#10 Use XML C14n canonical form for all outgoing messages

Затворено
отворено пре 4 година од stan · 2 коментара
Stan Janssen коментирира пре 4 година

The XML signature applies to the XML message in its C14n Canonical Form. We might as well make sure that the message templates already are in this form, to ease the signing process.

This does not guarantee that incoming messages will be in canonical form, however, so their should be a way to convert any message to its canonical form.

If this proves too difficult, we might as well rely on lxml for this process. I want to see whether we can do without this extra decode-encode step.

The XML signature applies to the XML message in its C14n Canonical Form. We might as well make sure that the message templates already are in this form, to ease the signing process. This does not guarantee that incoming messages will be in canonical form, however, so their should be a way to convert any message to its canonical form. If this proves too difficult, we might as well rely on `lxml` for this process. I want to see whether we can do without this extra decode-encode step.
Stan Janssen коментирира пре 4 година
Власник

Excellent write-up of the required steps to normalization: https://www.di-mgt.com.au/xmldsig-c14n.html

Excellent write-up of the required steps to normalization: https://www.di-mgt.com.au/xmldsig-c14n.html
Stan Janssen коментирира пре 4 година
Власник

So this turns out to be more of a hassle than I thought. Also, the standard-library xml.etree.ElementTree module contains a canonicalize method that takes a string and produces the canonical output without constructing an XML tree, which looks like what we need. Let's use that.

So this turns out to be more of a hassle than I thought. Also, the standard-library `xml.etree.ElementTree` module contains a `canonicalize` method that takes a string and produces the canonical output without constructing an XML tree, which looks like what we need. Let's use that.
stan затворено пре 4 година
Пријавите се да се прикључе у овом разговору.
Нема лабеле
Нема фазе
Нема одговорних
1 учесника
Учитавање...
Откажи
Сачувај
Још нема садржаја.