I have put two templates in the same doc, one a detached, one an enveloped.
I build each template dynamically as a small DOM tree since I'm using a SAX parser for performance. I pass the individual Signature nodes in, as well as the document containing the templates and my untrusted cert file name.
I cannot get the detached signature to verify unless the template is in a stand-alone file with the signature node at the root and use xmlSecFindNode to derive the node. In other words, the node I pass in does not work, even if the Signature is the only thing in the file.
-- Regards
J. Bielski
| Aleksey Sanin <[EMAIL PROTECTED]>
10/13/2003 12:00 PM |
To: Julianne Bielski/Raleigh/[EMAIL PROTECTED], "[EMAIL PROTECTED]" <[EMAIL PROTECTED]> cc: Subject: Re: [xmlsec] using SAX with xmlsec |
Yes, you are right. It is possible to do deattached signatures w/o having full document
in memory. But I didn't have such a requirement when I wrote xmlsec thus it assumes
that whole document DOM tree is in memory.
Aleksey
Julianne Bielski wrote:
Why would you need the whole DOM tree for the whole XML document if you're verifying a detached signature?
I would think you only need the whole document for an enveloped signature.
-- Regards,
J. Bielski
