santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Cantor" <>
Subject RE: reformatting of KeyValue elements in c14n?
Date Tue, 21 Dec 2004 16:56:21 GMT
> I am indeed validating. I've found a workaround, in the end, which
> consists of serializing and re-parsing every document before I sign it
> in the Java code, which at least ensures that I'm not signing any
> denormalized data, and then doing the same thing before actually
> emitting the document that gets passed to xmlsec to normalize the
> unsigned bits of the document too (libxml appears to not normalize
> strings even when it validates).

Nice, then libxml is broken. ;-)

But yeah, I considered a double parse, but decided that was unacceptable for
performance reasons. I hope the JAXP normalize property isn't broken,
otherwise my migration to it is dead in the water (again).

> So whose bright idea was it to set <xs:whitespace value="collapse"
> fixed="true"/> on the base64Binary type, anyway? *grump*

No joke. That was incredibly dumb. But basically, what probably needs to
happen is xmlsec might want to consider outputting pre-normalized base64
when it writes out those nodes. Then at least you could have
super-signatures that wouldn't always break.

-- Scott

View raw message