Open petarpetrovt opened 1 year ago
Tagging subscribers to this area: @dotnet/area-system-security, @vcsjones See info in area-owners.md if you want to be subscribed.
Author: | petarpetrovt |
---|---|
Assignees: | - |
Labels: | `area-System.Security`, `untriaged` |
Milestone: | - |
Thanks for reporting this, @petarpetrovt. We won't be able to investigate this further during .NET 8, so I'm moving this to Future. I'm going to label this as https://github.com/dotnet/runtime/labels/help%20wanted, inviting help on further investigation to be certain we know how to fix it.
I'm facing the same issue with the netstandard version of the "System.Security.Cryptography.Xml" dll.....with the net framework version of this dll , it works perfectly fine
This exception was originally thrown at this call stack: System.Security.Cryptography.Xml.Reference.LoadXml(System.Xml.XmlElement) in Reference.cs System.Security.Cryptography.Xml.SignedInfo.LoadXml(System.Xml.XmlElement) in SignedInfo.cs System.Security.Cryptography.Xml.Signature.LoadXml(System.Xml.XmlElement) in Signature.cs System.Security.Cryptography.Xml.SignedXml.LoadXml(System.Xml.XmlElement) in SignedXml.cs
Description
I have a few XML documents that have been signed using various tools, but their validation fails in .NET. However, these documents are deemed valid in tools such as the European Commission Digital Signature Service (DSS).
Reproduction Steps
Generate an enveloped XAdES signed XML document via DSS tool.
The transform that seems to not be supported.
The validation code.
Expected behavior
The signature validation is successful.
Actual behavior
Regression?
No response
Known Workarounds
No response
Configuration
No response
Other information
I have a signature produced by a Java application that uses a different XPath transform. This signature also cannot be validated.
Adding
http://www.w3.org/TR/1999/REC-xpath-19991116
algorithm inSafeCanonicalizationMethods
property allows to bypass IsSafeTransform check but then throwsXPathException
, maybe related to this #21451 issue.