[XML-SIG] c14n attribute ordering problem?
Keith Beattie
KSBeattie at lbl.gov
Tue Sep 30 21:21:04 EDT 2003
Hi all,
Based on my reading of the c14n spec and observations of xmlsec, it appears that PyXML's c14n isn't ordering attributes properly when operating on a sub-node. Or I'm confused. Attached is a demonstration program.
# What I expect:
$ python2.3 c14n_test.py
<dsig:SignedInfo xmlns="urn:envelope" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"></dsig:SignedInfo>
# What I get:
$ python2.3 c14n_test.py
<dsig:SignedInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns="urn:envelope"></dsig:SignedInfo>
Note the difference in ordering of the 'xmlns:dsig' and 'xmlns' attributes. As I understand it, the default xmlns element should come first, which it does if not operating on a child element and when looking at the detailed output of xmlsec (when signing a proper signature template which this example is a simplified version of).
Am I doing something wrong here? Or are PyXML and libxml2 are c14n'ing differently, which (since I'm working with XML digital signatures) would be a real problem...
Thanks,
ksb
-------------- next part --------------
from xml.dom import minidom
from xml.dom.ext import c14n
from xml.ns import DSIG
doc_string = """<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="urn:envelope">
<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:SignedInfo/>
</dsig:Signature>
</Envelope>"""
dom = minidom.parseString(doc_string)
sigInfo_el = dom.getElementsByTagNameNS(DSIG.BASE, 'SignedInfo')[0]
sigInfo_c14n = c14n.Canonicalize(sigInfo_el)
print sigInfo_c14n
More information about the XML-SIG
mailing list