You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@santuario.apache.org by Milan Tomic <mi...@setcce.org> on 2003/12/19 09:35:13 UTC

[c++] RE: CounterSignature or Multiple Signatures - is it possible?

    Speaking of multiple signatures... How can I verify multiple
signatures in my document? Can I use findDSIGNode() to do the job? I
belive this function finds only first signature element and can't be
used for finding next one.

Best regards,
Milan


> -----Original Message-----
> From: Seungwook Jung [mailto:jung_s@nue.et-inf.uni-siegen.de] 
> Sent: Friday, December 12, 2003 4:29 PM
> To: security-dev@xml.apache.org
> Subject: Re: CounterSignature or Multiple Signatures - is it possible?
> 
> 
> Hi,
> 
> Sure.... that is the flexiblity of XMLDsig
> 
> XPath Transformation helps you for signature over the same 
> node. signature over signature depends on your model. simply 
> test with xml 
> security library.
> 
> S. Jung
> 
> 
> 
> --On 2003³â 12¿ù 12ÀÏ ±Ý¿äÀÏ ¿ÀÀü 11:39 +0100 Andrzej Matejko 
> <an...@pro.onet.pl> wrote:
> 
> > Hi,
> >
> >     Is it possible to create CounterSignature (signature over 
> > signature) or multiple signatures (over the same node) with 
> xml dsig 
> > library?
> >
> >     andrew
> >
>

Re: [c++] RE: CounterSignature or Multiple Signatures - is it possible?

Posted by Berin Lautenbach <be...@wingsofhermes.org>.

That almost smells like a mismatch between run-time libraries.  The 
Debug version of xsec uses the Debug DLL runtime and the release the 
normal DLL runtime.

For various reasons, the debug also uses the MFC in a shared DLL.

BTW - You should be able to debug through the DLL if it is compiled with 
debug info.  (I do it all the time :>)

Cheers,
	Berin


Milan Tomic wrote:
>>First a question - is iSignatureCount a global?
> 
> Yes.
> 
> 
>>If so, this approach 
>>may not be thread safe.  An alternative (if threading is an 
>>issue) might 
>>be to pass in the previous found node to findNext.
> 
> My app is not multithreaded. I was looking for quick solution.
> 
> 
>>strEquals should be able to handle a mixture of XMLCh and 
>>char strings, 
>>but it will assume the string is on the local code page.  Could it be 
>>failing in the transcode for some reason.
> 
> I don't know. My code is in dll, and dll is called from an exe. It is
> not so easy to debug. :(
> 
> 
>>Can you tell us what the failure is?
> 
> Allways different. Sometimes my app crashes (diseapear) without any
> warning dialog (altough I do have try/catch block). Sometimes it shows
> an access violation message or "pure virtual function was called"
> message.
> 
> Thank you for trying to help.
> 
> Milan
> 
> 
> 
>

RE: [c++] RE: CounterSignature or Multiple Signatures - is it possible?

Posted by Milan Tomic <mi...@setcce.org>.

> First a question - is iSignatureCount a global?
Yes.

> If so, this approach 
> may not be thread safe.  An alternative (if threading is an 
> issue) might 
> be to pass in the previous found node to findNext.
My app is not multithreaded. I was looking for quick solution.

> strEquals should be able to handle a mixture of XMLCh and 
> char strings, 
> but it will assume the string is on the local code page.  Could it be 
> failing in the transcode for some reason.
I don't know. My code is in dll, and dll is called from an exe. It is
not so easy to debug. :(

> Can you tell us what the failure is?
Allways different. Sometimes my app crashes (diseapear) without any
warning dialog (altough I do have try/catch block). Sometimes it shows
an access violation message or "pure virtual function was called"
message.

Thank you for trying to help.

Milan

Re: [c++] RE: CounterSignature or Multiple Signatures - is it possible?

Posted by Berin Lautenbach <be...@wingsofhermes.org>.

Milan,

First a question - is iSignatureCount a global?  If so, this approach 
may not be thread safe.  An alternative (if threading is an issue) might 
be to pass in the previous found node to findNext.

strEquals should be able to handle a mixture of XMLCh and char strings, 
but it will assume the string is on the local code page.  Could it be 
failing in the transcode for some reason.

Can you tell us what the failure is?

Cheers,
	Berin

Milan Tomic wrote:

>     Thank you all that replyed. Here is what I tried:
> 
> DOMNode *findNextDSIGNode(DOMNode *n, const char * nodeName)
> {
> 	const XMLCh * name = getDSIGLocalName(n);
> 	if (strEquals(name, nodeName)) {
> 		if (iSignatureFound==iSignatureCount) //skip previous
> "Signature" nodes
> 			return n;
> 		iSignatureFound++;
> 	}
> 	DOMNode *child = n->getFirstChild();
> 	while (child != NULL) {
> 		DOMNode *ret = findNextDSIGNode(child, nodeName);
> 		if (ret != NULL)
> 			return ret;
> 		child = child->getNextSibling();
> 	}
> 	return child;
> }
> 
> DOMNode *sigNode;
> iSignatureCount = 0; iSignatureFound = 0;// globals
> while ((sigNode = findNextDSIGNode(doc, "Signature")) != NULL) { 
> 	verSig(sigNode);
> 	iSignatureCount++; //find next "Signature" node
> }
> 
>     but, it seems that my app crashes in strEquals() function call. Is
> there someone willing to help? :)
> 
> Thank you,
> Milan
> 
> 
> 
>

RE: [c++] RE: CounterSignature or Multiple Signatures - is it possible?

Posted by Milan Tomic <mi...@setcce.org>.

    Thank you all that replyed. Here is what I tried:

DOMNode *findNextDSIGNode(DOMNode *n, const char * nodeName)
{
	const XMLCh * name = getDSIGLocalName(n);
	if (strEquals(name, nodeName)) {
		if (iSignatureFound==iSignatureCount) //skip previous
"Signature" nodes
			return n;
		iSignatureFound++;
	}
	DOMNode *child = n->getFirstChild();
	while (child != NULL) {
		DOMNode *ret = findNextDSIGNode(child, nodeName);
		if (ret != NULL)
			return ret;
		child = child->getNextSibling();
	}
	return child;
}

DOMNode *sigNode;
iSignatureCount = 0; iSignatureFound = 0;// globals
while ((sigNode = findNextDSIGNode(doc, "Signature")) != NULL) { 
	verSig(sigNode);
	iSignatureCount++; //find next "Signature" node
}

    but, it seems that my app crashes in strEquals() function call. Is
there someone willing to help? :)

Thank you,
Milan

Re: [c++] RE: CounterSignature or Multiple Signatures - is it possible?

Posted by Berin Lautenbach <be...@wingsofhermes.org>.

Milan Tomic wrote:

>     Speaking of multiple signatures... How can I verify multiple
> signatures in my document? Can I use findDSIGNode() to do the job? I
> belive this function finds only first signature element and can't be
> used for finding next one.

You are correct.  At the moment you have to manually find each signature 
and verify it.

We could add another variant of findDSIGNode that searches for the nth 
node.  Open to ideas!

Cheers,
	Berin