I think a new system property would be a reasonable approach with a
default value of false. The current
org.apache.xml.security.ignoreLineBreaks system property, if set to
true, should override the value of the new property.
--Sean
On 3/26/25 8:26 AM, Ihor Kuzmanenko wrote:
Hello,
I know the discussion on line endings in Base64 being canonicalized
to 
 has been hold for a while.
Taking into account the /base64Binary /data type of /DigestValue/, /
SignatureValue /and other binary data fields and looking at the note on
MIME line length limit in XML Schema doc (https://www.w3.org/TR/
xmlschema-2/#base64Binary <https://www.w3.org/TR/xmlschema-2/
#base64Binary>) - it looks reasonable to avoid line breaks at all.
Looking at the examples at https://www.w3.org/TR/xmldsig-core2 <https://
www.w3.org/TR/xmldsig-core2> and especially at the note after the
Example 6 (https://www.w3.org/TR/xmldsig-core2/#sec-ECKeyValue <https://
www.w3.org/TR/xmldsig-core2/#sec-ECKeyValue>) I can guess that deviation
from RFC 2045 related to line breaks is acceptable.
In Apache Santuario the only way to do this is to set the /
org.apache.xml.security.ignoreLineBreaks/ property, but this removes all
document formatting as well.
My suggestion is to introduce a separate property for line breaks in
base64, for example /org.apache.xml.security.ignoreBase64LineBreaks/, to
allow getting a 'pretty-printed' XML without carriage returns in Base64
in the end. We can make it compatible with existing behavior if we use/
java.util.Base64.getEncoder()/ when any of these properties is set.
A more flexible solution is to allow overriding of Base64.Encoder
implementation in the API.
There was also a suggestion to set up encoding options with
XMLSecurityProperties, see https://issues.apache.org/jira/browse/
SANTUARIO-525 <https://issues.apache.org/jira/browse/SANTUARIO-525>
Please let me know if you find any of these options reasonable and I can
take care of PR preparation.
Thank you.
Best regards,
Ihor.
