Hmmmm, it may well be a misunderstanding on my part then.
I had assumed (yep I know that I should never assume anything) that the
following would be handled by the canonicalisation process:
<element>
<child>Whatever</child>
</element>
Would be equivalent to
<element><child>Whatever</child></element>
I was guessing that since the xml could go through various parsers and
modification processes that it would be possible for this sort of change to
be made but that the logical content of the two fragments above is the same.
Following your email and other replies to my post I have tested the
whitespace inside element tags ('<' and '>') and the canonicalisation does
seem to work under the Sun reference sample code. (From the JWSDP 1.5)
Regards
Marty
-----Original Message-----
From: Jesse Pelton [mailto:[EMAIL PROTECTED]
Sent: Friday, 1 July 2005 10:14 PM
To: security-dev@xml.apache.org
Subject: RE: Enveloped suggestions
Canonicalization leaves whitespace in document content alone (though any
whitespace in element tags - that is, between the '<' and '>' that start
and end a tag - is normalized). See
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#Example-WhitespaceInCont
ent. What behavior are you seeing that seems inconsistent with the
specification?
> -----Original Message-----
> From: Martin Ravell [mailto:[EMAIL PROTECTED]
> Sent: Thursday, June 30, 2005 7:36 PM
> To: security-dev@xml.apache.org
> Subject: RE: Enveloped suggestions
>
> Just had a crack at using the id and it seems to work. Given
> that my app is
> building the XML to begin with I think I can live with the
> limitations you
> mentioned.
>
> I notice that the reference samples (JWSDP 1.5) seem to ignore the
> canonicalization process on both the signing and verification
> processes. (I
> tested removing some whitespace and wondered why it would not
> verify until I
> took a closer look at the code).
>
> So I guess I'm still interested in which of the Apache
> samples fits best
> (and does canonicalization properly).
>
>
>
> Regards
> Marty
>
> -----Original Message-----
> From: Martin Ravell [mailto:[EMAIL PROTECTED]
> Sent: Friday, 1 July 2005 8:28 AM
> To: security-dev@xml.apache.org
> Subject: RE: Enveloped suggestions
>
> Thanks for the pointer Scott. I'll take another look at the reference
> implementation.
>
> I'm kind of interested in the Apache security stuff now and
> my question on
> which of the samples to focus on still stands. Can you (or
> anyone out there
> on the list) suggest a tutorial or even just which of the samples best
> covers the process of creating an enveloped signature and
> then validates it?
>
>
> Thanks
> Marty
>
>
>
> -----Original Message-----
> From: Scott Cantor [mailto:[EMAIL PROTECTED]
> Sent: Friday, 1 July 2005 12:58 AM
> To: security-dev@xml.apache.org
> Subject: RE: Enveloped suggestions
>
> > I had also looked at the reference implementation that
> ships with the
> JWSDP
> > 1.5 but had problems in being able to specify a particular
> element via
> URI.
> > The sample given seems to specify the whole document with a "" blank
> String
> > but when I try a relative URI (#elementname) it falls on it's arse.
>
> You can't specify an element in a fragment by name, only by
> ID. Which has
> its own set of endless problems since IDs are technically
> only legal in the
> presence of a DTD, so there are endless hacks to try and
> establish what
> attributes are IDs and they all require knowing ahead of time
> what's been
> signed.
>
> -- Scott
>
>
>
>
