OpenSAML user discussion

[Peter Williams <>]

I added junit tests to the xml toolling unit testing framework, so I could 
use netbeans to single step the formal unit tests of the saml2 xml tooling 
library. Having altered the logging level to debug, both xmlse lib (from 
apache) and xml toolking (from mace) spit out lots of logs to the console. 
I've compiled the head of opensaml2, and the head of xmldsig, treating each 
as a local POM SNAPSHOT, using maven 3.0 beta builds, on a java 1.6 platform.

Two existing unit tests in the xml toolking library have the library 
unmarshal enveloped and detached signatures (from test vectors). Their 
signedinfo element tags are pretty printed with multiple leading whitespace 
chars. Evidently, they were signed with those leading whitespace chars, 
seeing as such whitespace chars are canonical under c14n. These signatures 
actually crypto-verify fine, as xmldsig library hashes what the dsig library 
parses from the wire form of signedinfo (which retains as text nodes in the 
nodeset the wire-form's whitespace).

1. how can I use the signedxml base class to generate a signed object whose 
signedinfo elements (a) exhibits the white space pretty printing, and (b) has 
signed the leading whitespace in the signedinfo?

(Experiments (and xmltooling unit tests) cause the xmldsig library to only 
ever digest/sign a signedinfo stream that has no leading whitespace before 
each signedinfo element.)

alternatively

2. how can I take a pretty printed signature, which was originally signed 
with no leftmost whitespace per apache dsig but which some intermediate xml 
processor has rewritten and reformatted to add pretty printing whitespace in 
signedinfo, and now unmarshall it SPECIFICALLY in a no left-most whitespace 
rendering?

Peter.