[xmlsec] namepace and cannoalization methods

Aleksey Sanin aleksey at aleksey.com
Wed Jul 23 09:22:14 PDT 2003


> But I would guess it'll be a very ugly and long patch.

A coffein drink helped me to realize that it might be not as bad
as I thought. And that there might be another option for you.

0) [new option, no xmlsec hack] I guess currently you are using
the xmlsec helper functions xmlSecTmpl* to create the signature
template. But template is just an xml file. You can create it manually
and put whatever you want in it. Including the "ds:" prefix you want :)
And I don't think xmlsec/libxml2 would have any problems with it :)

1) [small xmlsec hack] But I would imagine that re-writing a lot of
stupid code from template.c do create a signature template is boring :)
Thus you can slightly tweak xmlsec to do what you want:
    a) Add a new function xmlSecTmplSignatureCreateExt()
    that would have one additional parameter "prefix". The
    old function xmlSecTmplSignatureCreate() would just call
    this new one with "prefix" equal NULL.
    The new function would have to specify prefix when it creates
    namespace node (search for a call to xmlNewNs).
    b) All tree manipulations in template.c are done using
    xmlSecAdd* functions from xmltree.c. These functions
    need to be modified to work with namespace prefix correctly.
    There are 3 or 4 functions and it should be pretty straightforward.

If you would prefer to go with option 1) do not forget that I accept
contributions :)

Aleksey






More information about the xmlsec mailing list