signxml icon indicating copy to clipboard operation
signxml copied to clipboard
verified publisher icon XML-Security

Allow multiple c14n algorithms

Open hathawsh opened this issue 4 years ago • 2 comments

I'm working with a service that transmits and receives signed XML with very specific requirements. One of the requirements is to use different canonicalization algorithms for the signed info and for the payload. With this patch, signxml can be configured to be compatible with the requirement.

hathawsh avatar Mar 07 '22 18:03 hathawsh

Thanks for your contribution!

I understand your requirement and I would like to support it. we need to clarify the names of the resulting options. Also, this PR can't be merged without a test case.

I think it would be better to organize the options as follows:

class XMLSigner(...):
    def __init__(
        self,
        signature_c14n_algorithm=XMLSignatureProcessor.default_c14n_algorithm,
        payload_c14n_algorithm=XMLSignatureProcessor.default_c14n_algorithm
    ):
        self.signature_c14n_algorithm = signature_c14n_algorithm
        self.payload_c14n_algorithm = payload_c14n_algorithm
        ...

kislyuk avatar Sep 09 '22 22:09 kislyuk

If we change the option name, the change will be backward incompatible, so the next version should be 3.x rather than 2.11 (assuming we're following semantic versioning principles).

I would prefer to add an option and leave the existing option name, making the new version compatible with existing code.

hathawsh avatar Oct 05 '22 17:10 hathawsh

This PR will not be accepted per the feedback above, but the functionality will be supported in the v3.0.0 release

kislyuk avatar Oct 30 '22 02:10 kislyuk

Tracking in #205

kislyuk avatar Oct 30 '22 02:10 kislyuk