3

I have an xml document. When I print the document using java libs I get the proper xml output. Then I sign the xml document using xmlsignatures. After signing, I try to print the document again. But this time the document is printed in such a way that all the Elements are JUMBLED . So I want to know whether xml signature modifies xml document? If yes then why?

suraj
  • 1,828
  • 12
  • 36
  • 64
  • If by jumbled you mean your tags aren't appearing in the same order, that's not unexpected. XML documents are not "ordered". – Mat Apr 14 '12 at 09:06
  • @Mat Can you explain it in more detail? I mean if want to retrieve values from elements then I have to face problems because of tags getting jumbled – suraj Apr 14 '12 at 09:12
  • Basically `` and `` are the same document. You can't rely on relative ordering of sibling nodes, the XML spec doesn't impose ordering, and different parsers/generators will or will not keep the original ordering. If your design relies on that, you need to review your design. – Mat Apr 14 '12 at 09:14
  • @Mat Thanks. Is this jumbling thing happens in attributes of a element also? – suraj Apr 14 '12 at 09:19
  • Attributes aren't ordered either. – Mat Apr 14 '12 at 09:21
  • @Mat Attributes aren't ordered, yes, but elements order is specified in the Xml Schema and is normally significant, except in specific cases (like perhaps). – Patrice M. Apr 15 '12 at 03:28

2 Answers2

2

Signature may modify your structure by canonicalizing it. This is necessary because your xml can have different valid representations. In order to verify the signature all parties must agree on one canonicalized representation.

nansen
  • 2,912
  • 1
  • 20
  • 33
  • That is not necessarily true. The canonicalization happens for the purpose of computing the signature behind the scenes, but the document, when signed, is not normally, and especially if the signing method is enveloped or detached. – Patrice M. Apr 15 '12 at 03:15
2

Like @Mat, I would like to have more details about what you mean by JUMBLED. Nonetheless, your original document should not be altered in its structure if you have chosen the ENVELOPED (or obviously DETACHED) signature method. Conversely, choosing an ENVELOPING method does change your original document by wrapping it in a container that also includes the signature.

Patrice M.
  • 4,209
  • 2
  • 27
  • 36