[xmlsec] C14N 1.0 question and 1.1

Matej Spiller-Muys Matej.Spiller at siol.net
Thu Apr 10 13:38:45 PDT 2008


Hi,
i have a few questions regarding your c14n implementations.

First if you have any plans for c14n 1.1 implementation. It is currently already marked as Proposed Recomendation (http://www.w3.org/TR/xml-c14n11/) since janurary 2008. I reported it in bugzilla as new feature request http://bugzilla.gnome.org/show_bug.cgi?id=524929.




Now regarding your 2 c14n implementations. I am currently doing some c14n performance optimizations (well using msxml4 parser) and I am also studiing/evaluating your implementations:

http://anonsvn.mono-project.com/source/trunk/mcs/class/System.Security/Mono.Xml/XmlCanonicalizer.cs
and
http://svn.gnome.org/viewvc/libxml2/trunk/c14n.c?revision=3430&view=markup

Question 1:
What does FillMissingPrefixes function? It seems to expand namespace attributes to all children (and theirs children)
<a xmlns="bla"><b/></a>
to
<a xmlns="bla"><b xmlns="bla"/></a>
If that is the case why is there need inside WriteNamespacesAxis to iterate for each node through all of its parents (if each node has already all their namespace attribute). Well another thing is that changing original xml is bad (well IMHO :) ). Apache xml security also does that, but it cleans them after c14n. Older versions didn't do that and you ended up with million namespaces all over xml and twice the size after signing it.

Question 2:
Whould it be cleaner to just use xpath expression "namespace::*" (and faster ??? and not needing xpath hack inside c14n.c in libxml2). With precompiled xpath it could really work.

As in (just some pseudo code): 
foreach (node in xNode.selectNodes("namespace::*") {
  if IsNamespaceRendered (node.prefix, node.Value) and IsNodeVisible(node) ...
  ...
}

Instead of all that FillMissingPrefixes + parent node iterating and xmlSearchNS + parent node iterating (and each xmlSearchNS call doing it all over again) ...

Question 3:
Another posibility is to stacking all namespaces along the way (and without using XPath) ... as is done for rendered naspaces ... except it could save all namespaces with additional allreadyRendered flag.

    xmlNsPtr  *nsTab;     /* array of ns in no particular order */       
    xmlNodePtr *nodeTab;   /* array of nodes in no particular order */
    byte *allreadyRendered /* array of nodes */

and then searching for matching xmlNsPtr backwards (nsCurEnd to 0 ...) ... and when finding ns element checking it if it was allreadyRendered ... if not adding it to the output list and setting allreadyrendered flag to true (before checking it with xmlC14NIsVisible ...).


According to our tests your xmlC14NProcessNamespacesAxis is the slowest part of libxml2 c14n processing. And if I can help somehow to optimize it ...

Thank you,
Matej Spiller-Muys
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.aleksey.com/pipermail/xmlsec/attachments/20080410/4689c8aa/attachment-0002.htm


More information about the xmlsec mailing list