#10 Use XML C14n canonical form for all outgoing messages

Затворени
отворен преди 4 години от stan · 2 коментара

The XML signature applies to the XML message in its C14n Canonical Form. We might as well make sure that the message templates already are in this form, to ease the signing process.

This does not guarantee that incoming messages will be in canonical form, however, so their should be a way to convert any message to its canonical form.

If this proves too difficult, we might as well rely on lxml for this process. I want to see whether we can do without this extra decode-encode step.

The XML signature applies to the XML message in its C14n Canonical Form. We might as well make sure that the message templates already are in this form, to ease the signing process. This does not guarantee that incoming messages will be in canonical form, however, so their should be a way to convert any message to its canonical form. If this proves too difficult, we might as well rely on `lxml` for this process. I want to see whether we can do without this extra decode-encode step.
Stan Janssen коментира преди 4 години
Притежател

Excellent write-up of the required steps to normalization: https://www.di-mgt.com.au/xmldsig-c14n.html

Excellent write-up of the required steps to normalization: https://www.di-mgt.com.au/xmldsig-c14n.html
Stan Janssen коментира преди 4 години
Притежател

So this turns out to be more of a hassle than I thought. Also, the standard-library xml.etree.ElementTree module contains a canonicalize method that takes a string and produces the canonical output without constructing an XML tree, which looks like what we need. Let's use that.

So this turns out to be more of a hassle than I thought. Also, the standard-library `xml.etree.ElementTree` module contains a `canonicalize` method that takes a string and produces the canonical output without constructing an XML tree, which looks like what we need. Let's use that.
Впишете се за да се присъедините към разговора.
Няма етикет
Няма етап
Няма изпълнител
1 участника
Зареждане...
Отказ
Запис
Все още няма съдържание.