Hi Sean, I took a step further and also added properties to configure line length and line separators. https://github.com/apache/santuario-xml-security-java/pull/504
By default, encoding remains compatible with RFC2045, as before. Best regards, Ihor. -----Original Message----- From: Sean Mullan via dev <dev@santuario.apache.org> Sent: 31 березня 2025 р. 21:57 To: dev@santuario.apache.org; Ihor Kuzmanenko <i.kuzmane...@samsung.com> Subject: Re: Separate options for document line breaks and Base64 line breaks I think a new system property would be a reasonable approach with a default value of false. The current org.apache.xml.security.ignoreLineBreaks system property, if set to true, should override the value of the new property. --Sean On 3/26/25 8:26 AM, Ihor Kuzmanenko wrote: > Hello, > > > I know the discussion on line endings in Base64 being canonicalized to > 
 has been hold for a while. > > > Taking into account the /base64Binary /data type of /DigestValue/, / > SignatureValue /and other binary data fields and looking at the note > on MIME line length limit in XML Schema doc (https://www.w3.org/TR/ > xmlschema-2/#base64Binary <https://www.w3.org/TR/xmlschema-2/ > #base64Binary>) - it looks reasonable to avoid line breaks at all. > > > Looking at the examples at https://www.w3.org/TR/xmldsig-core2 > <https:// www.w3.org/TR/xmldsig-core2> and especially at the note > after the Example 6 > (https://www.w3.org/TR/xmldsig-core2/#sec-ECKeyValue <https:// > www.w3.org/TR/xmldsig-core2/#sec-ECKeyValue>) I can guess that > deviation from RFC 2045 related to line breaks is acceptable. > > > In Apache Santuario the only way to do this is to set the / > org.apache.xml.security.ignoreLineBreaks/ property, but this removes > all document formatting as well. > > > My suggestion is to introduce a separate property for line breaks in > base64, for example /org.apache.xml.security.ignoreBase64LineBreaks/, > to allow getting a 'pretty-printed' XML without carriage returns in > Base64 in the end. We can make it compatible with existing behavior if > we use/ java.util.Base64.getEncoder()/ when any of these properties is set. > > > A more flexible solution is to allow overriding of Base64.Encoder > implementation in the API. > > > There was also a suggestion to set up encoding options with > XMLSecurityProperties, see https://issues.apache.org/jira/browse/ > SANTUARIO-525 <https://issues.apache.org/jira/browse/SANTUARIO-525> > > > Please let me know if you find any of these options reasonable and I > can take care of PR preparation. > > > Thank you. > > > Best regards, > > Ihor. > >
