santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jorge Martín Cuervo <jorge.mar...@defactops.com>
Subject Re: signature elements indent
Date Tue, 13 Feb 2007 08:42:54 GMT
Hi Berin,


Maybe for me, a solution would be eliminate all line feeds and carriage
returns in the Signature element. So, the xml can be indented and before
the validation i can clean up again this LF/CR.

is it posible? is there any posibility to configure the API like this?

thanks again!


El mar, 13 de 02 de 2007 a las 09:32, Berin Lautenbach escribió:

> You need to do your indenting before you sign, which means you can 
> really only indent your own XML prior to attaching the signature node. 
> The library handles the indenting of the <Signature> elements.  Off the 
> top of my head I'm not sure how much control you can have of that for 
> the Java library.  For the C++ library you can turn indenting on and 
> off, but when it's on there no way to tell it how to indent.
> 
> The merlin signature below was all indented before the final signature 
> was made.  If you were to change even one space in the indenting, the 
> signature would fail.
> 
> Cheers,
> 	Berin
> 
> Jorge Martín Cuervo wrote:
> > Hola Raul
> > 
> > i understand, but after check the xml files used in the samples i found 
> > several like this in merlin directory:
> > 
> > <?xml version="1.0" encoding="UTF-8"?>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> >   <SignedInfo>
> >     <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
/>
> >     <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> >     <Reference URI="http://www.w3.org/TR/xml-stylesheet">
> >       <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >       <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
> >     </Reference>
> >   </SignedInfo>
> >   <SignatureValue>
> >     KTe1H5Hjp8hwahNFoUqHDuPJNNqhS1U3BBBH5/gByItNIwV18nMiLq4KunzFnOqD
> >     xzTuO0/T+wsoYC1xOEuCDxyIujNCaJfLh+rCi5THulnc8KSHHEoPQ+7fA1VjmO31
> >     2iw1iENOi7m//wzKlIHuxZCJ5nvolT21PV6nSE4DHlA=
> >   </SignatureValue>
> >   <KeyInfo>
> >     <KeyName>Lugh</KeyName>
> >   </KeyInfo>
> > </Signature>
> > 
> > I seems to be indented, and (i supose) still works. How did Merlin get 
> > that signatures?
> > 
> > thanks
> > 
> > El lun, 12 de 02 de 2007 a las 18:32, Raul Benito escribió:
> >> /Hola Jorge,
> >>
> >> Sorry no luck, If you change the signature it will be void. No matter 
> >> what books have told, spaces are an important part of the XML. And it 
> >> means a lot. You cannot change it without changing the signature.
> >>
> >> Regards,
> >>
> >> Raul
> >>
> >> On 12 Feb 2007 12:00:20 +0100, *Jorge Martín Cuervo* 
> >> <//jorge.martin@defactops.com <mailto:jorge.martin@defactops.com>>

> >> wrote: /
> >>
> >>     / Hi all,
> >>
> >>     I want to create a signature inside an xml file, i use several
> >>     transforms to get a portion of the original xml with xpath, and to
> >>     canonize. I decided to don't attach the public keys.
> >>
> >>
> >>     /
> >>
> >>     /<?xml version="1.0" encoding="UTF-8"?>
> >>     <hr:Candidate xmlns:df="http://defactops.com" xmlns:hr="http://ns.hr-xml.org/2004-08-02"
xmlns:xs="
> >>     http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> >>         <hr:CandidateRecordInfo>
> >>             <hr:Id>
> >>                 <hr:IdValue name="id">1158138667963</hr:IdValue>
> >>             </hr:Id>
> >>             <hr:Id>
> >>                 <hr:IdValue name="version">
> >>     0.9.0</hr:IdValue>
> >>             </hr:Id>
> >>             <hr:Id>
> >>                 <hr:IdValue name="model">0.9.0</hr:IdValue>
> >>             </hr:Id>
> >>             <hr:Id>
> >>                 <hr:IdValue name="host">
> >>     127.0.0.1 <http://127.0.0.1></hr:IdValue>
> >>             </hr:Id>
> >>         </hr:CandidateRecordInfo>
> >>         <hr:CandidateProfile>
> >>
> >>             [...]
> >>             </hr:UserArea>
> >>         <HRSignature id="protean-xmldsig-01"><ds:Signature xmlns:ds="
> >>     http://www.w3.org/2000/09/xmldsig#">
> >>     <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >>     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >>     <ds:SignatureMethod Algorithm="
> >>     http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns:ds="
> >>     http://www.w3.org/2000/09/xmldsig#"/>
> >>     <ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >>     <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >>     <ds:Transform Algorithm="
> >>     http://www.w3.org/2002/06/xmldsig-filter2" xmlns:ds="
> >>     http://www.w3.org/2000/09/xmldsig#">
> >>     <dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath="
> >>     http://www.w3.org/2002/06/xmldsig-filter2">/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath>
> >>     </ds:Transform>
> >>     <ds:Transform Algorithm="
> >>     http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >>     </ds:Transforms>
> >>     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >>     <ds:DigestValue xmlns:ds="
> >>     http://www.w3.org/2000/09/xmldsig#">ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue>
> >>     </ds:Reference>
> >>
> >>     </ds:SignedInfo>
> >>     <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#
> >>     ">l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue>
> >>     </ds:Signature></HRSignature></hr:Resume>
> >>     </hr:Candidate>/
> >>
> >>     /
> >>     It works pretty well, (the sign and the verification process) but,
> >>     when i indent the whole file, the *Signature* element content is
> >>     indented too and the validation process fails.
> >>
> >>     is there any way to canonice the Signature element? is this a
> >>     common problem? how can i solve this?
> >>
> >>
> >>     thank you!
> >>
> >>     pd: i'm new in this mailing list, and sorry if this issue was
> >>     commented before./
> >>
> >>     -- 
> >>     ;-)
> >>     ____________________________________
> >>     Jorge Martin Cuervo
> >>     Analista Programador
> >>
> >>     Outsourcing Emarketplace
> >>     deFacto Powered by Standards
> >>
> >>     email <
> >>     jorge.martin@defactops.com <mailto:jorge.martin@defactops.com>>
> >>     voz +34 985 129 820
> >>     voz +34 660 026 384
> >>     ____________________________________
> >>
> >> /
> >>
> >>
> >> -- //
> >> http://r-bg.com/
> > 
> > -- 
> > ;-)
> > ____________________________________
> > Jorge Martin Cuervo
> > Analista Programador
> > 
> > Outsourcing Emarketplace
> > deFacto Powered by Standards
> > 
> > email <jorge.martin@defactops.com>
> > voz +34 985 129 820
> > voz +34 660 026 384
> > ____________________________________
> > 

-- 
;-)
____________________________________
Jorge Martin Cuervo
Analista Programador

Outsourcing Emarketplace
deFacto Powered by Standards

email <jorge.martin@defactops.com>
voz +34 985 129 820
voz +34 660 026 384
____________________________________

Mime
View raw message