[xmlsec] Signing over multiple files

Aleksey Sanin aleksey at aleksey.com
Thu Oct 4 07:06:00 PDT 2012


Great! Actually I suggest to do it 'the right way' and simply
create 'cid' protocol handlers:

http://www.aleksey.com/xmlsec/api/xmlsec-io.html#XMLSECIOREGISTERCALLBACKS


Aleksey

On 10/4/12 5:43 AM, Mike Peat wrote:
> Aleksey
> 
> Just to let you know that I have (finally!) cracked it and got xmlsec to
> build and run on Windows (and even with an addendum to your copyright
> notice that indicates that it is my own bodged version! <g>).
> 
> Now I just have to work out how to modify it (in
> xmlSecTransformInputURIOpen I think...) to strip off any leading "cid:"
> from the URI.
> 
> Thank you for your help!
> 
> Mike
> 
> On 21/09/2012 05:02, Aleksey Sanin wrote:
>> Mike,
>>
>> You will need to look into win32/ folder and use Microsoft C compiler.
>> Honestly, I haven't touched Windows for years so it will be hard for
>> me to give you a better advice.
>>
>> Another option is of course to use a VM with linux and just run it
>> through VM.
>>
>> Aleksey
>>
>> On 9/20/12 6:53 AM, Mike Peat wrote:
>>> Thanks for that Aleksey
>>>
>>> Initially I thought I had found a work-around, but I am now back looking
>>> at the problem from square one again.  Let me explain...
>>>
>>> Another customer of the organisation I am communicating with was using
>>> xmlsec at the command-line to do this, which is what led me down this
>>> route initially.
>>>
>>> It turns out that if the document (file) referred to in the <Reference>
>>> URI attribute is in the _same directory_ as the SOAP document being
>>> signed, xmlsec actually picks it up OK and includes its hash-value in
>>> the <Reference> -> <DigestValue> element... problem solved!
>>> (Apparently...)  However, life is not so simple.
>>>
>>> They are working on a Linux system, while I am cursed with being in
>>> Windows.  :-(
>>>
>>> They are thus able to have files named "cid:/xxxxxxx/", while I am not
>>> (no colons allowed in file-names in Windows!).  So I changed the URI
>>> attribute in my Reference element to just contain a file-name with no
>>> "cid:" prefix, and that got things working as far as digitally signing
>>> the whole thing with xmlsec was concerned.  However now I am getting
>>> messages through to the other party's back-end system, which are being
>>> rejected because now _it_ can't identify the referred to document: it
>>> seems that it insists on using that "cid:" scheme.
>>>
>>> So...
>>>
>>> I need to persuade xmlsec to recognise that "cid:" prefix and, in
>>> effect, ignore it (if the referred-to file-name starts with "cid:",
>>> replace that with nothing prior to trying to open the file).
>>>
>>> I have got the xmlsec source, but up until now have just been using Igor
>>> Zlatkovic's Windows binaries.
>>>
>>> I need to (a) get xmlsec to compile in a Win32 environment and (b) know
>>> where to make the changes in xmlsec (or perhaps one of its libraries) in
>>> order to create a version which will do what I need.
>>>
>>> I am not really a C/C++ programmer, but I can usually get by in pretty
>>> much anything (I have been programming since about 1972 - Oh Lord!
>>> That's 40 years! I'm getting too old for this!).
>>>
>>> What compiler will I need and where do I find the code I will need to
>>> change?  And what build process do I need to go through?  Is there a
>>> make file or something similar?
>>>
>>> Alternatively... what would it take to get somebody who actually knows
>>> what (s)he is doing to do this for us? We don't have much in the way of
>>> budget, but this is stopping a project that has months of work in it
>>> dead in its tracks right now, so...
>>>
>>> TIA
>>>
>>> Mike Peat
>>>
>>> On 14/09/2012 16:57, Aleksey Sanin wrote:
>>>> Mike,
>>>>
>>>> You will probably need to write code to support "cid" URL scheme
>>>> and resolve references correctly to the MIME attachments:
>>>>
>>>> http://www.aleksey.com/xmlsec/api/xmlsec-io.html
>>>>
>>>> Aleksey
>>>>
>>>> On 9/14/12 7:50 AM, Mike Peat wrote:
>>>>> Hi
>>>>>
>>>>> I am using xmlsec at the command line in an ebXML application.  As you
>>>>> probably know, ebXML uses SOAP-with-attachments (over HTTP) to send its
>>>>> messages.  The message thus consists of multipart-MIME content in the
>>>>> HTTP body: the first part being a SOAP document containing (among other
>>>>> things) the Signature stuff and the second being an XML document which
>>>>> is the business payload.
>>>>>
>>>>> The Signature->SignedInfo in the SOAP document needs to contain two
>>>>> <Reference> elements: one for the SOAP document itself (URI="") and one
>>>>> for the payload XML (URI="cid:xxxxxxxx", where "xxxxxxxx" is the content
>>>>> ID of the second MIME part).
>>>>>
>>>>> I am managing to successfully sign simple SOAP messages with no payload
>>>>> (and hence no second <Reference> element), but I just can't work out how
>>>>> to get xmlsec to sign both documents together.  I have tried many
>>>>> different ways, but to no avail.  I am sure I am missing something
>>>>> simple, but...  :-(
>>>>>
>>>>> Any help would be very much appreciated - I've been banging my head off
>>>>> this brick wall for a week... and it is starting to really hurt!  :-( 
>>>>> (That takes a while, because my brain is so dense, but even it starts
>>>>> gets sore eventually!)
>>>>>
>>>>> TIA
>>>>>
>>>>> Mike Peat _______________________________________________
>>>>> xmlsec mailing list
>>>>> xmlsec at aleksey.com
>>>>> http://www.aleksey.com/mailman/listinfo/xmlsec 
>>>> .
>>>>
>>>  
>> .
>>
> 


More information about the xmlsec mailing list