Re: signature elements indent

[Sean Mullan]

Another question to ask is why do you want to indent the signature? Is 
this for making it easier to view? If so, then just use an XML-aware 
editor or web browser like firefox that automatically formats and 
indents the XML so it looks nicer.

--Sean
Raul Benito wrote:
We have a feature request like this in the bugzilla DB. If anyone want
to take it, and send the patchs, feel free.


On 2/13/07, Berin Lautenbach <[EMAIL PROTECTED]> wrote:
I'm not sure what can be done in the Java library to control or turn off
indenting.

Anyone else able to assist?

Cheers,
        Berin

Jorge Martín Cuervo wrote:
> Hi Berin,
>
>
> Maybe for me, a solution would be eliminate all line feeds and carriage
> returns in the Signature element. So, the xml can be indented and 
before
> the validation i can clean up again this LF/CR.
>
> is it posible? is there any posibility to configure the API like this?
>
> thanks again!
>
>
> El mar, 13 de 02 de 2007 a las 09:32, Berin Lautenbach escribió:
>> /You need to do your indenting before you sign, which means you can
>> really only indent your own XML prior to attaching the signature node.
>> The library handles the indenting of the <Signature> elements.  Off 
the
>> top of my head I'm not sure how much control you can have of that for
>> the Java library.  For the C++ library you can turn indenting on and
>> off, but when it's on there no way to tell it how to indent.
>>
>> The merlin signature below was all indented before the final signature
>> was made.  If you were to change even one space in the indenting, the
>> signature would fail.
>>
>> Cheers,
>>      Berin
>>
>> Jorge Martín Cuervo wrote:
>> > Hola Raul
>> >
>> > i understand, but after check the xml files used in the samples i 
found
>> > several like this in merlin directory:
>> >
>> > <?xml version="1.0" encoding="UTF-8"?>
>> > <Signature xmlns="//http://www.w3.org/2000/09/xmldsig#";>
>> >   <SignedInfo>
>> >     <CanonicalizationMethod 
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />
>> >     <SignatureMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
>> >     <Reference URI="http://www.w3.org/TR/xml-stylesheet";>
>> >       <DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
>> >       <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
>> >     </Reference>
>> >   </SignedInfo>
>> >   <SignatureValue>
>> >     KTe1H5Hjp8hwahNFoUqHDuPJNNqhS1U3BBBH5/gByItNIwV18nMiLq4KunzFnOqD
>> >     xzTuO0/T+wsoYC1xOEuCDxyIujNCaJfLh+rCi5THulnc8KSHHEoPQ+7fA1VjmO31
>> >     2iw1iENOi7m//wzKlIHuxZCJ5nvolT21PV6nSE4DHlA=
>> >   </SignatureValue>
>> >   <KeyInfo>
>> >     <KeyName>Lugh</KeyName>
>> >   </KeyInfo>
>> > </Signature>
>> >
>> > I seems to be indented, and (i supose) still works. How did 
Merlin get
>> > that signatures?
>> >
>> > thanks
>> >
>> > El lun, 12 de 02 de 2007 a las 18:32, Raul Benito escribió:
>> >> /Hola Jorge,
>> >>
>> >> Sorry no luck, If you change the signature it will be void. No 
matter
>> >> what books have told, spaces are an important part of the XML. 
And it
>> >> means a lot. You cannot change it without changing the signature.
>> >>
>> >> Regards,
>> >>
>> >> Raul
>> >>
>> >> On 12 Feb 2007 12:00:20 +0100, *Jorge Martín Cuervo*
>> >> <//[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
>> >> wrote: /
>> >>
>> >>     / Hi all,
>> >>
>> >>     I want to create a signature inside an xml file, i use several
>> >>     transforms to get a portion of the original xml with xpath, 
and to
>> >>     canonize. I decided to don't attach the public keys.
>> >>
>> >>
>> >>     /
>> >>
>> >>     /<?xml version="1.0" encoding="UTF-8"?>
>> >>     <hr:Candidate xmlns:df="http://defactops.com"; 
xmlns:hr="http://ns.hr-xml.org/2004-08-02"; xmlns:xs="
>> >>     http://www.w3.org/2001/XMLSchema"; 
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";>
>> >>         <hr:CandidateRecordInfo>
>> >>             <hr:Id>
>> >>                 <hr:IdValue name="id">1158138667963</hr:IdValue>
>> >>             </hr:Id>
>> >>             <hr:Id>
>> >>                 <hr:IdValue name="version">
>> >>     0.9.0</hr:IdValue>
>> >>             </hr:Id>
>> >>             <hr:Id>
>> >>                 <hr:IdValue name="model">0.9.0</hr:IdValue>
>> >>             </hr:Id>
>> >>             <hr:Id>
>> >>                 <hr:IdValue name="host">
>> >>     127.0.0.1 <http://127.0.0.1></hr:IdValue 
<http://127.0.0.1></hr:IdValue>>
>> >>             </hr:Id>
>> >>         </hr:CandidateRecordInfo>
>> >>         <hr:CandidateProfile>
>> >>
>> >>             [...]
>> >>             </hr:UserArea>
>> >>         <HRSignature id="protean-xmldsig-01"><ds:Signature 
xmlns:ds="
>> >>     http://www.w3.org/2000/09/xmldsig#";>
>> >>     <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>> >>     <ds:CanonicalizationMethod 
Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>> >>     <ds:SignatureMethod Algorithm="
>> >>     http://www.w3.org/2000/09/xmldsig#dsa-sha1"; xmlns:ds="
>> >>     http://www.w3.org/2000/09/xmldsig#"/>
>> >>     <ds:Reference URI="" 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>> >>     <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#";>
>> >>     <ds:Transform Algorithm="
>> >>     http://www.w3.org/2002/06/xmldsig-filter2"; xmlns:ds="
>> >>     http://www.w3.org/2000/09/xmldsig#";>
>> >>     <dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath="
>> >>     
http://www.w3.org/2002/06/xmldsig-filter2";>/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath> 

>> >>     </ds:Transform>
>> >>     <ds:Transform Algorithm="
>> >>     
http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"; 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>> >>     </ds:Transforms>
>> >>     <ds:DigestMethod 
Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; 
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>> >>     <ds:DigestValue xmlns:ds="
>> >>     
http://www.w3.org/2000/09/xmldsig#";>ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue> 

>> >>     </ds:Reference>
>> >>
>> >>     </ds:SignedInfo>
>> >>     <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#
>> >>     
">l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue> 

>> >>     </ds:Signature></HRSignature></hr:Resume>
>> >>     </hr:Candidate>/
>> >>
>> >>     /
>> >>     It works pretty well, (the sign and the verification 
process) but,
>> >>     when i indent the whole file, the *Signature* element 
content is
>> >>     indented too and the validation process fails.
>> >>
>> >>     is there any way to canonice the Signature element? is this a
>> >>     common problem? how can i solve this?
>> >>
>> >>
>> >>     thank you!
>> >>
>> >>     pd: i'm new in this mailing list, and sorry if this issue was
>> >>     commented before./
>> >>
>> >>     --
>> >>     ;-)
>> >>     ____________________________________
>> >>     Jorge Martin Cuervo
>> >>     Analista Programador
>> >>
>> >>     Outsourcing Emarketplace
>> >>     deFacto Powered by Standards
>> >>
>> >>     email <
>> >>     [EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>>
>> >>     voz +34 985 129 820
>> >>     voz +34 660 026 384
>> >>     ____________________________________
>> >>
>> >> /
>> >>
>> >>
>> >> -- //
>> >> http://r-bg.com/
>> >
>> > --
>> > ;-)
>> > ____________________________________
>> > Jorge Martin Cuervo
>> > Analista Programador
>> >
>> > Outsourcing Emarketplace
>> > deFacto Powered by Standards
>> >
>> > email <[EMAIL PROTECTED]>
>> > voz +34 985 129 820
>> > voz +34 660 026 384
>> > ____________________________________
>> > /
>
> --
> ;-)
> ____________________________________
> Jorge Martin Cuervo
> Analista Programador
>
> Outsourcing Emarketplace
> deFacto Powered by Standards
>
> email <[EMAIL PROTECTED]>
> voz +34 985 129 820
> voz +34 660 026 384
> ____________________________________
>
>