[xml] Re: Regarding the use of canonicalization features of libxml2



First of all, I am following Daniel's policy and copy my answer to LibXML mailing list
because you did not indicate otherwise.
The problem you have is caused by the fact that Signature and Object nodes have namespaces. And when you do not specify these namespaces in the XPath context and do not include namespaces in the xpath expression, the XPath evaluation, of course,
returns empty nodes set.
You might find the code for doing all this stuff in testC14N.c. The format of the files for this program could be found by either reading sources or looking at examples at
test/c14n/*


With best regards,
Aleksey



Darren Ford wrote:

Hi Aleksey,

I've been attempting to use the c14n functions within the libxml2 library with no success. I am working on an xml signature implementation (I'd be using libxmlsec except that I have my own signing/verification functionality) and am trying to use the canonicalization features with little success. I was wondering whether you'd mind helping me with a few questions?

I've been trying to figure out the argument 'nodes' within the 'xmlC14NDoc...' functions. eg.

xmlC14NDocSave(xmlDocPtr doc, xmlNodeSetPtr nodes,
               int exclusive, xmlChar ** inclusive_ns_prefixes,
               int with_comments, const char *filename, int compression)

I seem to be able to produce canonical output if I select the whole document (ie. nodes == NULL), but if I'm wanting to canonicalize JUST the 'object' reference (ie. for the digesting process), what is the correct nodeset that I need to supply?

    <?xml version="1.0" encoding="UTF-8"?>
    <Signature xmlns="http://www.w3.org/2000/09/xmldsig#";>
      <SignedInfo>
<CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"; /> <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"; />
        <Reference URI="#object">
<DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"; />
          <DigestValue></DigestValue>
        </Reference>
     </SignedInfo>
      <SignatureValue>
      </SignatureValue>
      <KeyInfo>
       <KeyValue>
        </KeyValue>
      </KeyInfo>
      <Object Id="object">some text</Object>
    </Signature>

    .... code follows ....

    xmlDocPtr pTheDoc = xmlParseFile("test_file.xml");
    xmlXPathContextPtr ctxt = xmlXPathNewContext(pTheDoc);
xmlXPathObjectPtr res = xmlXPathEvalExpression(BAD_CAST "/Signature/Object", ctxt); xmlC14NDocSave(pTheDoc, res->nodesetval, 0, NULL, 1, "output.xml", 0);

I noticed that the test program (testc14n.c) uses an 'xpath-filename' as an argument, however I've had no luck figuring out the appropriate xpath expression(s) required to produce the canonical form for 'object' in the above example. Each one seems to just print out a blank file :-) and when I step through the code it appears that the nodeset returned from 'xmlXPathEvalExpression' is somewhat empty. When I pass in a (manually created) nodeset containing a pointer to the 'Object' node, I get back <Object></Object> which isn't much use :-)

Any help would be greatly appreciated.  Thankyou for your time.

Yours sincerely,


Darren Ford






[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]