OK, let me think about this. This patch can cause problems
for some apps that want to generate an error when uri is empty.
Aleksey
Frank Gross wrote:
Thanks for your answer, it's exactly what I was trying to do, but I got
a problem because when the system computes the signature where I added
my own URI scheme, the URI is computed in the signature (as expected).
But when I save it to the disk, I don't want the URI to be there because
the detached signature could be used by another security system that
didn't know my "specific" scheme.
Then, when I load the detached signature without my "specific" URI, the
validation fails due to the signature value that is not the same (of
course once it was computed with the URI, and once without it).
Therefore, I've had to changed the security library a little bit to make
a difference between an empty URI, and an URI that is not present. And
in that last case, I use the IO callback functions to parse my "in
memory" document.
If you could add a way to perform such operation in a future release, it
would be great.
Regards,
Frank
P.S: I've added a patch with the modifications if you are interested in.
Aleksey Sanin a écrit :
You probably want to overwrite the IO callbacks
http://www.aleksey.com/xmlsec/api/xmlsec-io.html
However, I don't know if this would work for
a document *without* URI. You probably want to
identify it somehow and assign *some* uri
(e.g. foo://<document id> or something like this).
Then IO callbacks could catch scheme "foo" and
load the document you need.
Aleksey
Frank Gross wrote:
Hi,
I have a problem when I try to validate a detached signature
against my document. The 'xmlSecDSigCtxVerify' function takes two
parameters, the DSig context, and the node pointing to the signature
<dsig:Signature/> <http://www.w3.org/TR/xmldsig-core/#sec-Signature>
node. But as my detached signature has no URI, how can can I specify
to the context the document that it has to validate. (The
XML-Signature specification says that in such case, the application
is supposing to know what was signed). Indeed, I try to build an API
that sign any document build in memory and then saved with the
detached signature to the disk (as a separated XML document of
course), and another one to load both XML documents to validate the
signature.
I was able to sign and verify an enveloped signature, because in
that case the signature is inside the document itself, but with
detached signatures, what is the procedure ?
Can someone help, or point me to the documentation explaining how to do.
Thanks a lot,
Frank
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
xmlsec@aleksey.com
http://www.aleksey.com/mailman/listinfo/xmlsec
