I am really sorry but I can not accept this patch because it breaks
backward compatibility for existing callbacks. Now, these callbacks
have to expect a NULL uri and before it was guaranteed that the uri is
always not-NULL.
I still think that the best way is to create a specific scheme for
the in-memory data. The other security system will have to handle
it somehow anyway. Agreeing on the same scheme in this case is a much
better way of doing things.
Sorry again,
Aleksey
Frank Gross wrote:
Thanks for your answer, it's exactly what I was trying to do, but I got
a problem because when the system computes the signature where I added
my own URI scheme, the URI is computed in the signature (as expected).
But when I save it to the disk, I don't want the URI to be there because
the detached signature could be used by another security system that
didn't know my "specific" scheme.
Then, when I load the detached signature without my "specific" URI, the
validation fails due to the signature value that is not the same (of
course once it was computed with the URI, and once without it).
Therefore, I've had to changed the security library a little bit to make
a difference between an empty URI, and an URI that is not present. And
in that last case, I use the IO callback functions to parse my "in
memory" document.
If you could add a way to perform such operation in a future release, it
would be great.
Regards,
Frank
P.S: I've added a patch with the modifications if you are interested in.
Aleksey Sanin a écrit :
You probably want to overwrite the IO callbacks
http://www.aleksey.com/xmlsec/api/xmlsec-io.html
However, I don't know if this would work for
a document *without* URI. You probably want to
identify it somehow and assign *some* uri
(e.g. foo://<document id> or something like this).
Then IO callbacks could catch scheme "foo" and
load the document you need.
Aleksey
Frank Gross wrote:
Hi,
I have a problem when I try to validate a detached signature
against my document. The 'xmlSecDSigCtxVerify' function takes two
parameters, the DSig context, and the node pointing to the signature
<dsig:Signature/> <http://www.w3.org/TR/xmldsig-core/#sec-Signature>
node. But as my detached signature has no URI, how can can I specify
to the context the document that it has to validate. (The
XML-Signature specification says that in such case, the application
is supposing to know what was signed). Indeed, I try to build an API
that sign any document build in memory and then saved with the
detached signature to the disk (as a separated XML document of
course), and another one to load both XML documents to validate the
signature.
I was able to sign and verify an enveloped signature, because in
that case the signature is inside the document itself, but with
detached signatures, what is the procedure ?
Can someone help, or point me to the documentation explaining how to do.
Thanks a lot,
Frank
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
------------------------------------------------------------------------
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
_______________________________________________
xmlsec mailing list
[email protected]
http://www.aleksey.com/mailman/listinfo/xmlsec
