1

I'm using

import org.apache.xml.security.c14n.Canonicalizer;

in my code, and the line used to Canonicalize the signature looks like this:

outputStream.write(Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS).canonicalizeSubtree(doc));

My problem is that this method leaves me with an XML file canonicalized using Method http://www.w3.org/TR/2001/REC-xml-c14n-20010315 while http://www.w3.org/2001/10/xml-exc-c14n# is what I'm being asked to do.

So, as someone absolutely new to the world of digital signatures and the like: is there a quick and easy fix I could do to achieve the desired result?

Prothy
  • 47
  • 2
  • 7

1 Answers1

2

You need to specify a canonicalization method that excludes XML comments, in this case ALGO_ID_C14N_EXCL_OMIT_COMMENTS, which translates to http://www.w3.org/2001/10/xml-exc-c14n#.

More details on the Apache Santuario library's constant field values overview.

Robby Cornelissen
  • 91,784
  • 22
  • 134
  • 156
  • While this seems to make sense, I changed the line in the code (when I hover over it, even Eclipse says that Canonicalization Method is now ```http://www.w3.org/2001/10/xml-exc-c14n#```), but the XML output file looks identical to the one generated with the unchanged code, and it still says that it's using ```http://www.w3.org/TR/2001/REC-xml-c14n-20010315``` Method. What am I doing wrong? – Prothy Sep 30 '21 at 10:18
  • No idea. Double check that you compiled your changes and that you're looking at the right XML file. – Robby Cornelissen Sep 30 '21 at 10:26
  • 1
    While the problem described above persisted, I found out I am not the only person having it, but no solution is to be found yet. Since I dedicated another post to it, I will be marking this answer as the correct one since it should have solved the problem by all means, while something else seems to be causing it. – Prothy Oct 06 '21 at 17:22