Calculating DigestValue over URI - URGENT HELP VERY MUCH APPRECIATED
-
Andy H wrote:
Well what was the point of your reply?
The point was the link I supplied that appears to define the parameters you asked about, you fucking moron. Fuck off asshole.
led mike
-
I am very sorry, I did not spot the link in your reply. Thanks, but I have seen the page you referred to.
Andy H wrote:
I am very sorry, I did not spot the link in your reply.
Oh, ok, no problem, simple mistake, I make them all the time, I even make complicated mistakes. :-D
Andy H wrote:
Thanks, but I have seen the page you referred to.
Ok then I need more specific information about what you need to know.
nodes: Is a NodeSet that will act like a filter so that it will only dump those nodes rather than the entire document.inclusive_ns_prefixes: Is a string array of the namespaces, where the last element of the array is NULL. Based on the doc you can pass NULL for both of those and it should still work.led mike
-
Andy H wrote:
I am very sorry, I did not spot the link in your reply.
Oh, ok, no problem, simple mistake, I make them all the time, I even make complicated mistakes. :-D
Andy H wrote:
Thanks, but I have seen the page you referred to.
Ok then I need more specific information about what you need to know.
nodes: Is a NodeSet that will act like a filter so that it will only dump those nodes rather than the entire document.inclusive_ns_prefixes: Is a string array of the namespaces, where the last element of the array is NULL. Based on the doc you can pass NULL for both of those and it should still work.led mike
I am currently parsing NULL to both those arguments. But because I am extracting the node with the Id attribute set to "MsgOperation", I am obviously missing namespace declarations etc that are in the parent node, as a result my computed DigestValue is incorrect. All I require at the moment is for someone to let me know what the EXEC_C14N result of the said node which is then fed into the SHA-1 algorithm and Base64'ed the result of which (i.e. DigestValue) is: wJsL4RtLToFeHW/xt2ewbAAiNxk= That way at least I could get some idea of what the node is transformed into as a result of the EXEC_C14N process!
-
I am currently parsing NULL to both those arguments. But because I am extracting the node with the Id attribute set to "MsgOperation", I am obviously missing namespace declarations etc that are in the parent node, as a result my computed DigestValue is incorrect. All I require at the moment is for someone to let me know what the EXEC_C14N result of the said node which is then fed into the SHA-1 algorithm and Base64'ed the result of which (i.e. DigestValue) is: wJsL4RtLToFeHW/xt2ewbAAiNxk= That way at least I could get some idea of what the node is transformed into as a result of the EXEC_C14N process!
Andy H wrote:
All I require at the moment is for someone to let me know what the EXEC_C14N result of the said node
Sorry, I don't have an environment established where I can do that. Since you have the XML yourself why can't you just give the namespace argument to the function?
led mike
-
Andy H wrote:
All I require at the moment is for someone to let me know what the EXEC_C14N result of the said node
Sorry, I don't have an environment established where I can do that. Since you have the XML yourself why can't you just give the namespace argument to the function?
led mike
-
I am trying to digitally sign an XML document in C++. Yes, I know that it is easy in .NET 2.0, but alas cannot use that! An extract of the XML document is below. All I am trying to do is calculate the DigestValue over the XML sub-document with Id=MsgOperation. I know that the data from this sub-document is converted into a hash with SHA-1 and then Base64. The problem I am having is converting the sub-document using EXEC-C14N. I am trying to use the LibXML2 library (very good), to EXEC-C14N the sub-document with: [code] CString CDigitalCerts::C14N( const char* pszXml, const bool bExclusive ) { CString sRet = _T(""); xmlChar* pOutput = NULL; xmlDocPtr pXmlDoc = xmlReadMemory( pszXml, (int)strlen( pszXml ), _T("xml"), NULL, 0 ); int result = 0; void* pData = NULL; xmlOutputBufferPtr buf = 0; if ( pXmlDoc ) { result = xmlC14NDocDumpMemory( pXmlDoc, NULL, (int)bExclusive, NULL, 0, &pOutput ); } xmlFreeDoc( pXmlDoc ); if ( result > 0 ) { sRet = (LPCTSTR)pOutput; } xmlFree( pOutput ); pOutput = NULL; return sRet; } [/code] If anyone has used the xmlC14NDocDumpMemory function before from the libxml2 library and can advise what I need to add to its 2nd argv (nodes) or the 4th argv (inclusive_ns_prefixes), I would appreciate it. Or what the node once EXEC_C14N'ed looks like I would again be very grateful. [code] <?xml version="1.0" encoding="utf-8"?><soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> soapenv:Header <ns1:Operation Id="MsgOperation" soapenv:mustUnderstand="0" xsi:type="xsd:string" xmlns:ns1="http://www.ros.ie/schemas/service/" xmlns:xsi="http://w ww.w3.org/2001/XMLSchema-instance">CT1/File</ns1:Operation> <wsse:Security xmlns:wsse="http://schemas.xmlsoap.org/ws/2002/07/secext"> ... <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#"> ds:SignedInfo <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/> <ds:Reference URI="#MsgOperation"> ds:Transforms
Just to let anyone know, if they are interested, that I have manually worked out the result of the EXEC-C14N for the //ns1:Operation node of the XML posted in my orriginal message above, to be: [code] <ns1:Operation xmlns:ns1="http://www.ros.ie/schemas/service/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Id="MsgOperation" soapenv:mustUnderstand="0" xsi:type="xsd:string">CT1/File</ns1:Operation> [/code] This helped
-
Just to let anyone know, if they are interested, that I have manually worked out the result of the EXEC-C14N for the //ns1:Operation node of the XML posted in my orriginal message above, to be: [code] <ns1:Operation xmlns:ns1="http://www.ros.ie/schemas/service/" xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" Id="MsgOperation" soapenv:mustUnderstand="0" xsi:type="xsd:string">CT1/File</ns1:Operation> [/code] This helped
Andy, I'm glad you solved your problem. The only difference in your solution XML from your original post is the addition of
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"If that was the question you were asking I never even got close to understanding your question.led mike
-
Andy, I'm glad you solved your problem. The only difference in your solution XML from your original post is the addition of
xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"If that was the question you were asking I never even got close to understanding your question.led mike
When you Canonicalize an XML sub-document you need to ensure that the namespace declarations used within that node but which were originally declared in an ancester node you need to re-declare in the node in which the namespace is being used in the sub-document. Then having done that you need to ensure that the namespace declarations are in order as per their prefix, AND any attributes but not in alphabetical order of the attribute or its prefix (if used) but per the order of the URI of that prefix... Get it!!! Having solved that I have a much larger XML node structure extracted from the orginal XML document to sort out along the same lines. All good fun. If you read the page to which I gave a link it makles it clearer, much clearer than many books I have read on Canonicalization.
-
When you Canonicalize an XML sub-document you need to ensure that the namespace declarations used within that node but which were originally declared in an ancester node you need to re-declare in the node in which the namespace is being used in the sub-document. Then having done that you need to ensure that the namespace declarations are in order as per their prefix, AND any attributes but not in alphabetical order of the attribute or its prefix (if used) but per the order of the URI of that prefix... Get it!!! Having solved that I have a much larger XML node structure extracted from the orginal XML document to sort out along the same lines. All good fun. If you read the page to which I gave a link it makles it clearer, much clearer than many books I have read on Canonicalization.
-
Andy H wrote:
If you read the page to which I gave a link
Thanks Andy, I can't find in this thread where you provided any link though? :confused:
led mike
The link was in my message (at the bottom) where I explained I had worked out the EXEC_C14N output. Here it is :-)
-
The link was in my message (at the bottom) where I explained I had worked out the EXEC_C14N output. Here it is :-)
-
Andy H wrote:
The link was in my message (at the bottom)
Wow, I really did look for it, I guess I picked a bad day to stop smoking crack. :-D
led mike