existing document to attempt to reuse all the old children
This causes the reference to null out and hash no data because the "start node" of the enveloped signature transform has no non-text children. Using a fresh/NULL document while marshalling OR using a whole document reference while signing fixes the problem, but the cause is unknown at this time.
Especially puzzling is the fact that using the whole document reference works, since it suggests that the signature library may be destructively affecting the DOM.
Suspect that the bug is caused by stale ID lookup within the reused document. It's handing back an orphaned DOM node from the original root element, which is now detached from the rest of the DOM being signed. The newly marshalled root has the same ID attribute node defined, but the original gets returned instead, corrupting the signing process.
If there's a fix, it may be through subclassing some of the DOM management methods to know about ID attributes and remove their IDness somehow.
Fixed
Pinned fields
Click on the next to a field label to start pinning.
Tracking a bug in some code that:
parses an XML document
adds an ID-based signature to the root element
remarshalls/signs using the existing document to attempt to reuse all the old children
This causes the reference to null out and hash no data because the "start node" of the enveloped signature transform has no non-text children. Using a fresh/NULL document while marshalling OR using a whole document reference while signing fixes the problem, but the cause is unknown at this time.
Especially puzzling is the fact that using the whole document reference works, since it suggests that the signature library may be destructively affecting the DOM.