You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Jorge Martín Cuervo <jo...@defactops.com> on 2007/02/12 12:00:20 UTC
signature elements indent
Hi all,
I want to create a signature inside an xml file, i use several
transforms to get a portion of the original xml with xpath, and to
canonize. I decided to don't attach the public keys.
<?xml version="1.0" encoding="UTF-8"?>
<hr:Candidate xmlns:df="http://defactops.com" xmlns:hr="http://ns.hr-xml.org/2004-08-02" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
<hr:CandidateRecordInfo>
<hr:Id>
<hr:IdValue name="id">1158138667963</hr:IdValue>
</hr:Id>
<hr:Id>
<hr:IdValue name="version">0.9.0</hr:IdValue>
</hr:Id>
<hr:Id>
<hr:IdValue name="model">0.9.0</hr:IdValue>
</hr:Id>
<hr:Id>
<hr:IdValue name="host">127.0.0.1</hr:IdValue>
</hr:Id>
</hr:CandidateRecordInfo>
<hr:CandidateProfile>
[...]
</hr:UserArea>
<HRSignature id="protean-xmldsig-01"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath="http://www.w3.org/2002/06/xmldsig-filter2">/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath>
</ds:Transform>
<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
<ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue>
</ds:Signature></HRSignature></hr:Resume>
</hr:Candidate>
It works pretty well, (the sign and the verification process) but, when
i indent the whole file, the Signature element content is indented too
and the validation process fails.
is there any way to canonice the Signature element? is this a common
problem? how can i solve this?
thank you!
pd: i'm new in this mailing list, and sorry if this issue was commented
before.
--
;-)
____________________________________
Jorge Martin Cuervo
Analista Programador
Outsourcing Emarketplace
deFacto Powered by Standards
email <jo...@defactops.com>
voz +34 985 129 820
voz +34 660 026 384
____________________________________
Re: signature elements indent
Posted by Jorge Martín Cuervo <jo...@defactops.com>.
Hi Sean, this isn't my main purpouse, but i want to continue editing the
xml without be concerned with this issues.
I want to sign an xml part, and keep editable the others. Maybe the user
or the editor make indentation, insert spaces and something else that
change the shape of the xml, but not the content.
For instance, in my application (an specific xml editor), in the save
process i switch on the indentation flag in DOM code, and i also have
some "xml cleaning" code (some kind of c14n). So, if i load a signed
xml, and edit a part not related with the signature, whole xml is
reindented when i write do disc.
If i could write the signature element without spaces, line feeds and
carriage returns, before signature validation i can reformat like this
and the sign is still valid.
thanks for all the responses!!
cheers
El mar, 13 de 02 de 2007 a las 19:48, Sean Mullan escribió:
> Another question to ask is why do you want to indent the signature? Is
> this for making it easier to view? If so, then just use an XML-aware
> editor or web browser like firefox that automatically formats and
> indents the XML so it looks nicer.
>
> --Sean
>
> Raul Benito wrote:
> > We have a feature request like this in the bugzilla DB. If anyone want
> > to take it, and send the patchs, feel free.
> >
> >
> > On 2/13/07, Berin Lautenbach <be...@wingsofhermes.org> wrote:
> >> I'm not sure what can be done in the Java library to control or turn off
> >> indenting.
> >>
> >> Anyone else able to assist?
> >>
> >> Cheers,
> >> Berin
> >>
> >> Jorge Martín Cuervo wrote:
> >> > Hi Berin,
> >> >
> >> >
> >> > Maybe for me, a solution would be eliminate all line feeds and carriage
> >> > returns in the Signature element. So, the xml can be indented and
> >> before
> >> > the validation i can clean up again this LF/CR.
> >> >
> >> > is it posible? is there any posibility to configure the API like this?
> >> >
> >> > thanks again!
> >> >
> >> >
> >> > El mar, 13 de 02 de 2007 a las 09:32, Berin Lautenbach escribió:
> >> >> /You need to do your indenting before you sign, which means you can
> >> >> really only indent your own XML prior to attaching the signature node.
> >> >> The library handles the indenting of the <Signature> elements. Off
> >> the
> >> >> top of my head I'm not sure how much control you can have of that for
> >> >> the Java library. For the C++ library you can turn indenting on and
> >> >> off, but when it's on there no way to tell it how to indent.
> >> >>
> >> >> The merlin signature below was all indented before the final signature
> >> >> was made. If you were to change even one space in the indenting, the
> >> >> signature would fail.
> >> >>
> >> >> Cheers,
> >> >> Berin
> >> >>
> >> >> Jorge Martín Cuervo wrote:
> >> >> > Hola Raul
> >> >> >
> >> >> > i understand, but after check the xml files used in the samples i
> >> found
> >> >> > several like this in merlin directory:
> >> >> >
> >> >> > <?xml version="1.0" encoding="UTF-8"?>
> >> >> > <Signature xmlns="//http://www.w3.org/2000/09/xmldsig#">
> >> >> > <SignedInfo>
> >> >> > <CanonicalizationMethod
> >> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> >> >> > <SignatureMethod
> >> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> >> >> > <Reference URI="http://www.w3.org/TR/xml-stylesheet">
> >> >> > <DigestMethod
> >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >> >> > <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
> >> >> > </Reference>
> >> >> > </SignedInfo>
> >> >> > <SignatureValue>
> >> >> > KTe1H5Hjp8hwahNFoUqHDuPJNNqhS1U3BBBH5/gByItNIwV18nMiLq4KunzFnOqD
> >> >> > xzTuO0/T+wsoYC1xOEuCDxyIujNCaJfLh+rCi5THulnc8KSHHEoPQ+7fA1VjmO31
> >> >> > 2iw1iENOi7m//wzKlIHuxZCJ5nvolT21PV6nSE4DHlA=
> >> >> > </SignatureValue>
> >> >> > <KeyInfo>
> >> >> > <KeyName>Lugh</KeyName>
> >> >> > </KeyInfo>
> >> >> > </Signature>
> >> >> >
> >> >> > I seems to be indented, and (i supose) still works. How did
> >> Merlin get
> >> >> > that signatures?
> >> >> >
> >> >> > thanks
> >> >> >
> >> >> > El lun, 12 de 02 de 2007 a las 18:32, Raul Benito escribió:
> >> >> >> /Hola Jorge,
> >> >> >>
> >> >> >> Sorry no luck, If you change the signature it will be void. No
> >> matter
> >> >> >> what books have told, spaces are an important part of the XML.
> >> And it
> >> >> >> means a lot. You cannot change it without changing the signature.
> >> >> >>
> >> >> >> Regards,
> >> >> >>
> >> >> >> Raul
> >> >> >>
> >> >> >> On 12 Feb 2007 12:00:20 +0100, *Jorge Martín Cuervo*
> >> >> >> <//jorge.martin@defactops.com <ma...@defactops.com>>
> >> >> >> wrote: /
> >> >> >>
> >> >> >> / Hi all,
> >> >> >>
> >> >> >> I want to create a signature inside an xml file, i use several
> >> >> >> transforms to get a portion of the original xml with xpath,
> >> and to
> >> >> >> canonize. I decided to don't attach the public keys.
> >> >> >>
> >> >> >>
> >> >> >> /
> >> >> >>
> >> >> >> /<?xml version="1.0" encoding="UTF-8"?>
> >> >> >> <hr:Candidate xmlns:df="http://defactops.com"
> >> xmlns:hr="http://ns.hr-xml.org/2004-08-02" xmlns:xs="
> >> >> >> http://www.w3.org/2001/XMLSchema"
> >> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> >> >> >> <hr:CandidateRecordInfo>
> >> >> >> <hr:Id>
> >> >> >> <hr:IdValue name="id">1158138667963</hr:IdValue>
> >> >> >> </hr:Id>
> >> >> >> <hr:Id>
> >> >> >> <hr:IdValue name="version">
> >> >> >> 0.9.0</hr:IdValue>
> >> >> >> </hr:Id>
> >> >> >> <hr:Id>
> >> >> >> <hr:IdValue name="model">0.9.0</hr:IdValue>
> >> >> >> </hr:Id>
> >> >> >> <hr:Id>
> >> >> >> <hr:IdValue name="host">
> >> >> >> 127.0.0.1 <http://127.0.0.1></hr:IdValue
> >> <http://127.0.0.1></hr:IdValue>>
> >> >> >> </hr:Id>
> >> >> >> </hr:CandidateRecordInfo>
> >> >> >> <hr:CandidateProfile>
> >> >> >>
> >> >> >> [...]
> >> >> >> </hr:UserArea>
> >> >> >> <HRSignature id="protean-xmldsig-01"><ds:Signature
> >> xmlns:ds="
> >> >> >> http://www.w3.org/2000/09/xmldsig#">
> >> >> >> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> >> >> <ds:CanonicalizationMethod
> >> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >> >> >> <ds:SignatureMethod Algorithm="
> >> >> >> http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns:ds="
> >> >> >> http://www.w3.org/2000/09/xmldsig#"/>
> >> >> >> <ds:Reference URI=""
> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> >> >> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> >> >> <ds:Transform Algorithm="
> >> >> >> http://www.w3.org/2002/06/xmldsig-filter2" xmlns:ds="
> >> >> >> http://www.w3.org/2000/09/xmldsig#">
> >> >> >> <dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath="
> >> >> >>
> >> http://www.w3.org/2002/06/xmldsig-filter2">/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath>
> >>
> >> >> >> </ds:Transform>
> >> >> >> <ds:Transform Algorithm="
> >> >> >>
> >> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >> >> >> </ds:Transforms>
> >> >> >> <ds:DigestMethod
> >> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
> >> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >> >> >> <ds:DigestValue xmlns:ds="
> >> >> >>
> >> http://www.w3.org/2000/09/xmldsig#">ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue>
> >>
> >> >> >> </ds:Reference>
> >> >> >>
> >> >> >> </ds:SignedInfo>
> >> >> >> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#
> >> >> >>
> >> ">l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue>
> >>
> >> >> >> </ds:Signature></HRSignature></hr:Resume>
> >> >> >> </hr:Candidate>/
> >> >> >>
> >> >> >> /
> >> >> >> It works pretty well, (the sign and the verification
> >> process) but,
> >> >> >> when i indent the whole file, the *Signature* element
> >> content is
> >> >> >> indented too and the validation process fails.
> >> >> >>
> >> >> >> is there any way to canonice the Signature element? is this a
> >> >> >> common problem? how can i solve this?
> >> >> >>
> >> >> >>
> >> >> >> thank you!
> >> >> >>
> >> >> >> pd: i'm new in this mailing list, and sorry if this issue was
> >> >> >> commented before./
> >> >> >>
> >> >> >> --
> >> >> >> ;-)
> >> >> >> ____________________________________
> >> >> >> Jorge Martin Cuervo
> >> >> >> Analista Programador
> >> >> >>
> >> >> >> Outsourcing Emarketplace
> >> >> >> deFacto Powered by Standards
> >> >> >>
> >> >> >> email <
> >> >> >> jorge.martin@defactops.com <ma...@defactops.com>>
> >> >> >> voz +34 985 129 820
> >> >> >> voz +34 660 026 384
> >> >> >> ____________________________________
> >> >> >>
> >> >> >> /
> >> >> >>
> >> >> >>
> >> >> >> -- //
> >> >> >> http://r-bg.com/
> >> >> >
> >> >> > --
> >> >> > ;-)
> >> >> > ____________________________________
> >> >> > Jorge Martin Cuervo
> >> >> > Analista Programador
> >> >> >
> >> >> > Outsourcing Emarketplace
> >> >> > deFacto Powered by Standards
> >> >> >
> >> >> > email <jo...@defactops.com>
> >> >> > voz +34 985 129 820
> >> >> > voz +34 660 026 384
> >> >> > ____________________________________
> >> >> > /
> >> >
> >> > --
> >> > ;-)
> >> > ____________________________________
> >> > Jorge Martin Cuervo
> >> > Analista Programador
> >> >
> >> > Outsourcing Emarketplace
> >> > deFacto Powered by Standards
> >> >
> >> > email <jo...@defactops.com>
> >> > voz +34 985 129 820
> >> > voz +34 660 026 384
> >> > ____________________________________
> >> >
> >> >
> >>
> >
> >
>
--
;-)
____________________________________
Jorge Martin Cuervo
Analista Programador
Outsourcing Emarketplace
deFacto Powered by Standards
email <jo...@defactops.com>
voz +34 985 129 820
voz +34 660 026 384
____________________________________
Re: signature elements indent
Posted by Sean Mullan <Se...@Sun.COM>.
Another question to ask is why do you want to indent the signature? Is
this for making it easier to view? If so, then just use an XML-aware
editor or web browser like firefox that automatically formats and
indents the XML so it looks nicer.
--Sean
Raul Benito wrote:
> We have a feature request like this in the bugzilla DB. If anyone want
> to take it, and send the patchs, feel free.
>
>
> On 2/13/07, Berin Lautenbach <be...@wingsofhermes.org> wrote:
>> I'm not sure what can be done in the Java library to control or turn off
>> indenting.
>>
>> Anyone else able to assist?
>>
>> Cheers,
>> Berin
>>
>> Jorge Martín Cuervo wrote:
>> > Hi Berin,
>> >
>> >
>> > Maybe for me, a solution would be eliminate all line feeds and carriage
>> > returns in the Signature element. So, the xml can be indented and
>> before
>> > the validation i can clean up again this LF/CR.
>> >
>> > is it posible? is there any posibility to configure the API like this?
>> >
>> > thanks again!
>> >
>> >
>> > El mar, 13 de 02 de 2007 a las 09:32, Berin Lautenbach escribió:
>> >> /You need to do your indenting before you sign, which means you can
>> >> really only indent your own XML prior to attaching the signature node.
>> >> The library handles the indenting of the <Signature> elements. Off
>> the
>> >> top of my head I'm not sure how much control you can have of that for
>> >> the Java library. For the C++ library you can turn indenting on and
>> >> off, but when it's on there no way to tell it how to indent.
>> >>
>> >> The merlin signature below was all indented before the final signature
>> >> was made. If you were to change even one space in the indenting, the
>> >> signature would fail.
>> >>
>> >> Cheers,
>> >> Berin
>> >>
>> >> Jorge Martín Cuervo wrote:
>> >> > Hola Raul
>> >> >
>> >> > i understand, but after check the xml files used in the samples i
>> found
>> >> > several like this in merlin directory:
>> >> >
>> >> > <?xml version="1.0" encoding="UTF-8"?>
>> >> > <Signature xmlns="//http://www.w3.org/2000/09/xmldsig#">
>> >> > <SignedInfo>
>> >> > <CanonicalizationMethod
>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
>> >> > <SignatureMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>> >> > <Reference URI="http://www.w3.org/TR/xml-stylesheet">
>> >> > <DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> >> > <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
>> >> > </Reference>
>> >> > </SignedInfo>
>> >> > <SignatureValue>
>> >> > KTe1H5Hjp8hwahNFoUqHDuPJNNqhS1U3BBBH5/gByItNIwV18nMiLq4KunzFnOqD
>> >> > xzTuO0/T+wsoYC1xOEuCDxyIujNCaJfLh+rCi5THulnc8KSHHEoPQ+7fA1VjmO31
>> >> > 2iw1iENOi7m//wzKlIHuxZCJ5nvolT21PV6nSE4DHlA=
>> >> > </SignatureValue>
>> >> > <KeyInfo>
>> >> > <KeyName>Lugh</KeyName>
>> >> > </KeyInfo>
>> >> > </Signature>
>> >> >
>> >> > I seems to be indented, and (i supose) still works. How did
>> Merlin get
>> >> > that signatures?
>> >> >
>> >> > thanks
>> >> >
>> >> > El lun, 12 de 02 de 2007 a las 18:32, Raul Benito escribió:
>> >> >> /Hola Jorge,
>> >> >>
>> >> >> Sorry no luck, If you change the signature it will be void. No
>> matter
>> >> >> what books have told, spaces are an important part of the XML.
>> And it
>> >> >> means a lot. You cannot change it without changing the signature.
>> >> >>
>> >> >> Regards,
>> >> >>
>> >> >> Raul
>> >> >>
>> >> >> On 12 Feb 2007 12:00:20 +0100, *Jorge Martín Cuervo*
>> >> >> <//jorge.martin@defactops.com <ma...@defactops.com>>
>> >> >> wrote: /
>> >> >>
>> >> >> / Hi all,
>> >> >>
>> >> >> I want to create a signature inside an xml file, i use several
>> >> >> transforms to get a portion of the original xml with xpath,
>> and to
>> >> >> canonize. I decided to don't attach the public keys.
>> >> >>
>> >> >>
>> >> >> /
>> >> >>
>> >> >> /<?xml version="1.0" encoding="UTF-8"?>
>> >> >> <hr:Candidate xmlns:df="http://defactops.com"
>> xmlns:hr="http://ns.hr-xml.org/2004-08-02" xmlns:xs="
>> >> >> http://www.w3.org/2001/XMLSchema"
>> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> >> >> <hr:CandidateRecordInfo>
>> >> >> <hr:Id>
>> >> >> <hr:IdValue name="id">1158138667963</hr:IdValue>
>> >> >> </hr:Id>
>> >> >> <hr:Id>
>> >> >> <hr:IdValue name="version">
>> >> >> 0.9.0</hr:IdValue>
>> >> >> </hr:Id>
>> >> >> <hr:Id>
>> >> >> <hr:IdValue name="model">0.9.0</hr:IdValue>
>> >> >> </hr:Id>
>> >> >> <hr:Id>
>> >> >> <hr:IdValue name="host">
>> >> >> 127.0.0.1 <http://127.0.0.1></hr:IdValue
>> <http://127.0.0.1></hr:IdValue>>
>> >> >> </hr:Id>
>> >> >> </hr:CandidateRecordInfo>
>> >> >> <hr:CandidateProfile>
>> >> >>
>> >> >> [...]
>> >> >> </hr:UserArea>
>> >> >> <HRSignature id="protean-xmldsig-01"><ds:Signature
>> xmlns:ds="
>> >> >> http://www.w3.org/2000/09/xmldsig#">
>> >> >> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>> >> >> <ds:CanonicalizationMethod
>> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>> >> >> <ds:SignatureMethod Algorithm="
>> >> >> http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns:ds="
>> >> >> http://www.w3.org/2000/09/xmldsig#"/>
>> >> >> <ds:Reference URI=""
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>> >> >> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>> >> >> <ds:Transform Algorithm="
>> >> >> http://www.w3.org/2002/06/xmldsig-filter2" xmlns:ds="
>> >> >> http://www.w3.org/2000/09/xmldsig#">
>> >> >> <dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath="
>> >> >>
>> http://www.w3.org/2002/06/xmldsig-filter2">/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath>
>>
>> >> >> </ds:Transform>
>> >> >> <ds:Transform Algorithm="
>> >> >>
>> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>> >> >> </ds:Transforms>
>> >> >> <ds:DigestMethod
>> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"
>> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>> >> >> <ds:DigestValue xmlns:ds="
>> >> >>
>> http://www.w3.org/2000/09/xmldsig#">ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue>
>>
>> >> >> </ds:Reference>
>> >> >>
>> >> >> </ds:SignedInfo>
>> >> >> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#
>> >> >>
>> ">l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue>
>>
>> >> >> </ds:Signature></HRSignature></hr:Resume>
>> >> >> </hr:Candidate>/
>> >> >>
>> >> >> /
>> >> >> It works pretty well, (the sign and the verification
>> process) but,
>> >> >> when i indent the whole file, the *Signature* element
>> content is
>> >> >> indented too and the validation process fails.
>> >> >>
>> >> >> is there any way to canonice the Signature element? is this a
>> >> >> common problem? how can i solve this?
>> >> >>
>> >> >>
>> >> >> thank you!
>> >> >>
>> >> >> pd: i'm new in this mailing list, and sorry if this issue was
>> >> >> commented before./
>> >> >>
>> >> >> --
>> >> >> ;-)
>> >> >> ____________________________________
>> >> >> Jorge Martin Cuervo
>> >> >> Analista Programador
>> >> >>
>> >> >> Outsourcing Emarketplace
>> >> >> deFacto Powered by Standards
>> >> >>
>> >> >> email <
>> >> >> jorge.martin@defactops.com <ma...@defactops.com>>
>> >> >> voz +34 985 129 820
>> >> >> voz +34 660 026 384
>> >> >> ____________________________________
>> >> >>
>> >> >> /
>> >> >>
>> >> >>
>> >> >> -- //
>> >> >> http://r-bg.com/
>> >> >
>> >> > --
>> >> > ;-)
>> >> > ____________________________________
>> >> > Jorge Martin Cuervo
>> >> > Analista Programador
>> >> >
>> >> > Outsourcing Emarketplace
>> >> > deFacto Powered by Standards
>> >> >
>> >> > email <jo...@defactops.com>
>> >> > voz +34 985 129 820
>> >> > voz +34 660 026 384
>> >> > ____________________________________
>> >> > /
>> >
>> > --
>> > ;-)
>> > ____________________________________
>> > Jorge Martin Cuervo
>> > Analista Programador
>> >
>> > Outsourcing Emarketplace
>> > deFacto Powered by Standards
>> >
>> > email <jo...@defactops.com>
>> > voz +34 985 129 820
>> > voz +34 660 026 384
>> > ____________________________________
>> >
>> >
>>
>
>
Re: signature elements indent
Posted by Raul Benito <ra...@apache.org>.
We have a feature request like this in the bugzilla DB. If anyone want
to take it, and send the patchs, feel free.
On 2/13/07, Berin Lautenbach <be...@wingsofhermes.org> wrote:
> I'm not sure what can be done in the Java library to control or turn off
> indenting.
>
> Anyone else able to assist?
>
> Cheers,
> Berin
>
> Jorge Martín Cuervo wrote:
> > Hi Berin,
> >
> >
> > Maybe for me, a solution would be eliminate all line feeds and carriage
> > returns in the Signature element. So, the xml can be indented and before
> > the validation i can clean up again this LF/CR.
> >
> > is it posible? is there any posibility to configure the API like this?
> >
> > thanks again!
> >
> >
> > El mar, 13 de 02 de 2007 a las 09:32, Berin Lautenbach escribió:
> >> /You need to do your indenting before you sign, which means you can
> >> really only indent your own XML prior to attaching the signature node.
> >> The library handles the indenting of the <Signature> elements. Off the
> >> top of my head I'm not sure how much control you can have of that for
> >> the Java library. For the C++ library you can turn indenting on and
> >> off, but when it's on there no way to tell it how to indent.
> >>
> >> The merlin signature below was all indented before the final signature
> >> was made. If you were to change even one space in the indenting, the
> >> signature would fail.
> >>
> >> Cheers,
> >> Berin
> >>
> >> Jorge Martín Cuervo wrote:
> >> > Hola Raul
> >> >
> >> > i understand, but after check the xml files used in the samples i found
> >> > several like this in merlin directory:
> >> >
> >> > <?xml version="1.0" encoding="UTF-8"?>
> >> > <Signature xmlns="//http://www.w3.org/2000/09/xmldsig#">
> >> > <SignedInfo>
> >> > <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> >> > <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> >> > <Reference URI="http://www.w3.org/TR/xml-stylesheet">
> >> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> >> > <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
> >> > </Reference>
> >> > </SignedInfo>
> >> > <SignatureValue>
> >> > KTe1H5Hjp8hwahNFoUqHDuPJNNqhS1U3BBBH5/gByItNIwV18nMiLq4KunzFnOqD
> >> > xzTuO0/T+wsoYC1xOEuCDxyIujNCaJfLh+rCi5THulnc8KSHHEoPQ+7fA1VjmO31
> >> > 2iw1iENOi7m//wzKlIHuxZCJ5nvolT21PV6nSE4DHlA=
> >> > </SignatureValue>
> >> > <KeyInfo>
> >> > <KeyName>Lugh</KeyName>
> >> > </KeyInfo>
> >> > </Signature>
> >> >
> >> > I seems to be indented, and (i supose) still works. How did Merlin get
> >> > that signatures?
> >> >
> >> > thanks
> >> >
> >> > El lun, 12 de 02 de 2007 a las 18:32, Raul Benito escribió:
> >> >> /Hola Jorge,
> >> >>
> >> >> Sorry no luck, If you change the signature it will be void. No matter
> >> >> what books have told, spaces are an important part of the XML. And it
> >> >> means a lot. You cannot change it without changing the signature.
> >> >>
> >> >> Regards,
> >> >>
> >> >> Raul
> >> >>
> >> >> On 12 Feb 2007 12:00:20 +0100, *Jorge Martín Cuervo*
> >> >> <//jorge.martin@defactops.com <ma...@defactops.com>>
> >> >> wrote: /
> >> >>
> >> >> / Hi all,
> >> >>
> >> >> I want to create a signature inside an xml file, i use several
> >> >> transforms to get a portion of the original xml with xpath, and to
> >> >> canonize. I decided to don't attach the public keys.
> >> >>
> >> >>
> >> >> /
> >> >>
> >> >> /<?xml version="1.0" encoding="UTF-8"?>
> >> >> <hr:Candidate xmlns:df="http://defactops.com" xmlns:hr="http://ns.hr-xml.org/2004-08-02" xmlns:xs="
> >> >> http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> >> >> <hr:CandidateRecordInfo>
> >> >> <hr:Id>
> >> >> <hr:IdValue name="id">1158138667963</hr:IdValue>
> >> >> </hr:Id>
> >> >> <hr:Id>
> >> >> <hr:IdValue name="version">
> >> >> 0.9.0</hr:IdValue>
> >> >> </hr:Id>
> >> >> <hr:Id>
> >> >> <hr:IdValue name="model">0.9.0</hr:IdValue>
> >> >> </hr:Id>
> >> >> <hr:Id>
> >> >> <hr:IdValue name="host">
> >> >> 127.0.0.1 <http://127.0.0.1></hr:IdValue <http://127.0.0.1></hr:IdValue>>
> >> >> </hr:Id>
> >> >> </hr:CandidateRecordInfo>
> >> >> <hr:CandidateProfile>
> >> >>
> >> >> [...]
> >> >> </hr:UserArea>
> >> >> <HRSignature id="protean-xmldsig-01"><ds:Signature xmlns:ds="
> >> >> http://www.w3.org/2000/09/xmldsig#">
> >> >> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> >> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >> >> <ds:SignatureMethod Algorithm="
> >> >> http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns:ds="
> >> >> http://www.w3.org/2000/09/xmldsig#"/>
> >> >> <ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> >> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> >> <ds:Transform Algorithm="
> >> >> http://www.w3.org/2002/06/xmldsig-filter2" xmlns:ds="
> >> >> http://www.w3.org/2000/09/xmldsig#">
> >> >> <dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath="
> >> >> http://www.w3.org/2002/06/xmldsig-filter2">/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath>
> >> >> </ds:Transform>
> >> >> <ds:Transform Algorithm="
> >> >> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >> >> </ds:Transforms>
> >> >> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >> >> <ds:DigestValue xmlns:ds="
> >> >> http://www.w3.org/2000/09/xmldsig#">ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue>
> >> >> </ds:Reference>
> >> >>
> >> >> </ds:SignedInfo>
> >> >> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#
> >> >> ">l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue>
> >> >> </ds:Signature></HRSignature></hr:Resume>
> >> >> </hr:Candidate>/
> >> >>
> >> >> /
> >> >> It works pretty well, (the sign and the verification process) but,
> >> >> when i indent the whole file, the *Signature* element content is
> >> >> indented too and the validation process fails.
> >> >>
> >> >> is there any way to canonice the Signature element? is this a
> >> >> common problem? how can i solve this?
> >> >>
> >> >>
> >> >> thank you!
> >> >>
> >> >> pd: i'm new in this mailing list, and sorry if this issue was
> >> >> commented before./
> >> >>
> >> >> --
> >> >> ;-)
> >> >> ____________________________________
> >> >> Jorge Martin Cuervo
> >> >> Analista Programador
> >> >>
> >> >> Outsourcing Emarketplace
> >> >> deFacto Powered by Standards
> >> >>
> >> >> email <
> >> >> jorge.martin@defactops.com <ma...@defactops.com>>
> >> >> voz +34 985 129 820
> >> >> voz +34 660 026 384
> >> >> ____________________________________
> >> >>
> >> >> /
> >> >>
> >> >>
> >> >> -- //
> >> >> http://r-bg.com/
> >> >
> >> > --
> >> > ;-)
> >> > ____________________________________
> >> > Jorge Martin Cuervo
> >> > Analista Programador
> >> >
> >> > Outsourcing Emarketplace
> >> > deFacto Powered by Standards
> >> >
> >> > email <jo...@defactops.com>
> >> > voz +34 985 129 820
> >> > voz +34 660 026 384
> >> > ____________________________________
> >> > /
> >
> > --
> > ;-)
> > ____________________________________
> > Jorge Martin Cuervo
> > Analista Programador
> >
> > Outsourcing Emarketplace
> > deFacto Powered by Standards
> >
> > email <jo...@defactops.com>
> > voz +34 985 129 820
> > voz +34 660 026 384
> > ____________________________________
> >
> >
>
--
http://r-bg.com
Re: signature elements indent
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
I'm not sure what can be done in the Java library to control or turn off
indenting.
Anyone else able to assist?
Cheers,
Berin
Jorge Martín Cuervo wrote:
> Hi Berin,
>
>
> Maybe for me, a solution would be eliminate all line feeds and carriage
> returns in the Signature element. So, the xml can be indented and before
> the validation i can clean up again this LF/CR.
>
> is it posible? is there any posibility to configure the API like this?
>
> thanks again!
>
>
> El mar, 13 de 02 de 2007 a las 09:32, Berin Lautenbach escribió:
>> /You need to do your indenting before you sign, which means you can
>> really only indent your own XML prior to attaching the signature node.
>> The library handles the indenting of the <Signature> elements. Off the
>> top of my head I'm not sure how much control you can have of that for
>> the Java library. For the C++ library you can turn indenting on and
>> off, but when it's on there no way to tell it how to indent.
>>
>> The merlin signature below was all indented before the final signature
>> was made. If you were to change even one space in the indenting, the
>> signature would fail.
>>
>> Cheers,
>> Berin
>>
>> Jorge Martín Cuervo wrote:
>> > Hola Raul
>> >
>> > i understand, but after check the xml files used in the samples i found
>> > several like this in merlin directory:
>> >
>> > <?xml version="1.0" encoding="UTF-8"?>
>> > <Signature xmlns="//http://www.w3.org/2000/09/xmldsig#">
>> > <SignedInfo>
>> > <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
>> > <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>> > <Reference URI="http://www.w3.org/TR/xml-stylesheet">
>> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>> > <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
>> > </Reference>
>> > </SignedInfo>
>> > <SignatureValue>
>> > KTe1H5Hjp8hwahNFoUqHDuPJNNqhS1U3BBBH5/gByItNIwV18nMiLq4KunzFnOqD
>> > xzTuO0/T+wsoYC1xOEuCDxyIujNCaJfLh+rCi5THulnc8KSHHEoPQ+7fA1VjmO31
>> > 2iw1iENOi7m//wzKlIHuxZCJ5nvolT21PV6nSE4DHlA=
>> > </SignatureValue>
>> > <KeyInfo>
>> > <KeyName>Lugh</KeyName>
>> > </KeyInfo>
>> > </Signature>
>> >
>> > I seems to be indented, and (i supose) still works. How did Merlin get
>> > that signatures?
>> >
>> > thanks
>> >
>> > El lun, 12 de 02 de 2007 a las 18:32, Raul Benito escribió:
>> >> /Hola Jorge,
>> >>
>> >> Sorry no luck, If you change the signature it will be void. No matter
>> >> what books have told, spaces are an important part of the XML. And it
>> >> means a lot. You cannot change it without changing the signature.
>> >>
>> >> Regards,
>> >>
>> >> Raul
>> >>
>> >> On 12 Feb 2007 12:00:20 +0100, *Jorge Martín Cuervo*
>> >> <//jorge.martin@defactops.com <ma...@defactops.com>>
>> >> wrote: /
>> >>
>> >> / Hi all,
>> >>
>> >> I want to create a signature inside an xml file, i use several
>> >> transforms to get a portion of the original xml with xpath, and to
>> >> canonize. I decided to don't attach the public keys.
>> >>
>> >>
>> >> /
>> >>
>> >> /<?xml version="1.0" encoding="UTF-8"?>
>> >> <hr:Candidate xmlns:df="http://defactops.com" xmlns:hr="http://ns.hr-xml.org/2004-08-02" xmlns:xs="
>> >> http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> >> <hr:CandidateRecordInfo>
>> >> <hr:Id>
>> >> <hr:IdValue name="id">1158138667963</hr:IdValue>
>> >> </hr:Id>
>> >> <hr:Id>
>> >> <hr:IdValue name="version">
>> >> 0.9.0</hr:IdValue>
>> >> </hr:Id>
>> >> <hr:Id>
>> >> <hr:IdValue name="model">0.9.0</hr:IdValue>
>> >> </hr:Id>
>> >> <hr:Id>
>> >> <hr:IdValue name="host">
>> >> 127.0.0.1 <http://127.0.0.1></hr:IdValue <http://127.0.0.1></hr:IdValue>>
>> >> </hr:Id>
>> >> </hr:CandidateRecordInfo>
>> >> <hr:CandidateProfile>
>> >>
>> >> [...]
>> >> </hr:UserArea>
>> >> <HRSignature id="protean-xmldsig-01"><ds:Signature xmlns:ds="
>> >> http://www.w3.org/2000/09/xmldsig#">
>> >> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>> >> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>> >> <ds:SignatureMethod Algorithm="
>> >> http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns:ds="
>> >> http://www.w3.org/2000/09/xmldsig#"/>
>> >> <ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>> >> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>> >> <ds:Transform Algorithm="
>> >> http://www.w3.org/2002/06/xmldsig-filter2" xmlns:ds="
>> >> http://www.w3.org/2000/09/xmldsig#">
>> >> <dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath="
>> >> http://www.w3.org/2002/06/xmldsig-filter2">/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath>
>> >> </ds:Transform>
>> >> <ds:Transform Algorithm="
>> >> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>> >> </ds:Transforms>
>> >> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>> >> <ds:DigestValue xmlns:ds="
>> >> http://www.w3.org/2000/09/xmldsig#">ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue>
>> >> </ds:Reference>
>> >>
>> >> </ds:SignedInfo>
>> >> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#
>> >> ">l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue>
>> >> </ds:Signature></HRSignature></hr:Resume>
>> >> </hr:Candidate>/
>> >>
>> >> /
>> >> It works pretty well, (the sign and the verification process) but,
>> >> when i indent the whole file, the *Signature* element content is
>> >> indented too and the validation process fails.
>> >>
>> >> is there any way to canonice the Signature element? is this a
>> >> common problem? how can i solve this?
>> >>
>> >>
>> >> thank you!
>> >>
>> >> pd: i'm new in this mailing list, and sorry if this issue was
>> >> commented before./
>> >>
>> >> --
>> >> ;-)
>> >> ____________________________________
>> >> Jorge Martin Cuervo
>> >> Analista Programador
>> >>
>> >> Outsourcing Emarketplace
>> >> deFacto Powered by Standards
>> >>
>> >> email <
>> >> jorge.martin@defactops.com <ma...@defactops.com>>
>> >> voz +34 985 129 820
>> >> voz +34 660 026 384
>> >> ____________________________________
>> >>
>> >> /
>> >>
>> >>
>> >> -- //
>> >> http://r-bg.com/
>> >
>> > --
>> > ;-)
>> > ____________________________________
>> > Jorge Martin Cuervo
>> > Analista Programador
>> >
>> > Outsourcing Emarketplace
>> > deFacto Powered by Standards
>> >
>> > email <jo...@defactops.com>
>> > voz +34 985 129 820
>> > voz +34 660 026 384
>> > ____________________________________
>> > /
>
> --
> ;-)
> ____________________________________
> Jorge Martin Cuervo
> Analista Programador
>
> Outsourcing Emarketplace
> deFacto Powered by Standards
>
> email <jo...@defactops.com>
> voz +34 985 129 820
> voz +34 660 026 384
> ____________________________________
>
>
Re: signature elements indent
Posted by Jorge Martín Cuervo <jo...@defactops.com>.
Hi Berin,
Maybe for me, a solution would be eliminate all line feeds and carriage
returns in the Signature element. So, the xml can be indented and before
the validation i can clean up again this LF/CR.
is it posible? is there any posibility to configure the API like this?
thanks again!
El mar, 13 de 02 de 2007 a las 09:32, Berin Lautenbach escribió:
> You need to do your indenting before you sign, which means you can
> really only indent your own XML prior to attaching the signature node.
> The library handles the indenting of the <Signature> elements. Off the
> top of my head I'm not sure how much control you can have of that for
> the Java library. For the C++ library you can turn indenting on and
> off, but when it's on there no way to tell it how to indent.
>
> The merlin signature below was all indented before the final signature
> was made. If you were to change even one space in the indenting, the
> signature would fail.
>
> Cheers,
> Berin
>
> Jorge Martín Cuervo wrote:
> > Hola Raul
> >
> > i understand, but after check the xml files used in the samples i found
> > several like this in merlin directory:
> >
> > <?xml version="1.0" encoding="UTF-8"?>
> > <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> > <SignedInfo>
> > <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> > <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> > <Reference URI="http://www.w3.org/TR/xml-stylesheet">
> > <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> > <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
> > </Reference>
> > </SignedInfo>
> > <SignatureValue>
> > KTe1H5Hjp8hwahNFoUqHDuPJNNqhS1U3BBBH5/gByItNIwV18nMiLq4KunzFnOqD
> > xzTuO0/T+wsoYC1xOEuCDxyIujNCaJfLh+rCi5THulnc8KSHHEoPQ+7fA1VjmO31
> > 2iw1iENOi7m//wzKlIHuxZCJ5nvolT21PV6nSE4DHlA=
> > </SignatureValue>
> > <KeyInfo>
> > <KeyName>Lugh</KeyName>
> > </KeyInfo>
> > </Signature>
> >
> > I seems to be indented, and (i supose) still works. How did Merlin get
> > that signatures?
> >
> > thanks
> >
> > El lun, 12 de 02 de 2007 a las 18:32, Raul Benito escribió:
> >> /Hola Jorge,
> >>
> >> Sorry no luck, If you change the signature it will be void. No matter
> >> what books have told, spaces are an important part of the XML. And it
> >> means a lot. You cannot change it without changing the signature.
> >>
> >> Regards,
> >>
> >> Raul
> >>
> >> On 12 Feb 2007 12:00:20 +0100, *Jorge Martín Cuervo*
> >> <//jorge.martin@defactops.com <ma...@defactops.com>>
> >> wrote: /
> >>
> >> / Hi all,
> >>
> >> I want to create a signature inside an xml file, i use several
> >> transforms to get a portion of the original xml with xpath, and to
> >> canonize. I decided to don't attach the public keys.
> >>
> >>
> >> /
> >>
> >> /<?xml version="1.0" encoding="UTF-8"?>
> >> <hr:Candidate xmlns:df="http://defactops.com" xmlns:hr="http://ns.hr-xml.org/2004-08-02" xmlns:xs="
> >> http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> >> <hr:CandidateRecordInfo>
> >> <hr:Id>
> >> <hr:IdValue name="id">1158138667963</hr:IdValue>
> >> </hr:Id>
> >> <hr:Id>
> >> <hr:IdValue name="version">
> >> 0.9.0</hr:IdValue>
> >> </hr:Id>
> >> <hr:Id>
> >> <hr:IdValue name="model">0.9.0</hr:IdValue>
> >> </hr:Id>
> >> <hr:Id>
> >> <hr:IdValue name="host">
> >> 127.0.0.1 <http://127.0.0.1></hr:IdValue>
> >> </hr:Id>
> >> </hr:CandidateRecordInfo>
> >> <hr:CandidateProfile>
> >>
> >> [...]
> >> </hr:UserArea>
> >> <HRSignature id="protean-xmldsig-01"><ds:Signature xmlns:ds="
> >> http://www.w3.org/2000/09/xmldsig#">
> >> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >> <ds:SignatureMethod Algorithm="
> >> http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns:ds="
> >> http://www.w3.org/2000/09/xmldsig#"/>
> >> <ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> >> <ds:Transform Algorithm="
> >> http://www.w3.org/2002/06/xmldsig-filter2" xmlns:ds="
> >> http://www.w3.org/2000/09/xmldsig#">
> >> <dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath="
> >> http://www.w3.org/2002/06/xmldsig-filter2">/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath>
> >> </ds:Transform>
> >> <ds:Transform Algorithm="
> >> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >> </ds:Transforms>
> >> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> >> <ds:DigestValue xmlns:ds="
> >> http://www.w3.org/2000/09/xmldsig#">ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue>
> >> </ds:Reference>
> >>
> >> </ds:SignedInfo>
> >> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#
> >> ">l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue>
> >> </ds:Signature></HRSignature></hr:Resume>
> >> </hr:Candidate>/
> >>
> >> /
> >> It works pretty well, (the sign and the verification process) but,
> >> when i indent the whole file, the *Signature* element content is
> >> indented too and the validation process fails.
> >>
> >> is there any way to canonice the Signature element? is this a
> >> common problem? how can i solve this?
> >>
> >>
> >> thank you!
> >>
> >> pd: i'm new in this mailing list, and sorry if this issue was
> >> commented before./
> >>
> >> --
> >> ;-)
> >> ____________________________________
> >> Jorge Martin Cuervo
> >> Analista Programador
> >>
> >> Outsourcing Emarketplace
> >> deFacto Powered by Standards
> >>
> >> email <
> >> jorge.martin@defactops.com <ma...@defactops.com>>
> >> voz +34 985 129 820
> >> voz +34 660 026 384
> >> ____________________________________
> >>
> >> /
> >>
> >>
> >> -- //
> >> http://r-bg.com/
> >
> > --
> > ;-)
> > ____________________________________
> > Jorge Martin Cuervo
> > Analista Programador
> >
> > Outsourcing Emarketplace
> > deFacto Powered by Standards
> >
> > email <jo...@defactops.com>
> > voz +34 985 129 820
> > voz +34 660 026 384
> > ____________________________________
> >
--
;-)
____________________________________
Jorge Martin Cuervo
Analista Programador
Outsourcing Emarketplace
deFacto Powered by Standards
email <jo...@defactops.com>
voz +34 985 129 820
voz +34 660 026 384
____________________________________
Re: signature elements indent
Posted by Berin Lautenbach <be...@wingsofhermes.org>.
You need to do your indenting before you sign, which means you can
really only indent your own XML prior to attaching the signature node.
The library handles the indenting of the <Signature> elements. Off the
top of my head I'm not sure how much control you can have of that for
the Java library. For the C++ library you can turn indenting on and
off, but when it's on there no way to tell it how to indent.
The merlin signature below was all indented before the final signature
was made. If you were to change even one space in the indenting, the
signature would fail.
Cheers,
Berin
Jorge Martín Cuervo wrote:
> Hola Raul
>
> i understand, but after check the xml files used in the samples i found
> several like this in merlin directory:
>
> <?xml version="1.0" encoding="UTF-8"?>
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> <Reference URI="http://www.w3.org/TR/xml-stylesheet">
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue>
> KTe1H5Hjp8hwahNFoUqHDuPJNNqhS1U3BBBH5/gByItNIwV18nMiLq4KunzFnOqD
> xzTuO0/T+wsoYC1xOEuCDxyIujNCaJfLh+rCi5THulnc8KSHHEoPQ+7fA1VjmO31
> 2iw1iENOi7m//wzKlIHuxZCJ5nvolT21PV6nSE4DHlA=
> </SignatureValue>
> <KeyInfo>
> <KeyName>Lugh</KeyName>
> </KeyInfo>
> </Signature>
>
> I seems to be indented, and (i supose) still works. How did Merlin get
> that signatures?
>
> thanks
>
> El lun, 12 de 02 de 2007 a las 18:32, Raul Benito escribió:
>> /Hola Jorge,
>>
>> Sorry no luck, If you change the signature it will be void. No matter
>> what books have told, spaces are an important part of the XML. And it
>> means a lot. You cannot change it without changing the signature.
>>
>> Regards,
>>
>> Raul
>>
>> On 12 Feb 2007 12:00:20 +0100, *Jorge Martín Cuervo*
>> <//jorge.martin@defactops.com <ma...@defactops.com>>
>> wrote: /
>>
>> / Hi all,
>>
>> I want to create a signature inside an xml file, i use several
>> transforms to get a portion of the original xml with xpath, and to
>> canonize. I decided to don't attach the public keys.
>>
>>
>> /
>>
>> /<?xml version="1.0" encoding="UTF-8"?>
>> <hr:Candidate xmlns:df="http://defactops.com" xmlns:hr="http://ns.hr-xml.org/2004-08-02" xmlns:xs="
>> http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
>> <hr:CandidateRecordInfo>
>> <hr:Id>
>> <hr:IdValue name="id">1158138667963</hr:IdValue>
>> </hr:Id>
>> <hr:Id>
>> <hr:IdValue name="version">
>> 0.9.0</hr:IdValue>
>> </hr:Id>
>> <hr:Id>
>> <hr:IdValue name="model">0.9.0</hr:IdValue>
>> </hr:Id>
>> <hr:Id>
>> <hr:IdValue name="host">
>> 127.0.0.1 <http://127.0.0.1></hr:IdValue>
>> </hr:Id>
>> </hr:CandidateRecordInfo>
>> <hr:CandidateProfile>
>>
>> [...]
>> </hr:UserArea>
>> <HRSignature id="protean-xmldsig-01"><ds:Signature xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#">
>> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>> <ds:SignatureMethod Algorithm="
>> http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#"/>
>> <ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
>> <ds:Transform Algorithm="
>> http://www.w3.org/2002/06/xmldsig-filter2" xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#">
>> <dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath="
>> http://www.w3.org/2002/06/xmldsig-filter2">/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath>
>> </ds:Transform>
>> <ds:Transform Algorithm="
>> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>> </ds:Transforms>
>> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
>> <ds:DigestValue xmlns:ds="
>> http://www.w3.org/2000/09/xmldsig#">ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue>
>> </ds:Reference>
>>
>> </ds:SignedInfo>
>> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#
>> ">l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue>
>> </ds:Signature></HRSignature></hr:Resume>
>> </hr:Candidate>/
>>
>> /
>> It works pretty well, (the sign and the verification process) but,
>> when i indent the whole file, the *Signature* element content is
>> indented too and the validation process fails.
>>
>> is there any way to canonice the Signature element? is this a
>> common problem? how can i solve this?
>>
>>
>> thank you!
>>
>> pd: i'm new in this mailing list, and sorry if this issue was
>> commented before./
>>
>> --
>> ;-)
>> ____________________________________
>> Jorge Martin Cuervo
>> Analista Programador
>>
>> Outsourcing Emarketplace
>> deFacto Powered by Standards
>>
>> email <
>> jorge.martin@defactops.com <ma...@defactops.com>>
>> voz +34 985 129 820
>> voz +34 660 026 384
>> ____________________________________
>>
>> /
>>
>>
>> -- //
>> http://r-bg.com/
>
> --
> ;-)
> ____________________________________
> Jorge Martin Cuervo
> Analista Programador
>
> Outsourcing Emarketplace
> deFacto Powered by Standards
>
> email <jo...@defactops.com>
> voz +34 985 129 820
> voz +34 660 026 384
> ____________________________________
>
Re: signature elements indent
Posted by Jorge Martín Cuervo <jo...@defactops.com>.
Hola Raul
i understand, but after check the xml files used in the samples i found
several like this in merlin directory:
<?xml version="1.0" encoding="UTF-8"?>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
<SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
<Reference URI="http://www.w3.org/TR/xml-stylesheet">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
<DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>
KTe1H5Hjp8hwahNFoUqHDuPJNNqhS1U3BBBH5/gByItNIwV18nMiLq4KunzFnOqD
xzTuO0/T+wsoYC1xOEuCDxyIujNCaJfLh+rCi5THulnc8KSHHEoPQ+7fA1VjmO31
2iw1iENOi7m//wzKlIHuxZCJ5nvolT21PV6nSE4DHlA=
</SignatureValue>
<KeyInfo>
<KeyName>Lugh</KeyName>
</KeyInfo>
</Signature>
I seems to be indented, and (i supose) still works. How did Merlin get
that signatures?
thanks
El lun, 12 de 02 de 2007 a las 18:32, Raul Benito escribió:
> Hola Jorge,
>
> Sorry no luck, If you change the signature it will be void. No matter
> what books have told, spaces are an important part of the XML. And it
> means a lot. You cannot change it without changing the signature.
>
> Regards,
>
> Raul
>
> On 12 Feb 2007 12:00:20 +0100, Jorge Martín Cuervo
> <jo...@defactops.com> wrote:
>
> Hi all,
>
> I want to create a signature inside an xml file, i use several
> transforms to get a portion of the original xml with xpath,
> and to canonize. I decided to don't attach the public keys.
>
>
>
> <?xml version="1.0" encoding="UTF-8"?>
> <hr:Candidate xmlns:df="http://defactops.com" xmlns:hr="http://ns.hr-xml.org/2004-08-02" xmlns:xs="
> http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <hr:CandidateRecordInfo>
> <hr:Id>
> <hr:IdValue name="id">1158138667963</hr:IdValue>
> </hr:Id>
> <hr:Id>
> <hr:IdValue name="version">
> 0.9.0</hr:IdValue>
> </hr:Id>
> <hr:Id>
> <hr:IdValue name="model">0.9.0</hr:IdValue>
> </hr:Id>
> <hr:Id>
> <hr:IdValue name="host">
> 127.0.0.1</hr:IdValue>
> </hr:Id>
> </hr:CandidateRecordInfo>
> <hr:CandidateProfile>
>
> [...]
> </hr:UserArea>
> <HRSignature id="protean-xmldsig-01"><ds:Signature xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> <ds:SignatureMethod Algorithm="
> http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#"/>
> <ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:Transform Algorithm="
> http://www.w3.org/2002/06/xmldsig-filter2" xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#">
> <dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath="
> http://www.w3.org/2002/06/xmldsig-filter2">/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath>
> </ds:Transform>
> <ds:Transform Algorithm="
> http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> <ds:DigestValue xmlns:ds="
> http://www.w3.org/2000/09/xmldsig#">ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue>
> </ds:Reference>
>
> </ds:SignedInfo>
> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#
> ">l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue>
> </ds:Signature></HRSignature></hr:Resume>
> </hr:Candidate>
>
>
> It works pretty well, (the sign and the verification process)
> but, when i indent the whole file, the Signature element
> content is indented too and the validation process fails.
>
> is there any way to canonice the Signature element? is this a
> common problem? how can i solve this?
>
>
> thank you!
>
> pd: i'm new in this mailing list, and sorry if this issue was
> commented before.
> --
> ;-)
> ____________________________________
> Jorge Martin Cuervo
> Analista Programador
>
> Outsourcing Emarketplace
> deFacto Powered by Standards
>
> email <
> jorge.martin@defactops.com>
> voz +34 985 129 820
> voz +34 660 026 384
> ____________________________________
>
>
>
>
> --
> http://r-bg.com
--
;-)
____________________________________
Jorge Martin Cuervo
Analista Programador
Outsourcing Emarketplace
deFacto Powered by Standards
email <jo...@defactops.com>
voz +34 985 129 820
voz +34 660 026 384
____________________________________
Re: signature elements indent
Posted by Raul Benito <ra...@apache.org>.
Hola Jorge,
Sorry no luck, If you change the signature it will be void. No matter what
books have told, spaces are an important part of the XML. And it means a
lot. You cannot change it without changing the signature.
Regards,
Raul
On 12 Feb 2007 12:00:20 +0100, Jorge Martín Cuervo <
jorge.martin@defactops.com> wrote:
>
> Hi all,
>
> I want to create a signature inside an xml file, i use several transforms
> to get a portion of the original xml with xpath, and to canonize. I decided
> to don't attach the public keys.
>
> <?xml version="1.0" encoding="UTF-8"?>
> <hr:Candidate xmlns:df="http://defactops.com" xmlns:hr="http://ns.hr-xml.org/2004-08-02" xmlns:xs="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
> <hr:CandidateRecordInfo>
> <hr:Id>
> <hr:IdValue name="id">1158138667963</hr:IdValue>
> </hr:Id>
> <hr:Id>
> <hr:IdValue name="version">0.9.0</hr:IdValue>
> </hr:Id>
> <hr:Id>
> <hr:IdValue name="model">0.9.0</hr:IdValue>
> </hr:Id>
> <hr:Id>
> <hr:IdValue name="host">127.0.0.1</hr:IdValue>
> </hr:Id>
> </hr:CandidateRecordInfo>
> <hr:CandidateProfile>
> [...]
> </hr:UserArea>
> <HRSignature id="protean-xmldsig-01"><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:SignedInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> <ds:Reference URI="" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:Transforms xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
> <dsig-xpath:XPath Filter="intersect" xmlns:dsig-xpath="http://www.w3.org/2002/06/xmldsig-filter2">/hr:Candidate/hr:CandidateRecordInfo</dsig-xpath:XPath>
> </ds:Transform>
> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns:ds="http://www.w3.org/2000/09/xmldsig#"/>
> <ds:DigestValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">ICBDC9GdWcp8S373I1jlKCilSbI=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue xmlns:ds="http://www.w3.org/2000/09/xmldsig#">l0N6Ll3/tlSoBz26QdIHyWMA1D95xcPClBz8oy8y7Oj69QQxTVF9GA==</ds:SignatureValue>
> </ds:Signature></HRSignature></hr:Resume>
> </hr:Candidate>
>
>
>
> It works pretty well, (the sign and the verification process) but, when i
> indent the whole file, the *Signature* element content is indented too and
> the validation process fails.
>
> is there any way to canonice the Signature element? is this a common
> problem? how can i solve this?
>
>
> thank you!
>
> pd: i'm new in this mailing list, and sorry if this issue was commented
> before.
>
> --
> ;-)
> ____________________________________
> Jorge Martin Cuervo
> Analista Programador
>
> Outsourcing Emarketplace
> deFacto Powered by Standards
>
> email <jo...@defactops.com>
> voz +34 985 129 820
> voz +34 660 026 384
> ____________________________________
>
>
--
http://r-bg.com