Hello,
I know the discussion on line endings in Base64 being canonicalized to 
 has been hold for a while.
Taking into account the base64Binary data type of DigestValue, SignatureValue and other binary data fields and looking at the note on MIME line length limit in XML Schema doc (https://www.w3.org/TR/xmlschema-2/#base64Binary) - it looks reasonable to avoid line breaks at all.
Looking at the examples at https://www.w3.org/TR/xmldsig-core2 and especially at the note after the Example 6 (https://www.w3.org/TR/xmldsig-core2/#sec-ECKeyValue) I can guess that deviation from RFC 2045 related to line breaks is acceptable.
In Apache Santuario the only way to do this is to set the org.apache.xml.security.ignoreLineBreaks property, but this removes all document formatting as well.
My suggestion is to introduce a separate property for line breaks in base64, for example org.apache.xml.security.ignoreBase64LineBreaks, to allow getting a 'pretty-printed' XML without carriage returns in Base64 in the end. We can make it compatible with existing behavior if we use java.util.Base64.getEncoder() when any of these properties is set.
A more flexible solution is to allow overriding of Base64.Encoder implementation in the API.
There was also a suggestion to set up encoding options with XMLSecurityProperties, see https://issues.apache.org/jira/browse/SANTUARIO-525
Please let me know if you find any of these options reasonable and I can take care of PR preparation.
Thank you.
Best regards,
Ihor.
|
