Martin,
the canonicalizer cannot know, if the <element></element> may
contain other elements only, or if mixed content is allowed.
So there is no way to tell the difference between significant
and non significant whitespace.
Else the canonicalization would remove non significant whitespace,
I would guess.
Just my 2 cent,
Heiner
Martin Ravell wrote:
Hmmmm, it may well be a misunderstanding on my part then.
I had assumed (yep I know that I should never assume anything) that the
following would be handled by the canonicalisation process:
<element>
<child>Whatever</child>
</element>
Would be equivalent to
<element><child>Whatever</child></element>
I was guessing that since the xml could go through various parsers and
modification processes that it would be possible for this sort of change to
be made but that the logical content of the two fragments above is the same.
Following your email and other replies to my post I have tested the
whitespace inside element tags ('<' and '>') and the canonicalisation does
seem to work under the Sun reference sample code. (From the JWSDP 1.5)
Regards
Marty
-----Original Message-----
From: Jesse Pelton [mailto:[EMAIL PROTECTED]
Sent: Friday, 1 July 2005 10:14 PM
To: security-dev@xml.apache.org
Subject: RE: Enveloped suggestions
Canonicalization leaves whitespace in document content alone (though any
whitespace in element tags - that is, between the '<' and '>' that start
and end a tag - is normalized). See
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#Example-WhitespaceInCont
ent. What behavior are you seeing that seems inconsistent with the
specification?
-----Original Message-----
From: Martin Ravell [mailto:[EMAIL PROTECTED]
Sent: Thursday, June 30, 2005 7:36 PM
To: security-dev@xml.apache.org
Subject: RE: Enveloped suggestions
Just had a crack at using the id and it seems to work. Given
that my app is
building the XML to begin with I think I can live with the
limitations you
mentioned.
I notice that the reference samples (JWSDP 1.5) seem to ignore the
canonicalization process on both the signing and verification
processes. (I
tested removing some whitespace and wondered why it would not
verify until I
took a closer look at the code).
So I guess I'm still interested in which of the Apache
samples fits best
(and does canonicalization properly).
Regards
Marty
-----Original Message-----
From: Martin Ravell [mailto:[EMAIL PROTECTED]
Sent: Friday, 1 July 2005 8:28 AM
To: security-dev@xml.apache.org
Subject: RE: Enveloped suggestions
Thanks for the pointer Scott. I'll take another look at the reference
implementation.
I'm kind of interested in the Apache security stuff now and
my question on
which of the samples to focus on still stands. Can you (or
anyone out there
on the list) suggest a tutorial or even just which of the samples best
covers the process of creating an enveloped signature and
then validates it?
Thanks
Marty
-----Original Message-----
From: Scott Cantor [mailto:[EMAIL PROTECTED]
Sent: Friday, 1 July 2005 12:58 AM
To: security-dev@xml.apache.org
Subject: RE: Enveloped suggestions
I had also looked at the reference implementation that
ships with the
JWSDP
1.5 but had problems in being able to specify a particular
element via
URI.
The sample given seems to specify the whole document with a "" blank
String
but when I try a relative URI (#elementname) it falls on it's arse.
You can't specify an element in a fragment by name, only by
ID. Which has
its own set of endless problems since IDs are technically
only legal in the
presence of a DTD, so there are endless hacks to try and
establish what
attributes are IDs and they all require knowing ahead of time
what's been
signed.
-- Scott
