I will look into the api of the sax patch you mentioned. I would like to
offer my time/assistance with the upcoming stax implementation and
improvements/integration thereof when you get to it. I don't know the
xml-security codebase much at all, but I've spent time reading the w3
xml signature and c14n specs. I could at least offer feedback on the API
and assistance in writing a bunch of junit tests. One thought for the
canonicalization in stax (or other stream-based approaches) is to use a
PipedReader/PipedWriter pair to buffer attributes and then emit them in
lexigraphical order when the next non-attribute event is received. This
could also handle any other conversions necessary for c14n (newline
normalization, CDATA replacement, etc). Let me know if there is anything
small/easy you'd like me to work on or look at in the meantime,
otherwise I will be working on my horrible hacked up code that only
supports enveloped dsa signatures w/ no canonicalization and the basics
of KeyInfo :)
Best,
Chris
Raul Benito wrote:
If you want to try a SAX base approach
you can try this patch http://issues.apache.org/bugzilla/show_bug.cgi?id=32657
It is for xml-sec 1.2.1 and it is working right now, and the
performance is really good.
Regarding the Stax one, i have to give it a push the following week.
But let see if I have time...
Regards,
Raul
On 2/9/06, Chris Black <[EMAIL PROTECTED]> wrote:
Hello all,
I've been trying to get a stream-based implementation of just the core
parts of the xml signature spec I need for my applications. I recently
researched a bunch of alternatives to dom/jdom which is what we used to
use and was causing performance problems, I ended up going with stax.
Anyway, I have been working on a hacked up proof of concept using stax
and only implementing enveloped dsa signatures including keyinfo and
making some progress. Right now I am not using standard canonicalization
because I was unable to find an easy way to do this in stax w/o writing
it myself (which I may do in the future).
I saw in the mailing list archives back in November that Raul Benito
mentioned perhaps working on a stax implementation. That path has my
vote :) One of the problems I ran into when trying to reference just
parts of the existing apache xml signature implementation was that many
of the classes don't have a way to use their functionality without using
DOM, so I end up writing my own quick implementations of all the parts I
need. This may of course just be due to my unfamiliarity with the code.
I was wondering if there are any thoughts on how a stax implementation
would fit into the package structure of the existing codebase and if
there had been any further work on stax implementations by anyone. And
also if anyone has tips on efficient canonicalization using
streams/transforms in some way.
Chris
--
http://r-bg.com
