You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Jorge Ortiz Claver <jo...@tirea.es> on 2005/07/06 10:42:26 UTC
XML DSIG schema validation performance
Hi,
I have a XML DSIG enveloping document I need to validate against its schema.
I´m using Apache Xerces 2.6.2 for schema validation (full schema
validation). Everything works fine but process takes about 10 seconds.
Using the same class with other XML documents (even using very complex
schemas like UBL standards), validation never takes more than 2 or 3
seconds (start JVM, locate class, create parser, open file, etc.).
Has anyone any experience validating this type of documents? I´d really
appreciate any advice or idea.
Thanks in advance
Jorge Ortiz
Re: XML DSIG schema validation performance
Posted by Matej Kafadar <ma...@setcce.org>.
As I see, the XML document has reference to schema which is on internet
"xsi:schemaLocation="http://www.w3.org/2000/09/xmldsig#
xmldsig-core-schema.xsd".
Maybe this is problem.
regards
Matej
Jorge Ortiz Claver wrote:
> Hi,
>
> I have a XML DSIG enveloping document I need to validate against its
> schema.
>
> I´m using Apache Xerces 2.6.2 for schema validation (full schema
> validation). Everything works fine but process takes about 10 seconds.
> Using the same class with other XML documents (even using very complex
> schemas like UBL standards), validation never takes more than 2 or 3
> seconds (start JVM, locate class, create parser, open file, etc.).
>
> Has anyone any experience validating this type of documents? I´d really
> appreciate any advice or idea.
>
> Thanks in advance
> Jorge Ortiz
>
>
>
> ------------------------------------------------------------------------
>
> <?xml version="1.0" encoding="UTF-8"?>
> <ds:Signature
> xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
> xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
> xsi:schemaLocation="http://www.w3.org/2000/09/xmldsig# xmldsig-core-schema.xsd">
>
> <ds:SignedInfo>
> <ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod>
> <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"></ds:SignatureMethod>
> <ds:Reference URI="#data1">
> <ds:Transforms>
> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></ds:Transform>
> </ds:Transforms>
> <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
> <ds:DigestValue>xbF0V2YW4wwBEpnzwHcOZDtFLi0=</ds:DigestValue>
> </ds:Reference>
> </ds:SignedInfo>
> <ds:SignatureValue>
> Ce7TJZYv6e5RQ0SubTtl4EprFXBkLZhNy9YDa/yRD4NzrXiOx/pj7/jMYZYQbl5gHj0tW6ooYtVo
> sC0GTJ+tCW3n8Yl//c9IRDC5lAItaki2ktxLm7AlQ514TzYbNVxPB/NXlp5c+VynAf7ehCDeVZQ1
> D+WR+H23ylH5prwCv9U=
> </ds:SignatureValue>
> <ds:KeyInfo>
> <ds:X509Data>
> <ds:X509Certificate>
> MIICxTCCAi6gAwIBAgIFAKCxw+MwDQYJKoZIhvcNAQEFBQAwQjELMAkGA1UEBhMCRVMxDjAMBgNV
> BAoTBVRJUkVBMSMwIQYDVQQDExpBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbjAeFw0wNTAzMTcx
> MDU2MDNaFw0wNzAzMTcxMDU2MDNaMIGhMQswCQYDVQQGEwJFUzEOMAwGA1UEChMFVElSRUExEjAQ
> BgNVBAsTCUVtcGxlYWRvczEUMBIGA1UECxMLT3BlcmFjaW9uZXMxFjAUBgoJkiaJk/IsZAEBEwZq
> b3J0aXoxGzAZBgNVBAMTEkpvcmdlIE9ydGl6IENsYXZlcjEjMCEGCSqGSIb3DQEJARYUam9yZ2Uu
> b3J0aXpAdGlyZWEuZXMwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAPaSm9Zbva9w8qD/VcvQ
> HN2608likgl40/p6aeV2njzjjnmszoLojgdoF75msvGTgb7maxJohnFAPWm73Ftr2XrmCMryuPIL
> 1ZnVmqOq92Ywab0u7pQUk8aYBzY8TJs6cAO4LEhJczlB09BzF1nze88DuqLnSpTRgVhWbEPWuhUB
> AgMBAAGjZzBlMBEGCWCGSAGG+EIBAQQEAwIFoDAOBgNVHQ8BAf8EBAMCBeAwHwYDVR0jBBgwFoAU
> P+GRPTGpibf64C5b2hRixaG3nmYwHwYDVR0RBBgwFoEUam9yZ2Uub3J0aXpAdGlyZWEuZXMwDQYJ
> KoZIhvcNAQEFBQADgYEAKYvEoVFXIYl8dBHMhhEXgycCW5qoRAObUkCpxsIEEEqa1UIJRtjuVHJU
> nYyyiCroqiKeCB2h0ggtZHWj3Ce1HCYtoWnd5c+MFASw7M311vDYMPobkHANGN5qySfEJeIJ1XGI
> SgZeD7U48jOJv6chkcIVaS5zejSiq5HKv0ZQj1w=
> </ds:X509Certificate>
> </ds:X509Data>
> <ds:KeyValue>
> <ds:RSAKeyValue>
> <ds:Modulus>
> 9pKb1lu9r3DyoP9Vy9Ac3brTyWKSCXjT+npp5XaePOOOeazOguiOB2gXvmay8ZOBvuZrEmiGcUA9
> abvcW2vZeuYIyvK48gvVmdWao6r3ZjBpvS7ulBSTxpgHNjxMmzpwA7gsSElzOUHT0HMXWfN7zwO6
> oudKlNGBWFZsQ9a6FQE=
> </ds:Modulus>
> <ds:Exponent>AQAB</ds:Exponent>
> </ds:RSAKeyValue>
> </ds:KeyValue>
> </ds:KeyInfo>
> <ds:Object Id="data1">
> .......
> </ds:Object>
> </ds:Signature>
Re: [xml-dev] XML DSIG schema validation performance
Posted by Jorge Ortiz Claver <jo...@tirea.es>.
Problem is I can´t use anyother thing but Java.
Is there anyway with Xerces of doing something similiar to that schema
cache stuff Henry talked about in his mail?
Thanks again
Jorge
Henry S. Thompson wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>Jorge Ortiz Claver writes:
>
>
>
>>Hi,
>>
>>I have a XML DSIG enveloping document I need to validate against its
>>schema.
>>
>>. . .
>>
>>Has anyone any experience validating this type of documents? I´d
>>really appreciate any advice or idea.
>>
>>
>
>2.8 seconds total on my 2.8GHz linux box using XSV [1] (Python).
>Less than 1 second to validate twice (!) with cached schema using
>Markup's online showcase validator [2] (Java) (You need to explicitly
>pass the schema doc for DSIG [3]).
>
>ht
>
>[1] http://www.ltg.ed.ac.uk/~ht/xsv-status.html
>[2] http://www.markup.co.uk/showcase/V2S.html
>[3] http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd
>- --
> Henry S. Thompson, HCRC Language Technology Group, University of Edinburgh
> Half-time member of W3C Team
> 2 Buccleuch Place, Edinburgh EH8 9LW, SCOTLAND -- (44) 131 650-4440
> Fax: (44) 131 650-4587, e-mail: ht@inf.ed.ac.uk
> URL: http://www.ltg.ed.ac.uk/~ht/
>[mail really from me _always_ has this .sig -- mail without it is forged spam]
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.2.6 (GNU/Linux)
>
>iD8DBQFCy6QYkjnJixAXWBoRAv92AJ9U2+FAlalng6RS2Ys/cm7ui96kqACfXQaL
>I4JNQEIJXXxvn/w4OKhKILQ=
>=2UaU
>-----END PGP SIGNATURE-----
>
>
>
Re: XML DSIG schema validation performance
Posted by Jorge Ortiz Claver <jo...@tirea.es>.
Yes, I don't have any kind of entity resolver. My first thought was the
same but I checked the schema and there was no reference to an external
location. Anyway, I'll try to install my own entity resolver.
Thanks,
Jorge
Scott Cantor wrote:
>>Has anyone any experience validating this type of documents?
>>I´d really appreciate any advice or idea.
>>
>>
>
>My guess would be it's retrieving something from the network, a common
>problem if you don't install your own entity resolver. You could disconnect
>and try with no connectivity.
>
>-- Scott
>
>
>
>
RE: XML DSIG schema validation performance
Posted by Scott Cantor <ca...@osu.edu>.
> Has anyone any experience validating this type of documents?
> I´d really appreciate any advice or idea.
My guess would be it's retrieving something from the network, a common
problem if you don't install your own entity resolver. You could disconnect
and try with no connectivity.
-- Scott