[xmlsec] bug or failure to undestand ?
Aleksey Sanin
aleksey@aleksey.com
Mon, 22 Apr 2002 18:08:36 -0700
--------------080903020000080404030205
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Hi, Skip!
Since you've not described what exactly you want to select
using XPath expression I will try to guess that your goal is
to select all <location> nodes and the text these nodes contain.
In this assumpiton I would recommend to use following XPath
expression:
<XPath>
ancestor-or-self::location
</XPath>
In your example this expression will select following nodes
(line breaks are added for better formatting, original result
is one line):
<location>
Monterey, Monterey Peninsula Airport, CA,
United States (KMRY) 36-35-26N 121-50-51W 66M
</location>
<location>
San Francisco, San Francisco International Airport, CA,
United States (KSFO) 37-37-11N 122-21-53W 26M </location>
<location>
Vineyard Haven, Marthas Vineyard Airport, MA,
United States (KMVY) 41-23-32N 070-37-00W 16M
</location>
LibXML2 has a nice utility xmllint that allows you to play with different
XML features including XPath. You can try different XPath expressions
on your document and immidiatelly see results.
Also (in case you don't know about this) there is a nice XPath tutorial with
examples:
http://www.zvon.org/xxl/XPathTutorial/General/examples.html
About "/usr/local/ssl": I am really surprised that configuration script
was not able to find OpenSSL in this case. What Linux distribution do
you use? Will you try the latest 0.0.4 XML Sec library, please?
Thanks,
Aleksey.
Skip Carter wrote:
>Hi,
>
>I am experimenting with your XMLsec library (0.0.3 on
>Linux) and have found it to be very helpful in the
>practical aspects of learning XML Digital Signatures.
>Between reading the specs and playing with your
>code (I compiled it with debugging turned on
>and used testDSig) I think I mostly have the hang of it.
>
>Everything seemed to be going along just fine until
>I started playing with using XPath. I created a
>test file (attached) and tried to set up a signature
>with an XPath transformation to just sign one elements of
>the file (all the 'location' nodes). I tried a couple of
>different XPath statements but whatever I did, either
>signed the entire document or signed none of the document
>(I tested by changing the doc and then using testDSig
>in verify mode).
>
>Does your library presently support XPath ?
>If so, I'd appreciate a pointer on how to do what I
>am trying to do.
>
>I tried:
> <XPath> self::document/content/weather/location </XPath>
>and:
> <XPath> .//location </XPath>
>
>which should be equivalent in selecting all of the
>location nodes, but they did not seem to
>work (they looked to me to act as if none of the file
>was signed).
>
>I have searched around the Web a bit, but I haven't
>found any COMPLETE examples of the use of XPath,
>so I built my tests from what I understood from the
>XPath documentation.
>�
>
>Also, a minor problem with the configure script:
>It failed to automatically find the location of
>my openSSL installation in spite of it being in
>the standard location ( /usr/local/ssl ), I had
>to explicitly provide it with the switch
> --with-openssl=/usr/local/ssl
>
>before the library would compile.
>
>
>Thanks in advance for your help,
>
>Skip
>
>
>
>
> ------------------------------------------------------------------------
>
> Monterey, Monterey Peninsula Airport, CA, United States (KMRY)
> 36-35-26N 121-50-51W 66M Apr 19, 2002 - 10:54 AM EST / 2002.04.19 1554
> UTC from the WNW (300 degrees) at 6 MPH (5 KT) 10 mile(s) clear 54.0 F
> (12.2 C) 46.0 F (7.8 C) 74% 30.15 in. Hg (1020 hPa) San Francisco, San
> Francisco International Airport, CA, United States (KSFO) 37-37-11N
> 122-21-53W 26M Apr 19, 2002 - 10:56 AM EST / 2002.04.19 1556 UTC from
> the W (260 degrees) at 5 MPH (4 KT) 10 mile(s) clear 55.9 F (13.3 C)
> 39.0 F (3.9 C) 52% 30.15 in. Hg (1020 hPa) Vineyard Haven, Marthas
> Vineyard Airport, MA, United States (KMVY) 41-23-32N 070-37-00W 16M
> Apr 19, 2002 - 10:53 AM EST / 2002.04.19 1553 UTC from the S (170
> degrees) at 9 MPH (8 KT) 6 mile(s) overcast haze 55.0 F (12.8 C) 48.9
> F (9.4 C) 79% 30 in. Hg (1015 hPa)
>
>
>------------------------------------------------------------------------
>
><?xml version="1.0" encoding="UTF-8"?>
><Envelope xmlns="urn:envelope">
> <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
> <SignedInfo>
> <CanonicalizationMethod
> Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
> <SignatureMethod
> Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
> <Reference URI="file:///home/skip/xml/weather.xml">
> <Transforms>
> <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
> <XPath>
> .//location
> </XPath>
> </Transform>
> </Transforms>
> <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
> <DigestValue></DigestValue>
> </Reference>
> </SignedInfo>
> <SignatureValue/>
> <KeyInfo>
> <KeyValue/>
> </KeyInfo>
> </Signature>
></Envelope>
>
--------------080903020000080404030205
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<html>
<head>
</head>
<body>
Hi, Skip!<br>
<br>
Since you've not described what exactly you want to select <br>
using XPath expression I will try to guess that your goal is<br>
to select all <location> nodes and the text these nodes contain.<br>
In this assumpiton I would recommend to use following XPath<br>
expression:<br>
<br>
<XPath><br>
ancestor-or-self::location<br>
</XPath> <br>
<br>
In your example this expression will select following nodes<br>
(line breaks are added for better formatting, original result<br>
is one line):<br>
<br>
<location> <br>
Monterey, Monterey Peninsula Airport, CA, <br>
United States (KMRY) 36-35-26N 121-50-51W 66M <br>
</location><br>
<location> <br>
San Francisco, San Francisco International Airport, CA, <br>
United States (KSFO) 37-37-11N 122-21-53W 26M </location><br>
<location> <br>
Vineyard Haven, Marthas Vineyard Airport, MA, <br>
United States (KMVY) 41-23-32N 070-37-00W 16M <br>
</location><br>
<br>
LibXML2 has a nice utility xmllint that allows you to play with different<br>
XML features including XPath. You can try different XPath expressions <br>
on your document and immidiatelly see results.<br>
Also (in case you don't know about this) there is a nice XPath tutorial with<br>
examples:<br>
<a class="moz-txt-link-freetext" href="http://www.zvon.org/xxl/XPathTutorial/General/examples.html">http://www.zvon.org/xxl/XPathTutorial/General/examples.html</a><br>
<br>
<br>
About "/usr/local/ssl": I am really surprised that configuration script<br>
was not able to find OpenSSL in this case. What Linux distribution do <br>
you use? Will you try the latest 0.0.4 XML Sec library, please?<br>
<br>
<br>
Thanks,<br>
<br>
Aleksey.<br>
<br>
<br>
Skip Carter wrote:<br>
<blockquote type="cite" cite="mid:3CC4ACA6.65B0535@taygeta.com">
<pre wrap="">Hi,<br><br>I am experimenting with your XMLsec library (0.0.3 on<br>Linux) and have found it to be very helpful in the<br>practical aspects of learning XML Digital Signatures.<br>Between reading the specs and playing with your<br>code (I compiled it with debugging turned on<br>and used testDSig) I think I mostly have the hang of it.<br><br>Everything seemed to be going along just fine until<br>I started playing with using XPath. I created a<br>test file (attached) and tried to set up a signature<br>with an XPath transformation to just sign one elements of<br>the file (all the 'location' nodes). I tried a couple of<br>different XPath statements but whatever I did, either<br>signed the entire document or signed none of the document<br>(I tested by changing the doc and then using testDSig<br>in verify mode).<br><br>Does your library presently support XPath ?<br>If so, I'd appreciate a pointer on how to do what I<br>am trying to do.<br><br>I tried:<br> <XPath
> self::document/content/weather/location </XPath><br>and:<br> <XPath> .//location </XPath><br><br>which should be equivalent in selecting all of the<br>location nodes, but they did not seem to<br>work (they looked to me to act as if none of the file<br>was signed).<br><br>I have searched around the Web a bit, but I haven't<br>found any COMPLETE examples of the use of XPath,<br>so I built my tests from what I understood from the<br>XPath documentation.<br>�<br><br>Also, a minor problem with the configure script:<br>It failed to automatically find the location of<br>my openSSL installation in spite of it being in<br>the standard location ( /usr/local/ssl ), I had<br>to explicitly provide it with the switch<br> --with-openssl=/usr/local/ssl<br><br>before the library would compile.<br><br><br>Thanks in advance for your help,<br><br>Skip<br><br><br><br></pre>
<br>
<hr width="90%" size="4"><br>
<document><header>
<title>The latest weather</title>
</header><content><weather id="KMRY"><location> Monterey, Monterey Peninsula
Airport, CA, United States (KMRY) 36-35-26N 121-50-51W 66M </location><time>
Apr 19, 2002 - 10:54 AM EST / 2002.04.19 1554 UTC </time><wind> from the
WNW (300 degrees) at 6 MPH (5 KT) </wind><visibility> 10 mile(s) </visibility><sky>
clear </sky><temperature> 54.0 F (12.2 C) </temperature><dewpt> 46.0 F
(7.8 C) </dewpt><humidity> 74% </humidity><press> 30.15 in. Hg (1020 hPa)
</press><!-- KMRY 191554Z 30005KT 10SM CLR 12/08 A3015 RMK AO2 SLP223 T01220078 --><!-- 16 --></weather><weather id="KSFO"><location>
San Francisco, San Francisco International Airport, CA, United States (KSFO)
37-37-11N 122-21-53W 26M </location><time> Apr 19, 2002 - 10:56 AM EST /
2002.04.19 1556 UTC </time><wind> from the W (260 degrees) at 5 MPH (4 KT)
</wind><visibility> 10 mile(s) </visibility><sky> clear </sky><temperature>
55.9 F (13.3 C) </temperature><dewpt> 39.0 F (3.9 C) </dewpt><humidity>
52% </humidity><press> 30.15 in. Hg (1020 hPa) </press><!-- KSFO 191556Z 26004KT 10SM CLR 13/04 A3015 RMK AO2 SLP211 T01330039 --><!-- 16 --></weather><weather id="KMVY"><location>
Vineyard Haven, Marthas Vineyard Airport, MA, United States (KMVY) 41-23-32N
070-37-00W 16M </location><time> Apr 19, 2002 - 10:53 AM EST / 2002.04.19
1553 UTC </time><wind> from the S (170 degrees) at 9 MPH (8 KT) </wind><visibility>
6 mile(s) </visibility><sky> overcast </sky><note> haze </note><temperature>
55.0 F (12.8 C) </temperature><dewpt> 48.9 F (9.4 C) </dewpt><humidity>
79% </humidity><press> 30 in. Hg (1015 hPa) </press><!-- KMVY 191553Z 17008KT 6SM HZ OVC005 13/09 A3000 RMK AO2 SLP159 T01280094 --><!-- 16 --></weather></content></document>
<pre wrap=""><br><hr width="90%" size="4"><br><?xml version="1.0" encoding="UTF-8"?><br><Envelope xmlns="urn:envelope"><br> <Signature xmlns=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#">"http://www.w3.org/2000/09/xmldsig#"</a>><br> <SignedInfo><br> <CanonicalizationMethod<br> Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/TR/2001/REC-xml-c14n-20010315">"http://www.w3.org/TR/2001/REC-xml-c14n-20010315"</a> /><br> <SignatureMethod<br> Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#rsa-sha1">"http://www.w3.org/2000/09/xmldsig#rsa-sha1"</a> /><br> <Reference URI=<a class="moz-txt-link-rfc2396E" href="file:///home/skip/xml/weather.xml">"file:///home/skip/xml/weather.xml"</a>><br> <Transforms><br> <Transform Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/TR/1999/REC-xpat
h-19991116">"http://www.w3.org/TR/1999/REC-xpath-19991116"</a>><br> <XPath><br> .//location<br> </XPath><br> </Transform><br> </Transforms><br> <DigestMethod Algorithm=<a class="moz-txt-link-rfc2396E" href="http://www.w3.org/2000/09/xmldsig#sha1">"http://www.w3.org/2000/09/xmldsig#sha1"</a> /><br> <DigestValue></DigestValue><br> </Reference><br> </SignedInfo><br> <SignatureValue/><br> <KeyInfo><br> <KeyValue/><br> </KeyInfo><br> </Signature><br></Envelope><br></pre>
</blockquote>
<br>
</body>
</html>
--------------080903020000080404030205--