CounterSignature with transforms on the SignatureValue reference

[GoogleCodeExporter]

What steps will reproduce the problem?
1. Verify a signature with a CounterSignature property that has transforms on 
the SignatureValue reference.

CounterSignatureVerifier assumes that the result of the reference after 
transforms is a node. If not, getSubNode(9 returns null and the following 
comparison fails:

if (r.getContentsAfterTransformation().getSubNode() == targetSigValueElem)

Maybe we could have some sort of fallback check: the content prior to 
transforms has to be the SignatureValue element and then only a single C14N 
transform is allowed.

Original issue reported on code.google.com by luis.fgoncalv on 12 Dec 2013 at 11:10

[GoogleCodeExporter]

Original comment by luis.fgoncalv on 12 Dec 2013 at 11:48

Attachments:

• signed.xml
• countersigned.xml

[GoogleCodeExporter]

 Hi, i have same issue and solved like that. Do you think if it cause a side effect?               

                Reference r = si.item(i);
                if (r.getContentsAfterTransformation().getSubNode() == targetSigValueElem)
                    // The signature references the SignatureValue element.
                    return new CounterSignatureProperty(res);
                else if (r.getContentsBeforeTransformation().getSubNode() == targetSigValueElem)
                    // The signature references the SignatureValue element.
                    return new CounterSignatureProperty(res);

Original comment by mustafa....@net-bt.com.tr on 12 Jul 2014 at 12:11

[GoogleCodeExporter]

Yes. If, for instance, the transforms include a XPath transforms, the 
SignatureValue element may be referenced by the URI but then not being signed.. 
That's why I left the suggestion of only allowing some transforms. Not sure how 
to solve it yet.

Original comment by luis.fgoncalv on 13 Jul 2014 at 10:34