[xml] Re: Regarding the use of canonicalization features of libxml2

[Aleksey Sanin <aleksey aleksey com>]

First of all, I am following Daniel's policy and copy my answer to 
LibXML mailing list
because you did not indicate otherwise.
The problem you have is caused by the fact that Signature and Object 
nodes have
namespaces. And when you do not specify these namespaces in the XPath 
context
and do not include namespaces in the xpath expression, the XPath 
evaluation, of course,
returns empty nodes set.
You might find the code for doing all this stuff in testC14N.c. The 
format of the files
for this program could be found by either reading sources or looking at 
examples at
test/c14n/*


With best regards,
Aleksey



Darren Ford wrote:

> Hi Aleksey,
>
>   I've been attempting to use the c14n functions within the libxml2 
> library with no success.  I am working on an xml signature 
> implementation (I'd be using libxmlsec except that I have my own 
> signing/verification functionality) and am trying to use the 
> canonicalization features with little success.  I was wondering 
> whether you'd mind helping me with a few questions?
>
> I've been trying to figure out the argument 'nodes' within the 
> 'xmlC14NDoc...' functions. eg.
>
> xmlC14NDocSave(xmlDocPtr doc, xmlNodeSetPtr nodes,
>                int exclusive, xmlChar ** inclusive_ns_prefixes,
>                int with_comments, const char *filename, int compression)
>
> I seem to be able to produce canonical output if I select the whole 
> document (ie. nodes == NULL), but if I'm wanting to canonicalize JUST 
> the 'object' reference (ie. for the digesting process), what is the 
> correct nodeset that I need to supply?
>
>     <?xml version="1.0" encoding="UTF-8"?>
>     <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
>       <SignedInfo>
>         <CanonicalizationMethod 
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; />
>         <SignatureMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
>         <Reference URI="#object">
>           <DigestMethod 
> Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
>           <DigestValue></DigestValue>
>         </Reference>
>      </SignedInfo>
>       <SignatureValue>
>       </SignatureValue>
>       <KeyInfo>
>        <KeyValue>
>         </KeyValue>
>       </KeyInfo>
>       <Object Id="object">some text</Object>
>     </Signature>
>
>     .... code follows ....
>
>     xmlDocPtr pTheDoc = xmlParseFile("test_file.xml");
>     xmlXPathContextPtr ctxt = xmlXPathNewContext(pTheDoc);
>     xmlXPathObjectPtr res = xmlXPathEvalExpression(BAD_CAST 
> "/Signature/Object", ctxt);
>     xmlC14NDocSave(pTheDoc, res->nodesetval, 0, NULL, 1, "output.xml", 
> 0);
>
> I noticed that the test program (testc14n.c) uses an 'xpath-filename' 
> as an argument, however I've had no luck figuring out the appropriate 
> xpath expression(s) required to produce the canonical form for 
> 'object' in the above example.  Each one seems to just print out a 
> blank file :-) and when I step through the code it appears that the 
> nodeset returned from 'xmlXPathEvalExpression' is somewhat empty.  
> When I pass in a (manually created) nodeset containing a pointer to 
> the 'Object' node, I get back <Object></Object> which isn't much use :-)
>
> Any help would be greatly appreciated.  Thankyou for your time.
>
> Yours sincerely,
>
>
> Darren Ford