[xmlsec] bug or failure to undestand ?

Skip Carter skip at taygeta.com
Mon Apr 22 17:36:54 PDT 2002 

Hi,

I am experimenting with your XMLsec library (0.0.3 on
Linux) and have found it to be very helpful in the
practical aspects of learning XML Digital Signatures.
Between reading the specs and playing with your
code (I compiled it with debugging turned on
and used testDSig) I think I mostly have the hang of it.

Everything seemed to be going along just fine until
I started playing with using XPath.  I created a
test file (attached) and tried to set up a signature
with an XPath transformation to just sign one elements of
the file (all the 'location' nodes).  I tried a couple of
different XPath statements but whatever I did, either
signed the entire document or signed none of the document
(I tested by changing the doc and then using testDSig
in verify mode).

Does your library presently support XPath ?
If so, I'd appreciate a pointer on how to do what I
am trying to do.

I tried:
  <XPath> self::document/content/weather/location </XPath>
and:
  <XPath> .//location </XPath>

which should be equivalent in selecting all of the
location nodes, but they did not seem to
work (they looked to me to act as if none of the file
was signed).

I have searched around the Web a bit, but I haven't
found any COMPLETE examples of the use of XPath,
so I built my tests from what I understood from the
XPath documentation.


Also, a minor problem with the configure script:
It failed to automatically find the location of
my openSSL installation in spite of it being in
the standard location ( /usr/local/ssl ), I had
to explicitly provide it with the switch
      --with-openssl=/usr/local/ssl

before the library would compile.


Thanks in advance for your help,

Skip



-- 
 Dr. Everett (Skip) Carter      Phone: 831-641-0645 FAX:  831-641-0647
 Taygeta Scientific Inc.        INTERNET: skip at taygeta.com
 1340 Munras Ave., Suite 314    WWW: http://www.taygeta.com
 Monterey, CA. 93940
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20020422/05fa88fc/weather.htm
-------------- next part --------------
<?xml version="1.0" encoding="UTF-8"?>
<Envelope xmlns="urn:envelope">
  <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
    <SignedInfo>
      <CanonicalizationMethod
               Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
      <SignatureMethod
               Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
      <Reference URI="file:///home/skip/xml/weather.xml">
        <Transforms>
	  <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
	  <XPath>
	   .//location
	  </XPath>
	  </Transform>
        </Transforms>
        <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
        <DigestValue></DigestValue>
      </Reference>
    </SignedInfo>
    <SignatureValue/>
    <KeyInfo>
	<KeyValue/>
    </KeyInfo>
  </Signature>
</Envelope>

More information about the xmlsec mailing list