> Inconsistent c14n has caused us to have validation failures in the past, and > I have found no decent way to finding out what exactly the canonicalizer > output looks like. I've had to use the debugger and set the "os" stream to a > FileOutputStream in DOMReference.transform(Data, XMLCryptoContext) so the > canonicalizer writes to a file, then I can compare c14n output on the signer > and validator components.
There's a logging category that dumps exactly what gets digested, so you don't really need to do this to get hold of the bytes. > a) setting "org.apache.xml.security.ignoreLineBreaks" system property to > true (a hint to the Base64 encoder not to put line breaks in its output) on > the signer and validator components. It was a requirement of our system that > the output must support having no line-breaks. But it's not a requirement of XML Signature or the c14n specs. In fact, I can point you at some older code that breaks if you *don't* have line feeds, so the moral is, accomodating buggy software is often a mistake. -- Scott
