I did as you said but the problem is still unresolved :(.
When I've looked into doc, etc. a have discovered, that problem is in XSECCanon. When my xml doc return from there to node attributes are sorted in such (in my opinion) strange way:
<Dekl Nr="12334567891" LiczbaOpak="30" MasaBrutto="55" MiejscZlozTow="magazyn celny"></Dekl>
and it should be (as far as I understand rfc 3076:
<Dekl LiczbaOpak="30" MasaBrutto="55" MiejscZlozTow="magazyn celny" Nr="12334567891"></Dekl>
I don't know what is going on.
Is there something (parameter, method) that I missed? Why does it sort in such strange order? (when I verify this document it sorts in 'normal' order).
looking for help,
a little 'frustrated' andrewAndrew,
You should not need to canonicalise prior to serialisation. The main point of canonicalisation is that it will take an XML input and produce the same byte sequence every time, provided the input has not materially changed. So in the serialised XML, you can do things like change <Element/> to <Element></Element> as this will be re-serialised into the canonical form by the signature function.
The problem is generally around changing text nodes. These are canonicalised *as they are* and are simply transformed to UTF-8, so if you add a NL or anything like that, you run into problems.
So my first thought would be to remove the
theSerializer->setNewLine(gMyEOLSequence)
and see if that helps (your EOLSequence may not canonicalise the same way as \n).
The other thing I do is turn of PrettyPrinting using the setFeature method in DOMWriter. (I have a memory that it is off by default, but I generally do it for safety.)
theSerializer->setFeature(XMLUni::fgDOMWRTFormatPrettyPrint, false);
Hope that helps.
Cheers, Berin
Andrzej Matejko wrote:
Hi,
I create xml document, add Singature node, create signature and then serialize document in such way:
------------------------------begin--------------------------------- XMLCh tempStr[100]; XMLString::transcode("LS", tempStr, 99); DOMImplementation *impl =DOMImplementationRegistry::getDOMImplementation(tempStr); DOMWriter *theSerializer = ((DOMImplementationLS*)impl)->createDOMWriter();
DOMPrintFilter *myFilter=0; // set user specified end of line sequence and output encoding theSerializer->setNewLine(gMyEOLSequence); theSerializer->setEncoding(gOutputEncoding);
XMLFormatTarget *myFormTarget; myFormTarget = new MemBufFormatTarget(50000);
theSerializer->writeNode(myFormTarget, *doc);
XMLByte *buf; unsigned int uiBufLen = ((MemBufFormatTarget*)myFormTarget)->getLen();
const XMLByte* pcBuf; pcBuf = ((MemBufFormatTarget*)myFormTarget)->getRawBuffer();
-------------------------------end---------------------------------
And pcBuf points to buffer with XML doc wich is unfortunatelly reordered (I mean, DOMWriter sorts attributes in node, changes '<', and '&'m etc.) and when I try to verify signature over this doc application says 'verification failed'. The answer from xerces group was: you probably have forgotten to canonicalize before signature. And here is the question: is it possible? I thought, that xmldsig library during signature creation and during signature verification canonicalizes my xml document and that this is not important what is the order of attributes in this document.
looking for your help, andrew
.
