I am using Apache sec lib inside an ISAPI filter to validate digital
sigs as they flow through our network.
I store the raw packets as they are streamed over the network inside a
linked list and want to avoid excessive buffer copying. Currently I walk
my list of packets, accumulate the packets into a buffer and pass this
buffer into MemBufInputSource(); which internally creates another copy
(I now have 2 temporary copies of the orignal stream). Is there anyway
I can override this behaviour to pass my custom packet linked list into
MemBufInputSource() thus avoiding the buffer creation/copy?
// super simple List of nodes
struct Node
{
void *data;
int len;
struct Node *next;
};
Node *LList;
Ideally I want to do...something akin to the following.. can this be
done?
MemMyLinkedListInputSource *memIS = new MemMyLinkedListInputSource
((const XMLByte *)llist, "XSECMem");
parser.parse(*memIS);
Or
parser.parse(LList); // this is gonna be a no-no
To explain my current situation, rough pseudo code is probably easier to
understand.
ValidateSoapXML(struct Node *rawPacketBuffer /* filled linked list of
SOAP packets */)
{
Char *buffer = BuildBufferFromAllThePacketsInList(rawPacketBuffer);
Int bufferLen =
GetBufferLenFromAllThePacketsInList(rawPacketBuffer);
//
// parse the XML document, load in the signature field and attempt to
validate it using a copy of the
// X509 public key we create earlier from the certificate store.
//
HRESULT hr = S_FALSE;
XercesDOMParser *parser;
try
{
XercesDOMParser parser; // NOT new'ed .. Don't
think this is an issue
parser.setDoNamespaces(true);
parser.setCreateEntityReferenceNodes(true);
parser.setDoSchema(true);
MemBufInputSource *memIS = new MemBufInputSource((const XMLByte
*)buffer, bufferLen, "XSECMem");
parser.parse(*memIS);
delete memIS; // destroy as soon as possible
if(parser.getErrorCount() > 0)
{
OutputDebugStringF(_T("Error parsing input document\n"));
return hr;
}
// Now create a signature object to validate the document
XSECProvider prov;
DSIGSignature *sig = prov.newSignatureFromDOM(parser.getDocument());
sig->registerIdAttributeName(config.idAttributeName);
sig->registerIdAttributeNameNS(config.idAttributeNS,
config.idAttributeName);
sig->load();
sig->setSigningKey(X509->clonePublicKey());
if(sig->verify())
{
OutputDebugStringW(_T("Signature Valid"));
hr = S_OK; // the only way to set this is if this fn() is
successfull
}
else
{
// sig->getErrMsgs() is WIDE
OutputDebugStringF(_T("Error parsing & validating document %s\n"),
sig->getErrMsgs());
}
}
catch(XSECException &e) // signature related errors)
{
// e.getMsg() is WIDE
OutputDebugStringW(_T("EURESWEBFILTER:An error occured during a
signature load %s\n"), e.getMsg());
}
catch(const XMLException &e) // xml related parsing errors)
{
// e.getMessage() is WIDE
OutputDebugStringW(_T("An error occured during a xerces parsing and
loading of xml %s\n"),
}
return hr;
}
Thanks
Steve
