Re: OUT OF MEMORY Exception, is it posible to sing a big XML ????

[Martin Labarthe Dubois]

Thanks, are you using Windows, linux, unix ? because using the API with windows, P4 with 1024M RAM it took hours to sign a 3M XML, and it throws out of memory with 8M XML, we configured the jvm with -Xmx5000m.   without the hardware, were you able to sign big XMLs? i mean the hardware reduces the time or also permits you to sign bigger XMLs ?     Regards, Martin     ----- Original Message ----- From: Kenworthy, Edward (EDS) To: '[EMAIL PROTECTED]' Sent: Tuesday, April 20, 2004 5:11 AM Subject: RE: OUT OF MEMORY Exception, is it posible to sing a big XML ???? Hi   For "pure-XML" documents I can sign 7k, 1.5M and 12M messages. The latter takes around 90 seconds to process and seems to be very much the outer limit of twhat the library can handle: breathing on it causes it to fail!   For other XML documents where the bulk of the content is made up of encoded binary (eg a base-64 encoded PDF) I can sign a 25meg message in <20seconds.   The killer is the c14n. For our use we don't actually need full-c14n, we just need to be sure that the hash we get when the document is sent will be the same as that when it's received, despite having passed through one or more XML processors. We could have used compression (basically turn the XML into binary that the intermediate processors couldn't/wouldn't mess with) but decided in the end not to.   Edward -----Original Message----- From: Martin Labarthe Dubois [mailto:[EMAIL PROTECTED] Sent: 16 April 2004 16:38 To: [EMAIL PROTECTED] Subject: Re: OUT OF MEMORY Exception, is it posible to sing a big XML ???? Hi Edward, if you try to sign the whole 25 megs document, it also works ? because, when I sign the 8 megs doc, i need to sign the whole thing.   Thanks, Martin ----- Original Message ----- From: Kenworthy, Edward (EDS) To: '[EMAIL PROTECTED]' Sent: Friday, April 16, 2004 11:58 AM Subject: RE: OUT OF MEMORY Exception, is it posible to sing a big XML ???? I'm actually using a weedier machine than you. It's a P4 1800 with 1Gig. Only major difference I can see I'm setting both the initial and max heap sizes. Here's my code (I'm actually only generating the hash, but it does involve doing the expensive bit: c14n). Obviously your XPath would be different, mine is specific to signing submissions to the Inland Revenue (hence all the GovTalk and IRHeader references). Hope this helps! import java.io.*; import javax.xml.parsers.*; import java.security.*; import org.w3c.dom.*; import org.apache.xml.security.signature.*; import org.apache.xml.security.transforms.*; import org.apache.xml.security.Init; import org.bouncycastle.util.encoders.Base64; /**  * This code generates an IRMark (secure hash value) for an input document.  * The value is a base64 encoded SHA1 digest of a signature  * transform over a certain style of document.  *  * The code has a number of jar dependencies:-  *  xmlsec.jar - The Apache XML Security Library  *  log4j-1.2.5.jar - The Apache Log utility  *  xalan.jar - Apache XSLT/XPath processor  *  xercesImpl.jar - Apache XML processor  *  bc-jce-jdk13-114.jar - Bouncy Castle JCE library  *  *  The Bouncy Castle JCE provider is automatically downloaded  *  by the Apache XML sec library build so you may already have  *  that.  */ public class IRMark {    /**     * Generate and print the IRmark.     *     * @param args - Pass the filename of the input document     * @throws Exception     */  public static void main(String args[]) throws Exception {      // Init the Apache XML security library   Init.init();   // Check we are given a file to work with   if (args.length!=1) {    System.out.println("Use: IRmark <file> ");    return;   }   // Open the input file   FileInputStream fis=null;   try {    fis=new FileInputStream(args[0]);   } catch (FileNotFoundException e) {    System.out.println("The file " + args[0] + " could not be opened.");    return;   }   // Load file into a byte array   byte[] data="">  try {    int bytes=fis.available();    data="" byte[bytes];    fis.read(data);   } catch (IOException e) {    System.out.println("Error reading file.");    e.printStackTrace();   }   // First part is to run the a transform over the input to extract the   // fragment to be digested. This is done by setting up a Transforms   // object from a Template and then executing against the input document   // The transforms to be performed are specified by using the template XML below.        String transformStr =         "<?xml version='1.0'?>\n"        + "<dsig:Transforms xmlns:dsig='http://www.w3.org/2000/09/xmldsig#' xmlns:gt='http://www.govtalk.gov.uk/CM/envelope' xmlns:ir='http://www.govtalk.gov.uk/taxation/SA'>\n"        + "<dsig:Transform Algorithm='http://www.w3.org/TR/1999/REC-xpath-19991116'>\n"        + "<dsig:XPath>\n"        + "count(ancestor-or-self::node()|/gt:GovTalkMessage/gt:Body)=count(ancestor-or-self::node())\n"   + " and count(self::ir:IRmark)=0 \n"   + " and count(../self::ir:IRmark)=0 \n"   + "</dsig:XPath>\n"        + "</dsig:Transform>\n"        + "<dsig:Transform Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments'/>\n"        + "</dsig:Transforms>\n"        ;   // Parse the transform details to create a document   DocumentBuilderFactory dbf=DocumentBuilderFactory.newInstance();   dbf.setNamespaceAware(true);   DocumentBuilder db=dbf.newDocumentBuilder();   Document doc=db.parse(new ByteArrayInputStream(transformStr.getBytes()));   // Construct a Apache security Transforms object from that document   Transforms transforms = new Transforms(doc.getDocumentElement(), null);   // Now perform the transform on the input to get the results.        XMLSignatureInput input = new XMLSignatureInput(data);        XMLSignatureInput result = transforms.performTransforms(input);        // Uncomment this line to see transform output        // System.out.println(new String(result.getBytes()));        // Second part is to run output via SHA1 digest        // This is done via the standard java.security API   MessageDigest md = MessageDigest.getInstance("SHA");   md.update(result.getBytes());   byte[] digest=md.digest();   // And finally print a Base64 of the digest with   // The help of the BouncyCastle JCE library   System.out.println("IRmark: " + new String(Base64.encode(digest)));    } } -----Original Message----- From: Martin Labarthe Dubois [mailto:[EMAIL PROTECTED] Sent: 16 April 2004 15:45 To: [EMAIL PROTECTED] Subject: Re: OUT OF MEMORY Exception, is it posible to sing a big XML ????   > Well, as I said, I managed to sign a 20meg XML document in around 20 seconds > using the Apache library... using the options I gave you. Did you try them? I am quite confused, what´s your hardware configuration???   Using the Apache Library and Pentium IV 2.4 GHz, 1 GB memory DDR 266 command: java -Xmx1300m -verbose:gc -XX:+PrintGCTimeStamps   It takes 3 hours and a half to sign a 5mb XML. Is this normal?