Return-Path: Delivered-To: apmail-xml-security-dev-archive@www.apache.org Received: (qmail 41636 invoked from network); 9 Jun 2005 10:06:11 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199) by minotaur.apache.org with SMTP; 9 Jun 2005 10:06:11 -0000 Received: (qmail 75674 invoked by uid 500); 9 Jun 2005 10:06:09 -0000 Delivered-To: apmail-xml-security-dev-archive@xml.apache.org Received: (qmail 75598 invoked by uid 500); 9 Jun 2005 10:06:08 -0000 Mailing-List: contact security-dev-help@xml.apache.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: Reply-To: security-dev@xml.apache.org List-Id: Delivered-To: mailing list security-dev@xml.apache.org Received: (qmail 75544 invoked by uid 99); 9 Jun 2005 10:06:07 -0000 X-ASF-Spam-Status: No, hits=0.0 required=10.0 tests= X-Spam-Check-By: apache.org Received-SPF: pass (hermes.apache.org: local policy) Received: from www.innovations.de (HELO mail.innovations.de) (213.164.89.142) by apache.org (qpsmtpd/0.28) with ESMTP; Thu, 09 Jun 2005 03:06:07 -0700 Received: from localhost (localhost [127.0.0.1]) by mail.innovations.de (Postfix) with ESMTP id 8CA75938D for ; Thu, 9 Jun 2005 12:05:48 +0200 (CEST) Received: from proxy2.innovations.de (proxy2.innovations.de [192.168.18.3]) by mail.innovations.de (Postfix) with ESMTP id 19E6291A0 for ; Thu, 9 Jun 2005 12:05:48 +0200 (CEST) Received: from [192.168.17.101] (immstud01.innovations.de [192.168.17.101]) by proxy2.innovations.de (8.11.3/8.11.3/SuSE Linux 8.11.1-0.5) with ESMTP id j59A5lv25419 for ; Thu, 9 Jun 2005 12:05:47 +0200 Message-ID: <42A81472.3050800@Innovations.de> Date: Thu, 09 Jun 2005 12:05:38 +0200 From: Mike Haller Organization: Innovations GmbH User-Agent: Mozilla Thunderbird 1.0 (Windows/20041206) X-Accept-Language: de-DE, de, en-us, en MIME-Version: 1.0 To: security-dev@xml.apache.org Subject: Re: Newbie question References: <42A43E1B.5060203@Innovations.de> <42A81357.6060904@wingsofhermes.org> In-Reply-To: <42A81357.6060904@wingsofhermes.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Checked: Checked X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N Yes Berin, thanks, i don't know why Canonicalization doesn't address this problem at all. It sounds like being incomplete to me. One the one hand, there is taken effort to "normalize" the XML document so it can be signed to avoidproblems with formattings - on the other hand something simple like newlines isn't addressed. I don't understand it. Now, i'm removing all newlines (empty text nodes after trim()) from the document before signing. this helped, but is hack :( regards Mike Berin Lautenbach schrieb: > Mike Haller wrote: > >> But after some marshalling/unmarshalling with Castor, the resulting >> Document has no newlines any more, hence the SignatureValue of the >> SignedInfo element is invalid. >> >> How do I tell XMLSignature to add newlines into the SignedInfo before >> validation? Or should I remove the newlines before signing? And how to >> do that? > > > Unfortunately, you can't get XMLSignature to add or delete new lines > during signing/verification. There is no way for the library to know > how many new lines to add, how to indent, etc. to get back to the > original form. So if you have something in the processing of your XML > that removes this pretty-printing, you need to make sure it happens > *before* you sign, so that what is signed is also what will be validated > (in terms of newlines/tabs/spaces etc.) > >> >> I don't know why the Canonicalization fails at the verification >> process, do I have to add the same transforms from the signing process >> again in the verification process? I thought that it's sufficient to >> add them in signing process, since the canon method is clearly visible >> in the Signature element itself. > > > Canonicalisation doesn't remove or add newlines. It simply transforms > everything in the XML into a standard bytewise format. > >> >> kind regards >> Mike >> >> > > Hope that helps! > > Cheers, > Berin