https://github.com/ucarion/c14n

A Golang implementation of XML canonicalization
https://github.com/ucarion/c14n

c14n golang xml

Last synced: about 2 months ago
JSON representation

A Golang implementation of XML canonicalization

• Host: GitHub
• URL: https://github.com/ucarion/c14n
• Owner: ucarion
• License: mit
• Created: 2020-05-14T05:00:39.000Z (about 5 years ago)
• Default Branch: master
• Last Pushed: 2020-05-29T19:00:13.000Z (about 5 years ago)
• Last Synced: 2025-04-16T15:14:47.075Z (about 2 months ago)
• Topics: c14n, golang, xml
• Language: Go
• Homepage:
• Size: 58.6 KB
• Stars: 19
• Watchers: 3
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# c14n

 [![go.dev reference](https://img.shields.io/badge/go.dev-reference-007d9c?logo=go&logoColor=white&style=flat-square)](https://pkg.go.dev/mod/github.com/ucarion/c14n?tab=overview)

 [![GitHub Workflow Status](https://img.shields.io/github/workflow/status/ucarion/c14n/tests?label=tests&logo=github&style=flat-square)](https://github.com/ucarion/c14n/actions)

This package is a Golang implementation of XML Canonicalization ("c14n"). In

particular, it implements the [Exclusive Canonical XML][w3] specification, which

is the recommended canonicalization scheme used in SAML.

If you're looking to canonicalize XML because you're implementing SAML or XML

Digital Signature, consider using [`github.com/ucarion/saml`][saml] or

[`github.com/ucarion/dsig`][dsig], which are implemented using this package.

[w3]: https://www.w3.org/TR/xml-exc-c14n/

[saml]: https://github.com/ucarion/saml

[dsig]: https://github.com/ucarion/dsig

## Installation

Install this package by running:

```bash

go get github.com/ucarion/c14n

```

## Usage

The most common way to use this package is to call `c14n.Canonicalize` with a

`xml.Decoder`:

```go

input := ``

decoder := xml.NewDecoder(strings.NewReader(input))

out, err := c14n.Canonicalize(decoder)

fmt.Println(string(out), err)

// Output:

//  

```

## Limitations

This package ignores processing directives, and so technically does not fully

comply with the Exclusive Canonical XML spec. In particular, the spec says that

if you have a document like this:

```xml

]>

   &ent1;, &ent2;!

```

Then it should be canonicalized as:

```xml

   Hello, world!

```

But in order to do that, this package would need to potentially do I/O in order

to work, and it would need to understand the entire DTD spec. Furthermore, the

standard library's XML decoder doesn't support parsing custom entities (instead,

it errors out), so this package would need to ship an alternative to

`xml.Decoder`.

Thus, this package does not support custom entities and other features driven by

processing directives. In practice, these features are rarely used in common

protocols like SAML.