santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Raul Benito" <r...@apache.org>
Subject Re: signature elements indent
Date Tue, 13 Feb 2007 08:59:43 GMT
We have a feature request like this in the bugzilla DB. If anyone want
to take it, and send the patchs, feel free.


On 2/13/07, Berin Lautenbach <berin@wingsofhermes.org> wrote:
> I'm not sure what can be done in the Java library to control or turn off
> indenting.
>
> Anyone else able to assist?
>
> Cheers,
>         Berin
>
> Jorge Martín Cuervo wrote:
> > Hi Berin,
> >
> >
> > Maybe for me, a solution would be eliminate all line feeds and carriage
> > returns in the Signature element. So, the xml can be indented and before
> > the validation i can clean up again this LF/CR.
> >
> > is it posible? is there any posibility to configure the API like this?
> >
> > thanks again!
> >
> >
> > El mar, 13 de 02 de 2007 a las 09:32, Berin Lautenbach escribió:
> >> /You need to do your indenting before you sign, which means you can
> >> really only indent your own XML prior to attaching the signature node.
> >> The library handles the indenting of the <Signature> elements.  Off the
> >> top of my head I'm not sure how much control you can have of that for
> >> the Java library.  For the C++ library you can turn indenting on and
> >> off, but when it's on there no way to tell it how to indent.
> >>
> >> The merlin signature below was all indented before the final signature
> >> was made.  If you were to change even one space in the indenting, the
> >> signature would fail.
> >>
> >> Cheers,
> >>      Berin
> >>
> >> Jorge Martín Cuervo wrote:
> >> > Hola Raul
> >> >
> >> > i understand, but after check the xml files used in the samples i found
> >> > several like this in merlin directory:
> >> >
> >> > <?xml version="1.0" encoding="UTF-8"?>
> >> > <Signature xmlns="//http://www.w3.org/2000/09/xmldsig#">
> >> >   <SignedInfo>
> >> >     <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
/>
> >> >     <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"
/>
> >> >     <Reference URI="http://www.w3.org/TR/xml-stylesheet">
> >> >       <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
/>
> >> >       <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
> >> >     </Reference>
> >> >   </SignedInfo>
> >> >   <SignatureValue>
> >> >     KTe1H5Hjp8hwahNFoUqHDuPJNNqhS1U3BBBH5/gByItNIwV18nMiLq4KunzFnOqD
> >> >     xzTuO0/T+wsoYC1xOEuCDxyIujNCaJfLh+rCi5THulnc8KSHHEoPQ+7fA1VjmO31
> >> >     2iw1iENOi7m//wzKlIHuxZCJ5nvolT21PV6nSE4DHlA=
> >> >   </SignatureValue>
> >> >   <KeyInfo>
> >> >     <KeyName>Lugh</KeyName>
> >> >   </KeyInfo>
> >> > </Signature>
> >> >
> >> > I seems to be indented, and (i supose) still works. How did Merlin get
> >> > that signatures?
> >> >
> >> > thanks
> >> >
> >> > El lun, 12 de 02 de 2007 a las 18:32, Raul Benito escribió:
> >> >> /Hola Jorge,
> >> >>
> >> >> Sorry no luck, If you change the signature it will be void. No matter
> >> >> what books have told, spaces are an important part of the XML. And
it
> >> >> means a lot. You cannot change it without changing the signature.
> >> >>
> >> >> Regards,
> >> >>
> >> >> Raul
> >> >>
> >> >> On 12 Feb 2007 12:00:20 +0100, *Jorge Martín Cuervo*
> >> >> <//jorge.martin@defactops.com <mailto:jorge.martin@defactops.com>>
> >> >> wrote: /
> >> >>
> >> >>     / Hi all,
> >> >>
> >> >>     I want to create a signature inside an xml file, i use several
> >> >>     transforms to get a portion of the original xml with xpath, and
to
> >> >>     canonize. I decided to don't attach the public keys.
> >> >>
> >> >>
> >> >>     /
> >> >>
> >> >>     /<?xml version="1.0" encoding="UTF-8"?>
> >> >>     <hr:Candidate xmlns:df="http://defactops.com" xmlns:hr="http://ns.hr-xml.org/2004-08-02"
xmlns:xs="
> >> >>     http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> >> >>         <hr:CandidateRecordInfo>
> >> >>             <hr:Id>
> >> >>                 <hr:IdValue name="id">1158138667963</hr:IdValue>
> >> >>             </hr:Id>
> >> >>             <hr:Id>
> >> >>                 <hr:IdValue name="version">
> >> >>     0.9.0</hr:IdValue>
> >> >>             </hr:Id>
> >> >>             <hr:Id>
> >> >>                 <hr:IdValue name="model">0.9.0</hr:IdValue>
> >> >>             </hr:Id>
> >> >>             <hr:Id>
> >> >>                 <hr:IdValue name="host">
> >> >>     127.0.0.1 <http://127.0.0.1></hr:IdValue <http://127.0.0.1></hr:IdValue>>
> >> >>             </hr:Id>
> >> >>         </hr:CandidateRecordInfo>
> >> >>         <hr:CandidateProfile>
> >> >>
> >> >>             [...]
> >> >>             </hr:UserArea>
> >> >>         <HRSignature id="protean-xmldsig-01"><ds:Signature
xmlns:ds="
> >> >>     http://www.w3.org/2000/09/xmldsig#">
> >> >>     <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> >>     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >> >>     <ds:SignatureMethod Algorithm="
> >> >>     http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns:ds="
> >> >>     http://www.w3.org/2000/09/xmldsig#"/>
> >> >>     <ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> >>     <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> >>     <ds:Transform Algorithm="
> >> >>     http://www.w3.org/2002/06/xmldsig-filter2" xmlns:ds="
> >> >>     http://www.w3.org/2000/09/xmldsig#">
> >> >>     <dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath="
> >> >>     http://www.w3.org/2002/06/xmldsig-filter2">/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath>
> >> >>     </ds:Transform>
> >> >>     <ds:Transform Algorithm="
> >> >>     http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >> >>     </ds:Transforms>
> >> >>     <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >> >>     <ds:DigestValue xmlns:ds="
> >> >>     http://www.w3.org/2000/09/xmldsig#">ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue>
> >> >>     </ds:Reference>
> >> >>
> >> >>     </ds:SignedInfo>
> >> >>     <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#
> >> >>     ">l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue>
> >> >>     </ds:Signature></HRSignature></hr:Resume>
> >> >>     </hr:Candidate>/
> >> >>
> >> >>     /
> >> >>     It works pretty well, (the sign and the verification process) but,
> >> >>     when i indent the whole file, the *Signature* element content is
> >> >>     indented too and the validation process fails.
> >> >>
> >> >>     is there any way to canonice the Signature element? is this a
> >> >>     common problem? how can i solve this?
> >> >>
> >> >>
> >> >>     thank you!
> >> >>
> >> >>     pd: i'm new in this mailing list, and sorry if this issue was
> >> >>     commented before./
> >> >>
> >> >>     --
> >> >>     ;-)
> >> >>     ____________________________________
> >> >>     Jorge Martin Cuervo
> >> >>     Analista Programador
> >> >>
> >> >>     Outsourcing Emarketplace
> >> >>     deFacto Powered by Standards
> >> >>
> >> >>     email <
> >> >>     jorge.martin@defactops.com <mailto:jorge.martin@defactops.com>>
> >> >>     voz +34 985 129 820
> >> >>     voz +34 660 026 384
> >> >>     ____________________________________
> >> >>
> >> >> /
> >> >>
> >> >>
> >> >> -- //
> >> >> http://r-bg.com/
> >> >
> >> > --
> >> > ;-)
> >> > ____________________________________
> >> > Jorge Martin Cuervo
> >> > Analista Programador
> >> >
> >> > Outsourcing Emarketplace
> >> > deFacto Powered by Standards
> >> >
> >> > email <jorge.martin@defactops.com>
> >> > voz +34 985 129 820
> >> > voz +34 660 026 384
> >> > ____________________________________
> >> > /
> >
> > --
> > ;-)
> > ____________________________________
> > Jorge Martin Cuervo
> > Analista Programador
> >
> > Outsourcing Emarketplace
> > deFacto Powered by Standards
> >
> > email <jorge.martin@defactops.com>
> > voz +34 985 129 820
> > voz +34 660 026 384
> > ____________________________________
> >
> >
>


-- 
http://r-bg.com

Mime
View raw message