You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Peter De Maeyer (Jira)" <ji...@apache.org> on 2020/02/09 11:36:00 UTC

[jira] [Created] (SANTUARIO-525) Base64 encoded elements contain " " entity references

Peter De Maeyer created SANTUARIO-525:
-----------------------------------------

             Summary: Base64 encoded elements contain "&#xd;" entity references
                 Key: SANTUARIO-525
                 URL: https://issues.apache.org/jira/browse/SANTUARIO-525
             Project: Santuario
          Issue Type: Improvement
          Components: Java
    Affects Versions: Java 2.1.4
            Reporter: Peter De Maeyer
            Assignee: Colm O hEigeartaigh


Base64 elements resulting from signing or encryption contain ugly entity reference "&#xd;", which is the encoded carriage return. The reason is that the RFC 4648 Base64 encoder uses CRLF as line separator, but XML  encodes it as "&#xd;".
This has a couple of drawbacks:
* It prevents textual copy-pasting of content in the XML document as Base64, since the "&#xd;" itself is not part of the Base64 encoding and causes the copied text to be invalid as Base64.

{code:xml}
  <PaymentInfo><xenc:EncryptedData xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" Id="G1b451a56-51d2-4c77-ba0b-38e520f930cb" Type="http://www.w3.org/2001/04/xmlenc#Content"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes256-cbc"/><dsig:KeyInfo xmlns:dsig="http://www.w3.org/200 0/09/xmldsig#"><xenc:EncryptedKey Id="EK1699d223-498c-4f78-876c-8f40bf1fde08"><xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/><xenc:CipherData><xenc:CipherValue>sO0Jq5RHTq1FLCrp0tHvEbnD098pdRedo8n3fW1hwO9iRIZgmTsebCFtUahszR8EjAQeF0/kaukT&#xd;
zrZVlhI7USL11T8/GKjCOgzoLgqXFq2bwMgqdpuInvMTWu26kujLpwz3FuqVT7+dPj3L7H37z6iT&#xd;
PS9vuM5jBBdrR+4v9Sw=</xenc:CipherValue></xenc:CipherData></xenc:EncryptedKey></dsig:KeyInfo><xenc:CipherData><xenc:CipherValue>VHzeKRWn0OReM+8PnXZ05oum2WYfmr8UM+cr9xFmPZ2gkT9vt8oth3NcqTyXReLdzqQTrKdZE/Le&#xd;
K8PnhehDsZQ2qRc7RLp1UxJcJOrEseefwjUT6HVCicjbgleL9k60GZCnw6vigLCB6Q5/GXKXIL9K&#xd;
1vYaYtZNoYtR+zSRSQikoNPK4U9RgVOeg2/OxtdNo0ZOhbLCFO8frjC9+krPxlJ708NAZ1wn5/b6&#xd;
sB+WLNicPeg+ldNNH2dzHKIZe0DlgdVsiQHWFCOelAmFdbg4YaUaga8IrnKcIg8lUWEFmlCN2nqy&#xd;
IJLnnnhRuAo7Gh9r4imXhXJ9GiqkayRmNP02j9MxHVckZwWHcRAqf5ujiqU=&#xd;
</xenc:CipherValue></xenc:CipherData></xenc:EncryptedData></PaymentInfo>
{code}

As an improvement, I suggest to make this configurable.
To some extent, that is already the case: using the system property "org.apache.xml.security.ignoreLineBreaks" it is already possible to disable Base64 line breaks altogether.
I'm suggesting to make it more configurable per encryption, on the {{XMLSecurityProperties}} themselves.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)