[xmlsec] Re: xmlAddID in practice

Aleksey Sanin aleksey at aleksey.com
Tue Dec 23 08:49:26 PST 2003


Yes, you are right. I am sorry for confusion (did not look into this 
part of code for quite some time :( ). The XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK 
solves the "non-standard" ids in Visa3D issue but it does not "register" ids.

Now, I guess you still need help with xmlAddID. This function is declared
as follows:

xmlIDPtr xmlAddID (xmlValidCtxtPtr ctxt,
     xmlDocPtr doc,
     const xmlChar *value,
     xmlAttrPtr attr);

For your purposes, you can ignore the first context parameter "ctxt". Second
parameter ("doc") is obviously a pointer to the parent document. Third parameter
"value" is the id value (for example, in your document it would be "APeN+Q...").
And finally the last parameter "attr" is the pointer to attribute node which will be
considered as id attribute (for example, in your document it is id="APeN+Q..."
node in the <PARes /> element).

As you can see, one might register an id to a value which is *different* from the
actual attribute value. But this is not what you want :) The following trivial function 
registers id from the attribute with given name and value equal to attribute value
(dicslaimer: I wrote this function in the mail and never tried to compile, it should 
work after fixing all compiler errors I did make):

int RegisterID(xmlNodePtr node, const xmlChar* idName)
{
    xmlAttrPtr attr;
    xmlAttrPtr tmp;
    xmlChar* name;
        
    assert(node);
    assert(node->doc);
    assert(idName);

    /* find pointer to id attribute */
    attr = xmlHasProp(node, idName);
    if((attr == NULL) || (attr->children == NULL)) {
        return(-1);
    }
    
    /* get the attribute (id) value */
    name = xmlNodeListGetString(node->doc, attr->children, 1);
    if(name == NULL) {
        return(-1);    
    }
    
    /* check that we don't have that id already registered */
    tmp = xmlGetID(node->doc, name);
    if(tmp == NULL) {
        xmlFree(name);
        return(-1);
    }
    
    /* finally register id */
    xmlAddID(NULL, doc, name, attr);

    /* and do not forget to cleanup */
    xmlFree(name);

    return(0);
}     

For example, in your case, you will need to call this function with 
"node" parameter pointing to <PARes/> element and "idName" parameter
equal to "id".

Hope this would help :)

Aleksey


Wojtek Pięcek wrote on 12/23/2003, 3:16 AM:
> 
> Hi all, 
> 
> > If you are using this for Visa3d then don't bother with xmlAddID() and use 
> > XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK flag. It'll do everything you 
> > need. Otherwise, look at src/xmltree.c file. There should be examples of 
> > using it. 
> 
> No, using only flag XMLSEC_DSIG_FLAGS_USE_VISA3D_HACK not help. 
> 
> When I trying to verify my signed document, using patched version of verify3 
> (added XMLSEC_D...), I got: 
> 
> func=xmlSecTransformVisa3DHackExecute:file=xpath.c:line=1114:obj=Visa3DHackTransform:subj=xmlGetID:error=5:libxml2 library function failed:id="APeN+QH9CmUVZgE7x6Ls/G6RsYO+" 
> 
> and more errors. Help for me if signed template have on tom mini-dtd, like 
> this: 
> 
> <!DOCTYPE ThreeDSecure [ 
> <!ATTLIST PARes id ID #REQUIRED> 
> ]> 
> 
> This template verify correct. 
> 
> Can you comment this? 
> 
> -- 
> Wojtek 
> 
> Fingerprint: B0EA 20D7 20B6 24E7 DFFE  0D92 710B EC75 46F2 0982 
> PGP Public Key available at http://www.keyserver.com 
>                       or as http://www.pingwin.waw.pl/~woju/public_key.pgp 
> 
> _______________________________________________ 
> xmlsec mailing list 
> xmlsec at aleksey.com 
> http://www.aleksey.com/mailman/listinfo/xmlsec 



More information about the xmlsec mailing list