[xmlsec] Invalid Signature - possible whitespace handling problem
Aleksey Sanin
aleksey at aleksey.com
Thu Nov 20 14:33:43 PST 2003
>in the good one has all white space preserved and intact. That is
>all tabs and carriage returns are left intact. Exactly as XMLSec
>returns it. The bad <ds:Signature ...> block has had xml white
>space handling performed on it after it was returned from XMLSec, by
>InfoPath :( . That is carriage returns and tabs have been removed and
>most of the lines are now strung out on 1 line.
>
>
I believe Rich already answered you but let me summarize. You have a
Document signed
by XMLSec. After that you perform *some* changes in the document. And
signature
verification fails. Digital signatures are used to detect *exactly* that
situation. And I think
everything happens "as expected".
But since you are asking this question, I guess you think that
adding/removing tabs or
spaces is not a big deal for XML. However, this is *not* the case.
Whitespaces are important!
For example, consider these two XML fragments:
1)
<WelcomeMessage>Hello, user!</WelcomeMessage>
2)
<WelcomeMessage>
Hello, user!
</WelcomeMessage>
It might have happened that someone *intentionally* left spaces to move
"Hello, user!' string
N chars from left side. XML has no way of knowing that.
Aleksey
More information about the xmlsec
mailing list