Re: [basex-talk] XML in HTTP request body

2019-06-03 Thread Jerome Chauveau 
Hi Michael, 

It seems to work ... perfectly ! 

Thank you so much for that clear and quick answer :-) 

Jérôme 





De: "Michael Seiferle"  
À: "jerome chauveau"  
Cc: "basex-talk"  
Envoyé: Lundi 3 Juin 2019 16:39:07 
Objet: Re: [basex-talk] XML in HTTP request body 

Hi Jerome, 


If I understand correctly, you want to create a hash value for the string 
serialization of the document you sent to restxq right? 

Currently inside RESTXQ your document is treated as an XML Document, hence: 

$body will be of type document-node(): 




 
Hello 
World 
 




where as crypto:hmac requires a string-type $message: 

BQ_BEGIN
crypto:hmac ($message as xs:string, 
BQ_END
Hence your $body will be converted like so: 

BQ_BEGIN

string( 
 
Hello 
World 
 
) 

BQ_END


Turning it into: 

BQ_BEGIN
„HelloWorld“ 
BQ_END


In order to actually compute a hash on the bytes your document contains, do as 
follows: 

Working example here: [ https://git.basex.io/snippets/63 | 
https://git.basex.io/snippets/63 ] 


Treat your document as binary: 

BQ_BEGIN
%rest:consumes("application/octet-stream“) 

BQ_END
And then decode that binary to a string and then compute the hash for the 
string, using: bin:decode-string#2: 


BQ_BEGIN
let $str-doc := bin:decode-string($body,'utf-8') (: xs:string :) 
let $sig-cand := crypto:hmac($str-doc,$secret,'sha1','base64') 

BQ_END


Hope this helps :-) 

Michael 


BQ_BEGIN

Am 03.06.2019 um 12:17 schrieb Jerome Chauveau < [ 
mailto:jerome.chauv...@unicaen.fr | jerome.chauv...@unicaen.fr ] >: 

Hi, 

I am trying to check XML content (HTTP posted) with an hmac function in a 
RESTXQ webapp. 

My Java client sends an HTTP post request where XML data looks like : 

doehttp://www.tei-c.org/ns/1.0 | 
http://www.tei-c.org/ns/1.0 ] " 
xml:id="idtest" 
>TestXXXBurgunvilla 

This content is HMAC encrypted and the signature is added to the HTTP header : 

[...] 
String secret = "1234"; 
StringEntity entity = new StringEntity(xml, ContentType.create("text/xml", 
Consts.UTF_8)); 
String signature = HTTPUtils.hmacSHA1(xml, secret); 
httppost.setHeader("Authorization", signature); 
httppost.setEntity(entity); 
[...] 


Here is my RESTXQ function : 

declare 
%rest:POST("{$body}") 
%rest:consumes("application/xml", "text/xml") 
%rest:header-param("Authorization", "{$signature}", "none") 
%rest:path("/sf/testpost") 
function sf.test:testPost($signature,$body){ 
let $secret := 1234 
crypto:hmac($body,$secret,'sha1','base64') = $signature 
} 

Equality check always fails with such an XML sequence but works fine when XML 
does not contain any carriage return : 
doeThis is a 
test 

It seems to come when "The body of a POST or PUT request is converted to an 
XQuery item". 

I tried to set serializer's options without any success ! 

How could I retrieve xml (in $body) exactly serialized as sent by the client ? 

Tests are running on BaseX922. 
Thank you for your time. 

Jérôme 

BQ_END

Re: [basex-talk] XML in HTTP request body

2019-06-03 Thread Michael Seiferle 
Hi Jerome, 


If I understand correctly, you want to create a hash value for the string 
serialization of the document you sent to restxq right?

Currently inside RESTXQ your document is treated as an XML Document, hence: 

$body will be of type document-node(): 
> 
>   
> Hello
> World
>   
> 

where as crypto:hmac requires a string-type $message:
> crypto:hmac($message as xs:string, 
Hence your $body will be converted like so: 
> string(
>   
> Hello
> World
>   
> )


Turning it into: 
> „HelloWorld“


In order to actually compute a hash on the bytes your document contains, do as 
follows:

Working example here: https://git.basex.io/snippets/63


Treat your document as binary:
> %rest:consumes("application/octet-stream“)
And then decode that binary to a string and then compute the hash for the 
string, using: bin:decode-string#2:

>   let $str-doc  := bin:decode-string($body,'utf-8') (: xs:string :)
>   let $sig-cand := crypto:hmac($str-doc,$secret,'sha1','base64')


Hope this helps :-)

Michael

> Am 03.06.2019 um 12:17 schrieb Jerome Chauveau :
> 
> Hi,
> 
> I am trying to check XML content (HTTP posted) with an hmac function in a 
> RESTXQ webapp.
> 
> My Java client sends an HTTP post request where XML data looks like :
> 
> doe xsi:schemaLocation="http://www.tei-c.org/ns/1.0";
> xml:id="idtest"
> > > > > >Test > xml:id="authortest"
> >XXX > > > > > > xml:space="preserve"
> > > type="lieu"
> > xml:lang="la"
> >Burgunvilla > > > > > >
> 
> This content is HMAC encrypted and the signature is added to the HTTP  header 
> :
> 
> [...]
> String secret = "1234";
> StringEntity entity = new StringEntity(xml, ContentType.create("text/xml", 
> Consts.UTF_8));
> String signature = HTTPUtils.hmacSHA1(xml, secret);
> httppost.setHeader("Authorization", signature);
> httppost.setEntity(entity);
> [...]
> 
> 
> Here is my RESTXQ function :
> 
> declare
> %rest:POST("{$body}")
> %rest:consumes("application/xml", "text/xml")
> %rest:header-param("Authorization", "{$signature}", "none")
> %rest:path("/sf/testpost")
> function sf.test:testPost($signature,$body){
>   let $secret := 1234
>   crypto:hmac($body,$secret,'sha1','base64') = $signature
> }
> 
> Equality check always fails with such an XML sequence but works fine when XML 
> does not contain any carriage return :
> doeThis is a 
> test
> 
> It seems to come when "The body of a POST or PUT request is converted to an 
> XQuery item".
> 
> I tried to set serializer's options without any success !
> 
> How could I retrieve xml (in $body) exactly serialized as sent by the client 
> ? 
> 
> Tests are running on BaseX922.
> Thank you for your time.
> 
> Jérôme

[basex-talk] Improper Use? Potential bug?

2019-06-03 Thread Buddy Kresge 
I am all of a sudden getting the below error (and things were working just fine 
- weird).  Works fine in 9.1.2 but not in 9.2.X.  Any guidance would be greatly 
appreciated.

Note:  I tried to send you an email with the full stack trace, but the 
moderator rejected it because the email was too long.  I've cut down the size, 
but you now no longer have the full stack trace.  If you need the full stack 
trace, please let me know how you'd like that shared with you.

Thanks,
Buddy

Error:
Improper use? Potential bug? Your feedback is welcome:
Contact: 
basex-talk@mailman.uni-konstanz.de
Version: BaseX 9.2
Java: AdoptOpenJdk, 1.8.0_202
OS: Windows 10, amd64
Stack Trace:
java.lang.ArrayIndexOutOfBoundsException: 1
   at org.basex.query.expr.Preds.simplify(Preds.java:215)
   at org.basex.query.expr.Filter.optimize(Filter.java:82)
   at org.basex.query.expr.Filter.inline(Filter.java:260)
   at org.basex.query.expr.gflwor.ForLet.inline(ForLet.java:66)
   at org.basex.query.expr.gflwor.GFLWOR.inline(GFLWOR.java:804)
   at org.basex.query.expr.gflwor.GFLWOR.inlineLets(GFLWOR.java:339)
   at org.basex.query.expr.gflwor.GFLWOR.optimize(GFLWOR.java:106)
   at org.basex.query.expr.gflwor.GFLWOR.compile(GFLWOR.java:98)
   at org.basex.query.expr.If.compile(If.java:63)
   at org.basex.query.func.StaticFunc.comp(StaticFunc.java:69)
   at org.basex.query.func.StaticFuncs.compile(StaticFuncs.java:184)
   at 
org.basex.query.func.fn.FnFunctionLookup.opt(FnFunctionLookup.java:34)
   at 
org.basex.query.func.StandardFunc.optimize(StandardFunc.java:77)
   at org.basex.query.expr.Arr.compile(Arr.java:43)
   at org.basex.query.expr.gflwor.ForLet.compile(ForLet.java:43)
   at org.basex.query.expr.gflwor.GFLWOR.compile(GFLWOR.java:88)
   at org.basex.query.func.StaticFunc.comp(StaticFunc.java:69)
   at 
org.basex.query.func.StaticFuncCall.compile(StaticFuncCall.java:64)
   at org.basex.query.expr.gflwor.ForLet.compile(ForLet.java:43)
   at org.basex.query.expr.gflwor.GFLWOR.compile(GFLWOR.java:88)
   at org.basex.query.expr.gflwor.ForLet.compile(ForLet.java:43)
   at org.basex.query.expr.gflwor.GFLWOR.compile(GFLWOR.java:88)
   at org.basex.query.func.StaticFunc.comp(StaticFunc.java:69)
   at 
org.basex.query.func.StaticFuncCall.compile(StaticFuncCall.java:64)
   at org.basex.query.expr.gflwor.GFLWOR.compile(GFLWOR.java:94)
   at org.basex.query.func.StaticFunc.comp(StaticFunc.java:69)
   at 
org.basex.query.func.StaticFuncCall.compile(StaticFuncCall.java:64)
   at org.basex.query.expr.gflwor.GFLWOR.compile(GFLWOR.java:94)
   at org.basex.query.func.StaticFunc.comp(StaticFunc.java:69)
   at org.basex.query.func.StaticFuncs.compile(StaticFuncs.java:184)
   at 
org.basex.query.func.fn.FnFunctionLookup.opt(FnFunctionLookup.java:34)
   at 
org.basex.query.func.StandardFunc.optimize(StandardFunc.java:77)
   at org.basex.query.expr.Arr.compile(Arr.java:43)
   at org.basex.query.expr.gflwor.ForLet.compile(ForLet.java:43)
   at org.basex.query.expr.gflwor.GFLWOR.compile(GFLWOR.java:88)
   at org.basex.query.func.StaticFunc.comp(StaticFunc.java:69)
   at 
org.basex.query.func.StaticFuncCall.compile(StaticFuncCall.java:64)
   at org.basex.query.expr.gflwor.ForLet.compile(ForLet.java:43)
   at org.basex.query.expr.gflwor.GFLWOR.compile(GFLWOR.java:88)
   at org.basex.query.expr.gflwor.ForLet.compile(ForLet.java:43)
   at org.basex.query.expr.gflwor.GFLWOR.compile(GFLWOR.java:88)
   at org.basex.query.func.StaticFunc.comp(StaticFunc.java:69)
   at 
org.basex.query.func.StaticFuncCall.compile(StaticFuncCall.java:64)
   at org.basex.query.expr.gflwor.GFLWOR.compile(GFLWOR.java:94)
   at org.basex.query.func.StaticFunc.comp(StaticFunc.java:69)
   at 
org.basex.query.func.StaticFuncCall.compile(StaticFuncCall.java:64)
   at org.basex.query.expr.gflwor.GFLWOR.compile(GFLWOR.java:94)
   at org.basex.query.func.StaticFunc.comp(StaticFunc.java:69)
   at org.basex.query.func.StaticFuncs.compile(StaticFuncs.java:184)
   at 
org.basex.query.func.fn.FnFunctionLookup.opt(FnFunctionLookup.java:34)
   at 
org.basex.query.func.StandardFunc.optimize(StandardFunc.java:77)
   at org.basex.query.expr.Arr.compile(Arr.java:43)
   at org.basex.query.expr.gflwor.ForLet.compile(ForLet.java:43)
   at org.basex.query.expr.gflwor.GFLWOR.compile(GFLWOR.java:88)
   at org.basex.query

[basex-talk] XML in HTTP request body

2019-06-03 Thread Jerome Chauveau 
Hi, 

I am trying to check XML content (HTTP posted) with an hmac function in a 
RESTXQ webapp. 

My Java client sends an HTTP post request where XML data looks like : 

doehttp://www.tei-c.org/ns/1.0"; 
xml:id="idtest" 
>TestXXXBurgunvilla 

This content is HMAC encrypted and the signature is added to the HTTP header : 

[...] 
String secret = "1234"; 
StringEntity entity = new StringEntity(xml, ContentType.create("text/xml", 
Consts.UTF_8)); 
String signature = HTTPUtils.hmacSHA1(xml, secret); 
httppost.setHeader("Authorization", signature); 
httppost.setEntity(entity); 
[...] 


Here is my RESTXQ function : 

declare 
%rest:POST("{$body}") 
%rest:consumes("application/xml", "text/xml") 
%rest:header-param("Authorization", "{$signature}", "none") 
%rest:path("/sf/testpost") 
function sf.test:testPost($signature,$body){ 
let $secret := 1234 
crypto:hmac($body,$secret,'sha1','base64') = $signature 
} 

Equality check always fails with such an XML sequence but works fine when XML 
does not contain any carriage return : 
doeThis is a 
test 

It seems to come when "The body of a POST or PUT request is converted to an 
XQuery item". 

I tried to set serializer's options without any success ! 

How could I retrieve xml (in $body) exactly serialized as sent by the client ? 

Tests are running on BaseX922. 
Thank you for your time. 

Jérôme

Re: [basex-talk] Update of arbitrarily selected elements?

2019-06-03 Thread Marco Lettere 
Yes. In addition, if you don't have IDs in place and elements are all in 
the same container, you could maybe use their position. Or a combination 
of an XPAT selector for the contianer root and then a sequence of 
positions for the elements to be updated.

M.

On 03/06/19 09:46, Michael Seiferle wrote:

Hi Josh,

I think the most widely used approach would be addressing items via ID 
— just as you would in a traditional database approach — this might 
involve adding IDs to all elements.



(as in, not selectable with a query)
With XPath you can select arbitrary parts of your document, maybe 
using XPath expressions would be helpful?



Hope this helps a bit, feel free to ask for more specific information  :)

Best

Michael







Am 31.05.2019 um 20:14 schrieb Joshua Kordani 
>:


Greetings all.
I am curious about how basex supports the idea of modifying any given 
(or set of given) elements, say a user makes a query to select a 
bunch of elements for editing and wishes to add an attribute to an 
arbitrary subset (as in, not selectable with a query), how do I 
reference a particular element for later updating?

Sincerely,
Josh

Re: [basex-talk] Update of arbitrarily selected elements?

2019-06-03 Thread Michael Seiferle 
Hi Josh, 

I think the most widely used approach would be addressing items via ID — just 
as you would in a traditional database approach — this might involve adding IDs 
to all elements.

>> (as in, not selectable with a query)
With XPath you can select arbitrary parts of your document, maybe using XPath 
expressions would be helpful?


Hope this helps a bit, feel free to ask for more specific information  :)

Best 

Michael 







> Am 31.05.2019 um 20:14 schrieb Joshua Kordani 
> :
> 
> Greetings all.
>  
> I am curious about how basex supports the idea of modifying any given (or set 
> of given) elements, say a user makes a query to select a bunch of elements 
> for editing and wishes to add an attribute to an arbitrary subset (as in, not 
> selectable with a query), how do I reference a particular element for later 
> updating?
>  
> Sincerely,
> Josh