Hi all,
I’m having a weird issue when receiving message stanzas with custom extensions. Basically I’m adding a Signature to my messages as an extension, but when I inspect the receiving client I’m seeing the same namespace added everywhere in the extension (xmlns:stream="http://etherx.jabber.org/streams"
)
Here are some examples :
- Message sent:
<message xmlns="jabber:client" to="admin@..." id="wDCIQ-100" type="chat">
<thread>IztSV7</thread>
<body>df</body>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath>ancestor-or-self::*[local-name() = 'body']</XPath>
</Transform>
<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue>...</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
...
</SignatureValue>
<KeyInfo Id="idb0d8dd8e-bf19-4361-8755-aab1b4186d51">
<X509Data>
<X509Certificate>
...
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<x xmlns="jabber:x:event">
<offline/>
<composing/>
</x>
<active xmlns="http://jabber.org/protocol/chatstates"/>
</message>
- Message received (note the
xmlns:stream="http://etherx.jabber.org/streams"
everywhere in theSignature
extension):
<message xmlns="jabber:client" to="admin@..."
from="admin@.../Spark 2.9.0" id="wDCIQ-100" type="chat">
<thread>IztSV7</thread>
<body>df</body>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#" xmlns:stream="http://etherx.jabber.org/streams">
<SignedInfo xmlns:stream="http://etherx.jabber.org/streams">
<CanonicalizationMethod xmlns:stream="http://etherx.jabber.org/streams"
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
<SignatureMethod xmlns:stream="http://etherx.jabber.org/streams"
Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
<Reference xmlns:stream="http://etherx.jabber.org/streams" URI="">
<Transforms xmlns:stream="http://etherx.jabber.org/streams">
<Transform xmlns:stream="http://etherx.jabber.org/streams"
Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
<XPath xmlns:stream="http://etherx.jabber.org/streams">ancestor-or-self::*[local-name() =
'body']
</XPath>
</Transform>
<Transform xmlns:stream="http://etherx.jabber.org/streams"
Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</Transforms>
<DigestMethod xmlns:stream="http://etherx.jabber.org/streams"
Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
<DigestValue xmlns:stream="http://etherx.jabber.org/streams">
...
</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue xmlns:stream="http://etherx.jabber.org/streams">
...
</SignatureValue>
<KeyInfo xmlns:stream="http://etherx.jabber.org/streams" Id="idb0d8dd8e-bf19-4361-8755-aab1b4186d51">
<X509Data xmlns:stream="http://etherx.jabber.org/streams">
<X509Certificate xmlns:stream="http://etherx.jabber.org/streams">
...
</X509Certificate>
</X509Data>
</KeyInfo>
</Signature>
<x xmlns="jabber:x:event">
<offline/>
<composing/>
</x>
<active xmlns="http://jabber.org/protocol/chatstates"/>
</message>
My signature core validation fails on reception because the signature itself has changed (the added namespace is everywhere). Any ideas where that comes from ? It’s even weirder to me I did not encouter this earlier in my work, it seems to have appeared out of nowhere (I must’ve done something obviously, but I really can’t figure out what).
I’m going to try and reinstall both Spark and Openfire to see if that fixes it