Re: [xmlsec] Emailing: tmpl-EPM-sign-stylesheet.xml
Great! Thanks for posting your results to the list. Hope this would help someone in the future! Aleksey ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
[xmlsec] Emailing: tmpl-EPM-sign-stylesheet.xml
Hi Aleksey, After numerous attempts to verify the Microsoft InfoPath-created dsig which uses an XSLT transform, I decided to dummy it down and both sign and verify it with XMLSec, to get some clues. The attached is the only stylesheet transform technique I can get working with XMLSec. I verified this from the pre-digest transform put out by --store-references. That is good. This working approach completely embeds the entire stylesheet, HTML and all, under the Transform element like this ... Transform Algorithm=http://www.w3.org/TR/1999/REC-xslt-19991116; xsl:stylesheet xmlns:xsl=http://www.w3.org/1999/XSL/Transform; version=1.0 xsl:template match=books htmlbody ... My question: Is there any way that XMLSec (libxslt ?) will honour a stylesheet reference whose body resides outside the XML doc being transformed ? Simply adding ... ?xml-stylesheet type=text/xsl href=books.xsl? ... as the 1st line in books.xml doesn't do it. I also tried a href to the stylesheet in several places both in the template and in the doc without success. Is this possible ? Thanks, Ed ?xml version=1.0 encoding=UTF-8? Envelope xmlns=urn:envelope Signature xmlns=http://www.w3.org/2000/09/xmldsig#; SignedInfo CanonicalizationMethod Algorithm=http://www.w3.org/TR/2001/REC-xml-c14n-20010315/ SignatureMethod Algorithm=http://www.w3.org/2000/09/xmldsig#rsa-sha1/ Reference URI=inout/books.xml Transforms Transform Algorithm=http://www.w3.org/TR/1999/REC-xslt-19991116; xsl:stylesheet xmlns:xsl=http://www.w3.org/1999/XSL/Transform; version=1.0 xsl:template match=books htmlbody h1A list of books/h1 table width=640 xsl:apply-templates/ /table /body/html /xsl:template xsl:template match=book tr tdxsl:number//td xsl:apply-templates/ /tr /xsl:template xsl:template match=author | title | price tdxsl:value-of select=.//td /xsl:template /xsl:stylesheet /Transform /Transforms DigestMethod Algorithm=http://www.w3.org/2000/09/xmldsig#sha1/ DigestValue/DigestValue /Reference /SignedInfo SignatureValue /SignatureValue KeyInfo X509Data X509SubjectName /X509SubjectName X509Certificate /X509Certificate /X509Data /KeyInfo /Signature /Envelope
Re: [xmlsec] Emailing: tmpl-EPM-sign-stylesheet.xml
If I understand him, Ed wants the stylesheet to be external to the signature. You can't do that. See section 6.6.5 of the DSIG spec. In particular, the end of the first paragraph: No special provision is made for the identification of a remote stylesheet at a given URI because it can be communicated via an xsl:include or xsl:import within the stylesheet child of the Transform. -- Rich Salz Chief Security Architect DataPower Technology http://www.datapower.com XS40 XML Security Gateway http://www.datapower.com/products/xs40.html XML Security Overview http://www.datapower.com/xmldev/xmlsecurity.html ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Emailing: tmpl-EPM-sign-stylesheet.xml
Yes Rich, this is what I meant. Thanks. Yes, Aleksey I had already tried it with xsltproc without any problems, both referenced and not. I am not reporting a problem here, I am asking for guidance on how to externally reference the stylesheet (URI, import, etc ...) from within the sign template. I assume xsl:include and xsl:import (as Rich pointed) out are supported within XMLSec (libxslt) ? Ed -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aleksey Sanin Sent: September 7, 2003 9:09 PM To: Edward Shallow Cc: [EMAIL PROTECTED] I am not sure I clear understand what do you mean by this because books.xml file was not referenced anywhere in your message and I just don't understand how is this related to signatures. BTW, have you tried to run your xml file with xsltproc? I am sure it's able to handle ?xml-stylesheet ... href=... ? construction because it is widely used in docbook. It would be great if you can either provide an example of a standalone xsl template that does not work as you expect or an example of a signature template that does not work plus a standalone xsl template that does work. This would greatly help with locating and fixing this problem :) Aleksey Simply adding ... ?xml-stylesheet type=text/xsl href=books.xsl? ... as the 1st line in books.xml doesn't do it. I also tried a href to the stylesheet in several places both in the template and in the doc without success. ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
Re: [xmlsec] Emailing: tmpl-EPM-sign-stylesheet.xml
I am not reporting a problem here... Sorry, I got it wrong way :( I assume xsl:include and xsl:import (as Rich pointed) out are supported within XMLSec (libxslt) ? Both are defenitly supported by libxslt, I used them myself :) But I never tried it with xmlsec. I would expect it to work and if it does not then it's a bug (which have to be fixed) :) Aleksey ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec
RE: [xmlsec] Emailing: tmpl-EPM-sign-stylesheet.xml
I'll try it and let you know tomorrow. Thanks for the quick response Aleksey and Rich. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Aleksey Sanin Sent: September 7, 2003 9:41 PM To: Edward Shallow Cc: [EMAIL PROTECTED] I am not reporting a problem here... Sorry, I got it wrong way :( I assume xsl:include and xsl:import (as Rich pointed) out are supported within XMLSec (libxslt) ? Both are defenitly supported by libxslt, I used them myself :) But I never tried it with xmlsec. I would expect it to work and if it does not then it's a bug (which have to be fixed) :) Aleksey ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec ___ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec