Yes Berin, thanks,
i don't know why Canonicalization doesn't address this problem at all.
It sounds like being incomplete to me. One the one hand, there is taken
effort to "normalize" the XML document so it can be signed to
avoidproblems with formattings - on the other hand something simple like
newlines isn't addressed. I don't understand it.
Now, i'm removing all newlines (empty text nodes after trim()) from the
document before signing. this helped, but is hack :(
regards
Mike
Berin Lautenbach schrieb:
Mike Haller wrote:
But after some marshalling/unmarshalling with Castor, the resulting
Document has no newlines any more, hence the SignatureValue of the
SignedInfo element is invalid.
How do I tell XMLSignature to add newlines into the SignedInfo before
validation? Or should I remove the newlines before signing? And how to
do that?
Unfortunately, you can't get XMLSignature to add or delete new lines
during signing/verification. There is no way for the library to know
how many new lines to add, how to indent, etc. to get back to the
original form. So if you have something in the processing of your XML
that removes this pretty-printing, you need to make sure it happens
*before* you sign, so that what is signed is also what will be validated
(in terms of newlines/tabs/spaces etc.)
I don't know why the Canonicalization fails at the verification
process, do I have to add the same transforms from the signing process
again in the verification process? I thought that it's sufficient to
add them in signing process, since the canon method is clearly visible
in the Signature element itself.
Canonicalisation doesn't remove or add newlines. It simply transforms
everything in the XML into a standard bytewise format.
kind regards
Mike
Hope that helps!
Cheers,
Berin
