[xmlsec] Required newlines in signed document xml ?
Meg Morgan
meg at votehere.net
Thu Feb 13 14:52:37 PST 2003
I'd appreciate comments on this, because I have never
run against this kind of problem before in dealing
with xml trees, and I have dealt with them quite a
bit.
I mentioned before that I use output from one test
to fuel other tests. Therefore I end up with xml
data that I "compile" as variables. What I found
is that xmlSecDSigValidate will fail in obtuse ways
if you don't format your data EXACTLY as it was
generated. IMHO, xml trees shouldn't care about
newlines, EVER.
Here is the data I compiled. Note the presence of
the \n characters. Add one or delete one and validation
will fail. BTW the same is true for PEM keys except they
require \r\n characters in their representation at the end
of each line.
const char *const valid_signed_document = "<?xml version=\"1.0\"?>\n"
"<SignedDocument HashType=\"SHA1\">"
"<DocumentText>C32733A4A7B814BF1E2A1C62DF4AD3D947F14F4F</DocumentText>"
"<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n"
"<SignedInfo>\n"
"<CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>\n"
"<SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#dsa-sha1\"/>\n"
"<Reference>\n"
"<Transforms>\n"
"<Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>\n"
"</Transforms>\n"
"<DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>\n"
"<DigestValue>XhHSuXYPL/z/ggVVvgePCNqX0WE=</DigestValue>\n"
"</Reference>\n"
"</SignedInfo>\n"
"<SignatureValue>iHOHNAMjEMCUpTD7bSDBkAYNYX5oGMwdzUUTHlZpwJ8G2mjCQyWyiw==</SignatureValue>\n"
"<KeyInfo>\n"
"<KeyValue>\n"
"<DSAKeyValue>\n"
"<P>\n"
"kGibeF5BZlcgpiwO24ckwnojS/xldXpA46AvXu5j/uKnMgZRZAKqnMLLy8EWNqRgl5AEikS0sBofC5tWU3oOxU"
"EQmzkbDKfiM43ePmYSujcjUU4c0v7yrDXstzs6/3Lz3B3zhg0nhwN7xlVNKyNgGDPxcISYjl2Le5RfjHVdAl0=\n"
"</P>\n"
"<Q>\n"
"jp7LT2KHDFGPnZQACv62U7gxOTU=\n"
"</Q>\n"
"<G>\n"
"XV5pnUDC1D5J/IUOc3orzx8pu8JQnt1fnwwD8VS51bveYjyT2PIU1laHqzSTzaaUI5WYS20LmXcLMsMsLBFGf"
"+EvfEUAmYipgXSI/HKOmjLPYPmAx5kSz/oePzTX4SKWRvKAkMdqVPQMoo91umCYFGG6MaduM/XhnDUDcW6o3s0=\n"
"</G>\n"
"<Y>\n"
"JmAWvfusQGi1PMog3b5abCDZVcjbNgBn90bCE86BQwQZfa0ZdZukUc+ZAraBxsCpZ/wwcgT3IHCVt7mttlJR"
"Iibs00u9Yze8QzxZjFJ7WsXwSKTX+hDXTai0wk/pU0xnfTzhUQd0w5fzHSkIEpFQrEy3sNkw3dN+VfCs+I9jG/o=\n"
"</Y>\n"
"</DSAKeyValue>\n"
"</KeyValue>\n"
"</KeyInfo>\n"
"</Signature></SignedDocument>";
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Meg Morgan 425/450-2754
meg at votehere.net http://www.votehere.net
More information about the xmlsec
mailing list