Re: [xml] "detached" DTD's

From: Daniel Veillard <veillard redhat com>
To: Rich Salz <rsalz datapower com>
Cc: xml gnome org
Subject: Re: [xml] "detached" DTD's
Date: Wed, 4 Dec 2002 04:35:59 -0500

On Tue, Dec 03, 2002 at 11:11:28PM -0500, Rich Salz wrote:

I'm using the xmlsec library ( http://www.aleksey.com/xmlsec/ ), an
application built on top of libXML and OpenSSL to do the XML
signature and encryption standards.  I'm trying to verify some signatures
created by the IBM xss4j package; in particular, the WS-Security
standard, which puts a signature in a SOAP Header, and signs
data in the SOAP Body.


  you're likely to win the acronym contest for this month :-)

Whew, that's lots of jargon.  The issue is pretty simple.  I'm
having problems verifying messages because libXML doesn't know
that
        <Content id='body'> ...
id is of type ID, and that earlier on I can do
        <dsig:Reference URI='#body'/>

I think the most general solution is to have an external DTD that identifies
the ID attributes, and then load or verify after loading, the XML document
against that.

Any ideas?


  Hum, there is a few missing pieces in this story. First do the document
instance have a DOCTYPE (seems that the answer is no) ? 
  Currently the parser can be asked to load the DTD and check the IDs
(without fully validating) but only for the DTD referenced from the DocType.
If there is no DocType, then there is another API which allow to do 
DTD validation of a parsed tree against a preparsed DTD instance:

  int             xmlValidateDtd          (xmlValidCtxtPtr ctxt,
                                           xmlDocPtr doc,
                                           xmlDtdPtr dtd);

  this will repopulate the ID table but also do all the validity checking
and I doubt you want this. But you can probably filter out the errors
by providing empty callbacks in the xmlValidCtxt.
  See libxml/valid.h for the interfaces.
  The other question is if the cost of walking the full tree again to do
the ID lookups is acceptable. If not you can try to sneak in the tree
building interface by providing your own startElement() callback in the
parser context which could 1/ call the default callback used to build
the tree 2/ check whether one of the attribte passed is an ID in which
case you can call 
   xmlIDPtr
   xmlAddID(xmlValidCtxtPtr ctxt, xmlDocPtr doc, const xmlChar *value,
            xmlAttrPtr attr);

  to register it. That would be more specialized but possibly faster.

Daniel

-- 
Daniel Veillard      | Red Hat Network https://rhn.redhat.com/
veillard redhat com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/

References:
- [xml] "detached" DTD's
  - From: Rich Salz

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]