> Inconsistent c14n has caused us to have validation failures in the past,
and
> I have found no decent way to finding out what exactly the canonicalizer
> output looks like. I've had to use the debugger and set the "os" stream to
a
> FileOutputStream in DOMReference.transform(Data, XMLCryptoContext) so the
> canonicalizer writes to a file, then I can compare c14n output on the
signer
> and validator components.

There's a logging category that dumps exactly what gets digested, so you
don't really need to do this to get hold of the bytes.

> a) setting "org.apache.xml.security.ignoreLineBreaks" system property to
> true (a hint to the Base64 encoder not to put line breaks in its output)
on
> the signer and validator components. It was a requirement of our system
that
> the output must support having no line-breaks.

But it's not a requirement of XML Signature or the c14n specs. In fact, I
can point you at some older code that breaks if you *don't* have line feeds,
so the moral is, accomodating buggy software is often a mistake.

-- Scott


Reply via email to