Uploaded image for project: 'Red Hat Fuse'
  1. Red Hat Fuse
  2. ENTESB-15009

XMLSecurity drops whitespace after XML header

XMLWordPrintable

    • False
    • False
    • % %
    • build5
    • Undefined

      A message like this

      <?xml version="1.0" encoding="UTF-8"?>
      <root xmlns="http://test/test"><test>Hello Kermit</test></root>
      

      is transformed into a signed message like this ...

      <?xml version="1.0" encoding="UTF-8"?><ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#" Id="_10ba7ccb-5452-4fae-a9f7-9b1afc05c2ed"><ds:SignedInfo><ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><ds:Reference URI="#_279cd1ca-7bfa-4247-a348-38745aad8c14"><ds:Transforms><ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></ds:Transforms><ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><ds:DigestValue>CIZCRLSXi+k5BdIq8+iKjjGduj8=</ds:DigestValue></ds:Reference></ds:SignedInfo><ds:SignatureValue>Oj7q3hV3hZr2o/aiD8kdeiNgsETpf1qFDnaEs0DHDfn4GokIO0vl48yDowsRii3uEkiUtlPUIJTzZAXeVVjYnM7B7IfnLNfG0Xa/i7xreO6geI0KVqpjRXSyCeHi+F/BzlqmmiSrqblGWF+3Jna7rPtBdOm7VwvbmlYY4tCHrZE=</ds:SignatureValue><ds:Object Id="_279cd1ca-7bfa-4247-a348-38745aad8c14"><root xmlns="http://test/test"><test>Hello Kermit</test></root></ds:Object></ds:Signature>
      

      Note, that the white space between the XML header and the root element is lost. As a result a string comparison of the entire payload will fail.

      I suppose that this is not a problem, but recorded here as a point of reference.

              tdiesler@redhat.com Thomas Diesler
              tdiesler@redhat.com Thomas Diesler
              Zheng Feng Zheng Feng
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: