The XML signature applies to the XML message in its C14n Canonical Form. We might as well make sure that the message templates already are in this form, to ease the signing process.
This does not guarantee that incoming messages will be in canonical form, however, so their should be a way to convert any message to its canonical form.
If this proves too difficult, we might as well rely on lxml for this process. I want to see whether we can do without this extra decode-encode step.
The XML signature applies to the XML message in its C14n Canonical Form. We might as well make sure that the message templates already are in this form, to ease the signing process.
This does not guarantee that incoming messages will be in canonical form, however, so their should be a way to convert any message to its canonical form.
If this proves too difficult, we might as well rely on `lxml` for this process. I want to see whether we can do without this extra decode-encode step.
So this turns out to be more of a hassle than I thought. Also, the standard-library xml.etree.ElementTree module contains a canonicalize method that takes a string and produces the canonical output without constructing an XML tree, which looks like what we need. Let's use that.
So this turns out to be more of a hassle than I thought. Also, the standard-library `xml.etree.ElementTree` module contains a `canonicalize` method that takes a string and produces the canonical output without constructing an XML tree, which looks like what we need. Let's use that.
The XML signature applies to the XML message in its C14n Canonical Form. We might as well make sure that the message templates already are in this form, to ease the signing process.
This does not guarantee that incoming messages will be in canonical form, however, so their should be a way to convert any message to its canonical form.
If this proves too difficult, we might as well rely on
lxmlfor this process. I want to see whether we can do without this extra decode-encode step.Excellent write-up of the required steps to normalization: https://www.di-mgt.com.au/xmldsig-c14n.html
So this turns out to be more of a hassle than I thought. Also, the standard-library
xml.etree.ElementTreemodule contains acanonicalizemethod that takes a string and produces the canonical output without constructing an XML tree, which looks like what we need. Let's use that.