[xmlsec] using SAX with xmlsec
Julianne Bielski
bielsk at us.ibm.com
Tue Oct 14 12:45:20 PDT 2003
Looks like my problem might be with libxml2, not libxmlsec.
I use xmlSaveFile to serialize a document containing my signature, and it
cuts off everything that's base64-encoded when it encounters a space
character.
Instead of
<P>
/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9s
ubVWzXgTuAHTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bT
xR7DAjVUE1oWkTL2dfOuK2HXKu/yIgMZndFIAcc=
</P>
it gives me
<P>
/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9s</P>
-- Regards,
J. Bielski
Aleksey Sanin <aleksey at aleksey.com>
10/14/2003 02:34 PM
To: Julianne Bielski/Raleigh/IBM at IBMUS
cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] using SAX with xmlsec
I don't know how to you build the <dsig:Signature/> node thus I can only
guess.
And I would bet that you have some namespaces defined in the document
before this node. Try to use exclusive C14N in
<dsig:CanonicalizationMethod/>
instead of the regular canonicalization. But I can promise you nothing.
xmlsec
is not designed to work in this mode.
Aleksey
Julianne Bielski wrote:
I have put two templates in the same doc, one a detached, one an
enveloped.
I build each template dynamically as a small DOM tree since I'm using a
SAX parser for performance. I pass the individual Signature nodes in, as
well as the document containing the templates and my untrusted cert file
name.
I cannot get the detached signature to verify unless the template is in a
stand-alone file with the signature node at the root and use
xmlSecFindNode to derive the node. In other words, the node I pass in does
not work, even if the Signature is the only thing in the file.
-- Regards
J. Bielski
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20031014/5a027fe7/attachment.htm
More information about the xmlsec
mailing list