[xmlsec] enhancement to xmlsec

Moultrie, Ferrell (ISSAtlanta) FMoultrie at iss.net
Thu Dec 19 09:19:07 PST 2002


Sorry -- I wish my mua would warn me when it sees the word "attached"
but there's no attachment! Both files attached now.
Ferrell

-----Original Message-----
From: Aleksey Sanin [mailto:aleksey at aleksey.com] 
Sent: Thursday, December 19, 2002 11:57 AM
To: Moultrie, Ferrell (ISSAtlanta)
Cc: xmlsec at aleksey.com
Subject: Re: [xmlsec] enhancement to xmlsec


Thanks a lot! I just know that any non trivial knowledge (like "starting

from slash...")
might be lost other the time :) The only problem I have is that I don't 
see attachment :)
Can you resend it, please?

Thanks,
Aleksey



Moultrie, Ferrell (ISSAtlanta) wrote:

>Aleksey:
>  Done. I didn't think the overload was particularly troublesome since
>the XPath syntax was clearly different from a node-name but the
approach
>you suggested is cleaner and without ambiguity. I'm attaching diffs
>against 0.0.10 as before plus an additional diff (-b) which is smaller
>and removes some (possibly gratuitous) white-space editing I'd done
>while implementing the code. Your choice as to which to check-in.
>Ferrell
>  
>


-------------- next part --------------
167a168,170
> 	"  --node-xpath <XPath expression>\n"
>     "                        set the operation start point to the first node \n"
>     "                        selected by the specified XPath expression\n"
306a310
> char *nodeXPath = NULL;
377c381
< 	    if((nodeName != NULL) || (nodeId != NULL)){
---
> 	    if((nodeName != NULL) || (nodeId != NULL) || (nodeXPath != NULL)){
382a387,393
> 	} else if((strcmp(argv[pos], "--node-xpath") == 0) && (pos + 1 < argc))  {
> 		if((nodeName != NULL) || (nodeId != NULL) || (nodeXPath != NULL)){
> 			fprintf(stderr, "Error: another node selection option present\n");
> 			ret = -1;
> 		} else {
> 			nodeXPath = argv[++pos];
> 	    }
384c395
< 	    if((nodeName != NULL) || (nodeId != NULL)){
---
> 	    if((nodeName != NULL) || (nodeId != NULL) || (nodeXPath != NULL)){
1245a1257,1287
> 
> /* Function to find base node for operation as specified by user using either
>  * DTD Id, XPath abs expression, NodeName, or default to root node */
> xmlNodePtr findBaseNode(xmlDocPtr doc) {
> 	xmlNodePtr cur = NULL;
> 	if(nodeId != NULL) {
> 	    xmlAttrPtr attr;
> 	    attr = xmlGetID(doc, BAD_CAST nodeId);
> 	    cur = (attr != NULL) ? attr->parent : NULL;
> 	} else if(nodeXPath != NULL) {
> 		xmlNodeSetPtr pNodeList = NULL;
> 		xmlXPathContextPtr pCtx = NULL;
> 		xmlXPathObjectPtr pXPathObj = NULL;
> 		pCtx = xmlXPathNewContext(doc);
> 		pXPathObj = xmlXPathEval(BAD_CAST nodeXPath, pCtx);
> 		if (pXPathObj != NULL) {
> 			pNodeList = pXPathObj->nodesetval;
> 		}
> 		if (pNodeList != NULL && pNodeList->nodeNr > 0) { 
> 			cur = pNodeList->nodeTab[0];
> 		}
> 		xmlXPathFreeContext(pCtx);
> 		xmlXPathFreeObject(pXPathObj);
> 	} else if(nodeName != NULL) {
> 		cur = xmlSecFindNode(xmlDocGetRootElement(doc), BAD_CAST nodeName, BAD_CAST nodeNs);
> 	} else {
> 	    cur = xmlDocGetRootElement(doc);
> 	}
> 	return cur; /* can be NULL .. caller must check */
> } /* of findBaseNode() */
> 
1248a1291
> 	xmlNodePtr cur;
1255,1256c1298,1307
<     signNode = xmlSecFindNode(xmlDocGetRootElement(doc), 
< 			      BAD_CAST "Signature", xmlSecDSigNs);
---
> 
> 	/**
> 	 * What do we want to sign?
> 	 */    
> 	cur = findBaseNode(doc);
> 	if (cur == NULL) { 
> 		fprintf(stderr,"Error: failed to find specified node\n");
> 		return(-1);
> 	}
> 	signNode = xmlSecFindNode(cur, BAD_CAST "Signature", xmlSecDSigNs);
1310a1362
> 	xmlNodePtr cur;
1314,1315c1366,1374
<     signNode = xmlSecFindNode(xmlDocGetRootElement(doc), 
< 			      BAD_CAST "Signature", xmlSecDSigNs);
---
> 	/**
> 	 * What do we want to verify?
> 	 */    
> 	cur = findBaseNode(doc);
> 	if (cur == NULL) { 
> 		fprintf(stderr,"Error: failed to find specified node\n");
> 		return(-1);
> 	}
> 	signNode = xmlSecFindNode(cur, BAD_CAST "Signature", xmlSecDSigNs);
1414,1415c1473
< 	if(nodeId != NULL) {
< 	    xmlAttrPtr attr;
---
> 	cur = findBaseNode(doc);
1417,1424d1474
< 	    attr = xmlGetID(doc, BAD_CAST nodeId);
< 	    cur = (attr != NULL) ? attr->parent : NULL;
< 	} else if(nodeName != NULL) {
< 	    cur = xmlSecFindNode(xmlDocGetRootElement(doc), BAD_CAST nodeName, BAD_CAST nodeNs);
< 	} else {
< 	    cur = xmlDocGetRootElement(doc);
< 	}
< 	
1498c1548,1553
<     cur = xmlSecFindNode(xmlDocGetRootElement(doc), BAD_CAST "EncryptedData", xmlSecEncNs);
---
> 	cur = findBaseNode(doc);
> 	if (cur == NULL) { 
> 		fprintf(stderr,"Error: failed to find specified node\n");
> 		return(-1);
> 	}
>     cur = xmlSecFindNode(cur, BAD_CAST "EncryptedData", xmlSecEncNs);

-------------- next part --------------
167a168,170
> 	"  --node-xpath <XPath expression>\n"
>     "                        set the operation start point to the first node \n"
>     "                        selected by the specified XPath expression\n"
306a310
> char *nodeXPath = NULL;
377c381
< 	    if((nodeName != NULL) || (nodeId != NULL)){
---
> 	    if((nodeName != NULL) || (nodeId != NULL) || (nodeXPath != NULL)){
382a387,393
> 	} else if((strcmp(argv[pos], "--node-xpath") == 0) && (pos + 1 < argc))  {
> 		if((nodeName != NULL) || (nodeId != NULL) || (nodeXPath != NULL)){
> 			fprintf(stderr, "Error: another node selection option present\n");
> 			ret = -1;
> 		} else {
> 			nodeXPath = argv[++pos];
> 	    }
384c395
< 	    if((nodeName != NULL) || (nodeId != NULL)){
---
> 	    if((nodeName != NULL) || (nodeId != NULL) || (nodeXPath != NULL)){
388,395c399,406
< 		nodeName = strrchr(argv[++pos], ':');
< 		if(nodeName != NULL) {
< 		    *(nodeName++) = '\0';
< 		    nodeNs = argv[pos];
< 		} else {
< 		    nodeName = argv[pos];
< 		    nodeNs = NULL;
< 		}
---
> 			nodeName = strrchr(argv[++pos], ':');
> 			if(nodeName != NULL) {
> 			    *(nodeName++) = '\0';
> 			    nodeNs = argv[pos];
> 			} else {
> 			    nodeName = argv[pos];
> 			    nodeNs = NULL;
> 			}
1245a1257,1287
> 
> /* Function to find base node for operation as specified by user using either
>  * DTD Id, XPath abs expression, NodeName, or default to root node */
> xmlNodePtr findBaseNode(xmlDocPtr doc) {
> 	xmlNodePtr cur = NULL;
> 	if(nodeId != NULL) {
> 	    xmlAttrPtr attr;
> 	    attr = xmlGetID(doc, BAD_CAST nodeId);
> 	    cur = (attr != NULL) ? attr->parent : NULL;
> 	} else if(nodeXPath != NULL) {
> 		xmlNodeSetPtr pNodeList = NULL;
> 		xmlXPathContextPtr pCtx = NULL;
> 		xmlXPathObjectPtr pXPathObj = NULL;
> 		pCtx = xmlXPathNewContext(doc);
> 		pXPathObj = xmlXPathEval(BAD_CAST nodeXPath, pCtx);
> 		if (pXPathObj != NULL) {
> 			pNodeList = pXPathObj->nodesetval;
> 		}
> 		if (pNodeList != NULL && pNodeList->nodeNr > 0) { 
> 			cur = pNodeList->nodeTab[0];
> 		}
> 		xmlXPathFreeContext(pCtx);
> 		xmlXPathFreeObject(pXPathObj);
> 	} else if(nodeName != NULL) {
> 		cur = xmlSecFindNode(xmlDocGetRootElement(doc), BAD_CAST nodeName, BAD_CAST nodeNs);
> 	} else {
> 	    cur = xmlDocGetRootElement(doc);
> 	}
> 	return cur; /* can be NULL .. caller must check */
> } /* of findBaseNode() */
> 
1248a1291
> 	xmlNodePtr cur;
1255,1256c1298,1307
<     signNode = xmlSecFindNode(xmlDocGetRootElement(doc), 
< 			      BAD_CAST "Signature", xmlSecDSigNs);
---
> 
> 	/**
> 	 * What do we want to sign?
> 	 */    
> 	cur = findBaseNode(doc);
> 	if (cur == NULL) { 
> 		fprintf(stderr,"Error: failed to find specified node\n");
> 		return(-1);
> 	}
> 	signNode = xmlSecFindNode(cur, BAD_CAST "Signature", xmlSecDSigNs);
1258,1259c1309,1310
<         fprintf(stderr,"Error: failed to find Signature node\n");
< 	return(-1);
---
> 		fprintf(stderr,"Error: failed to find Signature node\n");
> 		return(-1);
1310a1362
> 	xmlNodePtr cur;
1313,1315c1365,1374
<     	    
<     signNode = xmlSecFindNode(xmlDocGetRootElement(doc), 
< 			      BAD_CAST "Signature", xmlSecDSigNs);
---
> 
> 	/**
> 	 * What do we want to verify?
> 	 */    
> 	cur = findBaseNode(doc);
> 	if (cur == NULL) { 
> 		fprintf(stderr,"Error: failed to find specified node\n");
> 		return(-1);
> 	}
> 	signNode = xmlSecFindNode(cur, BAD_CAST "Signature", xmlSecDSigNs);
1317,1318c1376,1377
<         fprintf(stderr,"Error: failed to find Signature node\n");
< 	return(-1);
---
> 		fprintf(stderr,"Error: failed to find Signature node\n");
> 		return(-1);
1414,1424c1473,1474
< 	if(nodeId != NULL) {
< 	    xmlAttrPtr attr;
< 	    
< 	    attr = xmlGetID(doc, BAD_CAST nodeId);
< 	    cur = (attr != NULL) ? attr->parent : NULL;
< 	} else if(nodeName != NULL) {
< 	    cur = xmlSecFindNode(xmlDocGetRootElement(doc), BAD_CAST nodeName, BAD_CAST nodeNs);
< 	} else {
< 	    cur = xmlDocGetRootElement(doc);
< 	}
< 	
---
> 	cur = findBaseNode(doc);
> 
1498c1548,1553
<     cur = xmlSecFindNode(xmlDocGetRootElement(doc), BAD_CAST "EncryptedData", xmlSecEncNs);
---
> 	cur = findBaseNode(doc);
> 	if (cur == NULL) { 
> 		fprintf(stderr,"Error: failed to find specified node\n");
> 		return(-1);
> 	}
>     cur = xmlSecFindNode(cur, BAD_CAST "EncryptedData", xmlSecEncNs);



More information about the xmlsec mailing list