OpenSAML user discussion

["Scott Cantor" <>]

> I've tried using the FilesystemCredentialResolver plugin, and as expected
it
> also doesn't remove the newlines.

I didn't think it would, but I'm equally sure that when I use the code to
generate metadata using the getKeyInfo method (is that what you're doing?)
I'm getting newlines.

However, looking at the code, I don't think it's under my control. I'm not
specifying anything one way or the other. If the cert object is created by
way of an X509* directly, which is what should be happening internally,
xmlsec uses openssl calls to get a base64 version back out to store and
return. So it's entirely up to openssl what that looks like. Maybe your
version is different.

> Is this a bug? Or will something like
> in the metadata be handled correctly when unmarshalled?

base64 in XML is not specified as being a particular line length, nor does
XMLSig say anything about it. Consuming code has to handle either, or it's
broken. Using newlines is a way of formatting the result better, and of
avoiding bugs in code that's consuming base64 directly with openssl, which
is buggy about it.

-- Scott