[xmlsec] Whitespace issues when creating an XML document
aleksey at aleksey.com
Mon May 26 13:55:59 PDT 2008
Again, you *can* add spaces yourself when you construct XML dom tree.
Dave Chapman wrote:
> Thanks for the reply.
> I'm fully aware of the significance of whitespace, and the issue isn't
> that I want "formatted" XML, it's that I want libxml2 to have the same
> representation in RAM as the file will be when it is later written to
> disk - so I can reliably create a signature for it.
> But if there's no known solution to that (apart from saving to disk and
> re-reading), then I guess I'll need to take it to the libxml2 devs.
> Aleksey Sanin wrote:
>> 1) Spaces are important in XML and XMLDSig
>> 2) If you want to have "formatted" XML then you have to add spaces.
>> 3) Sorry, but there is no way around it.
>> Dave Chapman wrote:
>>> I've ran into a problem when trying to create and verify a signature
>>> for an XML document created in RAM, but haven't been able to find any
>>> reports of others having similar problems, or any nicer solution than
>>> the workaround I've used. Most examples/questions seem to relate to
>>> adding signatures to already existing XML documents.
>>> The signing code my program uses is based on the sign3.c example, and
>>> the verification is based on verify3.c.
>>> My program did the following, and the resulting document failed to
>>> verify (data and digest mismatch):
>>> 1) Create the XML document to be signed in RAM using the libxml2
>>> functions xmlNewNode, xmlAddChild, xmlAddProp etc
>>> 2) Sign the document with xmlSecDSigCtxSign()
>>> 3) Write the document to disk with xmlSaveFormatFileEnc()
>>> If I added the verification code to this program between steps 2) and
>>> 3), instead of in a second program, then the verification worked.
>>> This lead me to the conclusion that the issue was with libxml2 adding
>>> whitespace to the document when saving it to disk.
>>> Adding the workaround of saving the created document to disk, and
>>> then reloading it before calculating and adding the signature fixed
>>> the problem, but I'm hoping there's a nicer solution that avoids this
>>> extra write/read step.
>>> This is possibly more of a libxml2 question than xmlsec, but I'm
>>> hoping that someone here has solved this problem previously, and that
>>> having the question in the xmlsec mail archives will help others.
>>> xmlsec mailing list
>>> xmlsec at aleksey.com
> xmlsec mailing list
> xmlsec at aleksey.com
More information about the xmlsec