how to support old CanonicalizationMethod ?

Question

how to support old CanonicalizationMethod ?

chenghonour opened this issue 4 years ago · 7 comments

For some reasons, the following algorithm must be used in the project
http://www.w3.org/TR/2001/REC-xml-c14n-20010315

Answer 1 · 2020-04-15T14:58:50.000Z

I ran into the same problem. The version you're trying to use is 1.0 which is now outdated. The new 1.1 version is backward compatible and is supported by this library. Swap the URL for the new one (http://www.w3.org/2001/10/xml-exc-c14n#) and sign the document, everything should work fine.

In some cases, you will need to change the URL back again to the old one (http://www.w3.org/TR/2001/REC-xml-c14n-20010315) after signing for schema compatibility.

EDIT: Changed the URL from https://www.w3.org/TR/xml-c14n/ to http://www.w3.org/2001/10/xml-exc-c14n#. See below.

Answer 2 · 2020-04-15T15:13:09.000Z

@CamiloHernandez but https://www.w3.org/TR/xml-c14n/ is not in the support list..it run out a unsupported error

Answer 3 · 2020-04-15T16:09:50.000Z

Whops, sorry. Misread the question.

Ok, so you are trying to use plain Canonicalization but as far as I can see this library only supports Exclusive Canonicalization, which means that it "excludes ancestor context from a canonicalized subdocument". Generally speaking, that should not be a problem unless you need the ancestor context in your signature, otherwise, in its current state, this library will not work for you.

If excluding ancestor context is not a problem for you, then the general idea of my last answer still holds. You can swap the URL for the ExclusiveCanonicalization one: http://www.w3.org/2001/10/xml-exc-c14n#

Do keep in mind that this is a workaround, as this algorithm you're trying to use not technically supported.

Answer 4 · 2020-04-15T16:41:16.000Z

@CamiloHernandez Okay, i will try it . Thank you for your patient explanation.

Answer 5 · 2020-04-16T00:41:40.000Z

@CamiloHernandez ohh, so hard.Because to connect to the old institutional system, I must use this expired algorithm. Otherwise, the signature will be inconsistent. Do you have a recommended tool library to support http://www.w3.org/TR/2001/REC-xml-c14n-20010315 ?

Answer 6 · 2023-03-23T15:02:45.000Z

It looks like this is supported on a fork of signedxml so would cherry-picking that onto master be accepted? I need this REC- algorithm as well.

Answer 7 · 2023-04-21T18:08:32.000Z

We support C14N10Rec now. Can you try out the v1.0.0 release and let us know how it works?