XmlDsigC14NTransform normalization behavior depends on input type

  • Article

Hi, welcome back, 

When using System.Security.Cryptography.Xml.XmlDsigC14NTransform, depending on the input type (XmlDsigC14NTransform.InputTypes) being passed to its LoadInput method, the result of its GetOutput method could be different:

- If we pass a Stream to XmlDsigC14NTransform, it will normalize line feeds from 0xd 0xa ("\r\n") to 0xa ("\n") before canonicalization. After canonicalization, we will only see 0xa chars ("\n") in the Output as expected.

- If we pass an XmlNodeList or XmlDocument to XmlDsigC14NTransform, line feeds won't be normalized before canonicalization. After canonicalization, 0xd 0xa ("\r\n") will appear in the Output as 0x26 0x0b 0x78 0x44 0x3b 0x0a (" 
\n"). Canonicalization will convert all 0xd bytes to "
" string as documented in C14N standard.

The following sample converts an XmlNodeList to a Stream, so we can get the same behavior than with a Stream: 

 

<SAMPLE>

 XmlNodeList xmlNodes = ...

// Convert XmlNodeList to Stream, so XmlDsigC14NTransform is able to normalize input
MemoryStream memStream = new MemoryStream();
byte[] bytes = new UTF8Encoding().GetBytes(xmlNodes[0].OuterXml);
memStream.Write(bytes, 0, bytes.Length);
memStream.Seek(0, SeekOrigin.Begin);

// Normalize & Canonicalize
XmlDsigC14NTransform t2 = new XmlDsigC14NTransform();
t2.LoadInput(memStream);

</SAMPLE>

 

I hope this helps.

Cheers,

 

Alex (Alejandro Campos Magencio)