[xmlsec] bug or failure to undestand ?

Aleksey Sanin aleksey at aleksey.com
Mon Apr 22 18:08:36 PDT 2002 

Hi, Skip!

Since you've not described what exactly you want to select
using XPath expression I will try to guess that your goal is
to select all <location> nodes and the text these nodes contain.
In this assumpiton I would recommend to use following XPath
expression:

    <XPath>
        ancestor-or-self::location
    </XPath>

In your example this expression will select following nodes
(line breaks are added for better formatting, original result
is one line):

<location>
Monterey, Monterey Peninsula Airport, CA,
United States (KMRY) 36-35-26N 121-50-51W 66M
</location>
<location>
San Francisco, San Francisco International Airport, CA,
United States (KSFO) 37-37-11N 122-21-53W 26M </location>
<location>
Vineyard Haven, Marthas Vineyard Airport, MA,
United States (KMVY) 41-23-32N 070-37-00W 16M
</location>

LibXML2 has a nice utility xmllint that allows you to play with different
XML features including XPath. You can try different XPath expressions
on your document and immidiatelly see results.
Also (in case you don't know about this) there is a nice XPath tutorial with
examples:
    http://www.zvon.org/xxl/XPathTutorial/General/examples.html


About "/usr/local/ssl": I am really surprised that configuration script
was not able to find OpenSSL in this case. What Linux distribution do
you use? Will you try the latest 0.0.4 XML Sec library, please?


Thanks,

Aleksey.


Skip Carter wrote:

>Hi,
>
>I am experimenting with your XMLsec library (0.0.3 on
>Linux) and have found it to be very helpful in the
>practical aspects of learning XML Digital Signatures.
>Between reading the specs and playing with your
>code (I compiled it with debugging turned on
>and used testDSig) I think I mostly have the hang of it.
>
>Everything seemed to be going along just fine until
>I started playing with using XPath.  I created a
>test file (attached) and tried to set up a signature
>with an XPath transformation to just sign one elements of
>the file (all the 'location' nodes).  I tried a couple of
>different XPath statements but whatever I did, either
>signed the entire document or signed none of the document
>(I tested by changing the doc and then using testDSig
>in verify mode).
>
>Does your library presently support XPath ?
>If so, I'd appreciate a pointer on how to do what I
>am trying to do.
>
>I tried:
>  <XPath> self::document/content/weather/location </XPath>
>and:
>  <XPath> .//location </XPath>
>
>which should be equivalent in selecting all of the
>location nodes, but they did not seem to
>work (they looked to me to act as if none of the file
>was signed).
>
>I have searched around the Web a bit, but I haven't
>found any COMPLETE examples of the use of XPath,
>so I built my tests from what I understood from the
>XPath documentation.
>
>
>Also, a minor problem with the configure script:
>It failed to automatically find the location of
>my openSSL installation in spite of it being in
>the standard location ( /usr/local/ssl ), I had
>to explicitly provide it with the switch
>      --with-openssl=/usr/local/ssl
>
>before the library would compile.
>
>
>Thanks in advance for your help,
>
>Skip
>
>
>
>
> ------------------------------------------------------------------------
>
> Monterey, Monterey Peninsula Airport, CA, United States (KMRY) 
> 36-35-26N 121-50-51W 66M Apr 19, 2002 - 10:54 AM EST / 2002.04.19 1554 
> UTC from the WNW (300 degrees) at 6 MPH (5 KT) 10 mile(s) clear 54.0 F 
> (12.2 C) 46.0 F (7.8 C) 74% 30.15 in. Hg (1020 hPa) San Francisco, San 
> Francisco International Airport, CA, United States (KSFO) 37-37-11N 
> 122-21-53W 26M Apr 19, 2002 - 10:56 AM EST / 2002.04.19 1556 UTC from 
> the W (260 degrees) at 5 MPH (4 KT) 10 mile(s) clear 55.9 F (13.3 C) 
> 39.0 F (3.9 C) 52% 30.15 in. Hg (1020 hPa) Vineyard Haven, Marthas 
> Vineyard Airport, MA, United States (KMVY) 41-23-32N 070-37-00W 16M 
> Apr 19, 2002 - 10:53 AM EST / 2002.04.19 1553 UTC from the S (170 
> degrees) at 9 MPH (8 KT) 6 mile(s) overcast haze 55.0 F (12.8 C) 48.9 
> F (9.4 C) 79% 30 in. Hg (1015 hPa)
>
>
>------------------------------------------------------------------------
>
><?xml version="1.0" encoding="UTF-8"?>
><Envelope xmlns="urn:envelope">
>  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
>    <SignedInfo>
>      <CanonicalizationMethod
>               Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
>      <SignatureMethod
>               Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
>      <Reference URI="file:///home/skip/xml/weather.xml">
>        <Transforms>
>	  <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
>	  <XPath>
>	   .//location
>	  </XPath>
>	  </Transform>
>        </Transforms>
>        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
>        <DigestValue></DigestValue>
>      </Reference>
>    </SignedInfo>
>    <SignatureValue/>
>    <KeyInfo>
>	<KeyValue/>
>    </KeyInfo>
>  </Signature>
></Envelope>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20020422/44a9e04b/attachment.htm

More information about the xmlsec mailing list