(Please hit reply-to-all when you reply so that your email goes to the
list and not just to me).
Jean-Charles Laurent wrote:
Hi Brent,
Yes I did write to a file and I validate it with a Java tool (found on
the web) or with a Java program that I got in the sample directory of
xml security package. I am quite sure what we are sending is a valid
xml signature file. I think this is an issue with dot-net.
Well, then ultimately it's not your problem, and if I were you, I
personally would not waste my time trying to work around someone else's
broken code. Ask them to fix it.
Here someone did a signature with a dot-net program and for it to
validate on the peer side, they needed to use some dot-net parameter
to prevent blanks or newline characters in the signature. We know that
it is not being corrupted on the way (since we can send the dot-net
result and it is valide). Their resulting sign XML file has the
SignedInfo tag on a single line with no carriage return characters.
This is what I am trying to reproduce with my Java application.
I understand. Good luck. Even if you get the line breaks feature
working, realize this very may not actually fix your problem, given
everything that you've said. I'd be very wary.
Out of curiosity: do you know whether the .NET code that is being used
to validate is some standard .NET XML Signature library, or something
that someone just wrote up for this particular application? If the
former, I'd be interested to know what it is, just for future reference...
I tried to set the parameter
"org.apache.xml.security.ignoreLineBreaks" and I semm to have no
effect on my signature. I must be doing something wrong. I tried as
you suggested via the -D option ("java
-Dorg.apache.xml.security.ignoreLineBreaks=true ..."). To make sure
the parameter is set correctly, I do a
System.out.println("ignoreLineBreaks="+System.getProperty("org.apache.xml.security.ignoreLineBreaks"));
which displays true.
I haven't personally used this feature, perhaps someone on the Apache
xml security dev team can comment. But one thing is (and sorry I didn't
realize this before): according to SVN the last Java xmlsec release
(1.4.1) was tagged in May 2007, and this ignore line breaks feature
wasn't added until October 2007, so you would have to be running with a
xmlsec jar built from recent source, or perhaps try with the 1.4.2 beta
(or release candidate?) that I believe Sean currently has out there
somewhere.
--Brent
