Hello!
Well, this is one of the "dark corners" of the XMLDSig spec...
From http://www.w3.org/TR/xmldsig-core/
URI=""
Identifies the node-set (minus any comment nodes) of the
XML resource containing the signature
Thus, the comments are removed even before you get to the c14n.
You can workaround this by using the following reference URI:
<Reference URI="#xpointer(/)">
Best,
Aleksey
Olav Morken wrote:
Hi,
when the XMLSec library processes a reference with a #WithComments
canonicalization, it doesn't include the comments in the PreDigest data.
Is this a bug or have I misunderstood how the [...]#WithComments
canonicalizations are supposed to work?
To test this I used version 1.2.11 of the XMLSec library, with the
sign1-program from:
http://www.aleksey.com/xmlsec/api/xmlsec-examples-sign-template-file.html#XMLSEC-EXAMPLE-SIGN1
I modified this program slightly to do a debug dump after creating the
signature. The program is attached as sign1.c, and the debug output
is attached as debug.txt. The document i tried to sign was test.xml,
which is also attached.
data.xml looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<Test>
<!-- Comment! -->
<Data>test</Data>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
...
</Signature>
</Test>
And the relevant part of the debug output is this:
[...]
=== Transform: c14n-with-comments
(href=http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments)
[...]
== PreDigest data - start buffer:
<Test>
<Data>test</Data>
</Test>
== PreDigest data - end buffer
[...]
Thanks,
Olav Morken
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
