java-8x509certificatetomcat8carriage-returnxml-signature

How to avoid "
" (CR) in XMLSignature generated from webapp running on Tomcat 8.5 with JDK8


I'm experiencing a problem with java XMLSignature: when I try to generate the signature and then sign the XML file, an unwanted HTML-like Carriage Return ("
") is placed at then end of each line both in SignatureValue and X509Certificate.

Example:

zLxzCI14qHxBCXamm46Rj7nFoIDM6RTvUvUOdiQN9NkK96GzbxCJjpQVNAXduWwcMwDSVP2ouO0N
 9NSnL+TNZyU62x6Lw0N6FFbzGIzfs9HDnrw531kfpDhOBZCB85h7MGcAJmOvhy5/Gv8qgFw2DVED

I've tried to solve the problem adding the following lines to the code, based on some suggestions I found on the web:

System.setProperty("com.sun.org.apache.xml.internal.security.ignoreLineBreaks", "true");
System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true");

but it didn't solve the problem.


Solution

  • I finally solved the problem editing the setenv.sh script on Tomcat (at ${CATALINA_HOME}/bin/setenv.sh) appending

    -Dcom.sun.org.apache.xml.internal.security.ignoreLineBreaks=true

    to the string of properties defined in CATALINA_OPTS.

    With this setting Carriage Returns (CR) and Line Feeds (LF) were removed only inside the <Signature> tag of the resulting XML file.