You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Pa...@cognizant.com on 2009/10/12 12:43:19 UTC

Info required on SAX implementation of XML Dgital Signature verification

Hi all,

We are trying to use the SAX implementation of the XML Digital Signature
verification. The reason of choosing SAX over DOM is because we are
having huge files(10-30MB) whose signature needs to be created and
verified( Also it should be multithreaded). And in the DOM
implementation we are not able to meet NFRs in the processing time and
the Memory usage. Using the SAX implementation has reduced the
processing time and memory usage also but the difference is not huge.
Has anyone got any different implementation or way of using the SAX
parser for the signature validation? 

 

I was also looking at the STAX implementation code
(https://svn.apache.org/repos/asf/xml/security/branches/stax_jsr105/)
but I found that the branch code itself is incomplete. There are couple
of missing classes which have been used in it and its giving compilation
error.

Missing Classes name are -

>com.r_bg.stax.StaxStructure

>com.r_bg.stax.c14n.StaxCanonicalizationMethod

 

Can anyone point out where I can find these classes or how to implement
these classes?

 

Regards,

Pankaj Kharbe

 



This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. 
Any unauthorised review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly 
prohibited and may be unlawful.

Re: Info required on SAX implementation of XML Dgital Signature verification

Posted by Sean Mullan <Se...@Sun.COM>.
I found the missing files and checked them in. Try updating your workspace (svn 
update) and recompiling.

--Sean

Pankaj.Kharbe@cognizant.com wrote:
> Sean,
> It would be great if you provide me those classes.
> 
> Thanking in anticipation.
> 
> Regards,
> Pankaj Kharbe
> 
> -----Original Message-----
> From: Sean.Mullan@Sun.COM [mailto:Sean.Mullan@Sun.COM] 
> Sent: Tuesday, October 13, 2009 11:14 PM
> To: security-dev@xml.apache.org
> Subject: Re: Info required on SAX implementation of XML Dgital Signature
> verification
> 
> The difference in memory usage should be noticeable in a streaming 
> implementation, especially when validating large signatures. Also, the 
> amount of memory used should be fairly constant as the size of the data 
> increases.
> 
> --Sean
> 
> Sean Mullan wrote:
>> It seems like the last time I worked on this, I didn't check in those 
>> new classes. Let me see if I can find an old workspace and I'll get
> back 
>> to you.
>>
>> --Sean
>>
>> Pankaj.Kharbe@cognizant.com wrote:
>>> Hi all,
>>>
>>> We are trying to use the SAX implementation of the XML Digital 
>>> Signature verification. The reason of choosing SAX over DOM is
> because 
>>> we are having huge files(10-30MB) whose signature needs to be created
> 
>>> and verified( Also it should be multithreaded). And in the DOM 
>>> implementation we are not able to meet NFRs in the processing time
> and 
>>> the Memory usage. Using the SAX implementation has reduced the 
>>> processing time and memory usage also but the difference is not huge.
> 
>>>  Has anyone got any different implementation or way of using the SAX 
>>> parser for the signature validation?
>>>
>>>  
>>>
>>> I was also looking at the STAX implementation code 
>>> (https://svn.apache.org/repos/asf/xml/security/branches/stax_jsr105/)
> 
>>> but I found that the branch code itself is incomplete. There are 
>>> couple of missing classes which have been used in it and its giving 
>>> compilation error.
>>>
>>> Missing Classes name are -
>>>
>>>> com.r_bg.stax.StaxStructure
>>>> com.r_bg.stax.c14n.StaxCanonicalizationMethod
>>>  
>>>
>>> Can anyone point out where I can find these classes or how to 
>>> implement these classes?
>>>
>>>  
>>>
>>> Regards,
>>>
>>> Pankaj Kharbe
>>>
>>>  
>>>
>>> This e-mail and any files transmitted with it are for the sole use of
> 
>>> the intended recipient(s) and may contain confidential and privileged
> 
>>> information.
>>> If you are not the intended recipient, please contact the sender by 
>>> reply e-mail and destroy all copies of the original message.
>>> Any unauthorised review, use, disclosure, dissemination, forwarding, 
>>> printing or copying of this email or any action taken in reliance on 
>>> this e-mail is strictly
>>> prohibited and may be unlawful.
>>>
> 
> 
> This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
> If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. 
> Any unauthorised review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly 
> prohibited and may be unlawful.

RE: Info required on SAX implementation of XML Dgital Signature verification

Posted by Pa...@cognizant.com.
Sean,
It would be great if you provide me those classes.

Thanking in anticipation.

Regards,
Pankaj Kharbe

-----Original Message-----
From: Sean.Mullan@Sun.COM [mailto:Sean.Mullan@Sun.COM] 
Sent: Tuesday, October 13, 2009 11:14 PM
To: security-dev@xml.apache.org
Subject: Re: Info required on SAX implementation of XML Dgital Signature
verification

The difference in memory usage should be noticeable in a streaming 
implementation, especially when validating large signatures. Also, the 
amount of memory used should be fairly constant as the size of the data 
increases.

--Sean

Sean Mullan wrote:
> It seems like the last time I worked on this, I didn't check in those 
> new classes. Let me see if I can find an old workspace and I'll get
back 
> to you.
> 
> --Sean
> 
> Pankaj.Kharbe@cognizant.com wrote:
>> Hi all,
>>
>> We are trying to use the SAX implementation of the XML Digital 
>> Signature verification. The reason of choosing SAX over DOM is
because 
>> we are having huge files(10-30MB) whose signature needs to be created

>> and verified( Also it should be multithreaded). And in the DOM 
>> implementation we are not able to meet NFRs in the processing time
and 
>> the Memory usage. Using the SAX implementation has reduced the 
>> processing time and memory usage also but the difference is not huge.

>>  Has anyone got any different implementation or way of using the SAX 
>> parser for the signature validation?
>>
>>  
>>
>> I was also looking at the STAX implementation code 
>> (https://svn.apache.org/repos/asf/xml/security/branches/stax_jsr105/)

>> but I found that the branch code itself is incomplete. There are 
>> couple of missing classes which have been used in it and its giving 
>> compilation error.
>>
>> Missing Classes name are -
>>
>>> com.r_bg.stax.StaxStructure
>>
>>> com.r_bg.stax.c14n.StaxCanonicalizationMethod
>>
>>  
>>
>> Can anyone point out where I can find these classes or how to 
>> implement these classes?
>>
>>  
>>
>> Regards,
>>
>> Pankaj Kharbe
>>
>>  
>>
>> This e-mail and any files transmitted with it are for the sole use of

>> the intended recipient(s) and may contain confidential and privileged

>> information.
>> If you are not the intended recipient, please contact the sender by 
>> reply e-mail and destroy all copies of the original message.
>> Any unauthorised review, use, disclosure, dissemination, forwarding, 
>> printing or copying of this email or any action taken in reliance on 
>> this e-mail is strictly
>> prohibited and may be unlawful.
>>
> 


This e-mail and any files transmitted with it are for the sole use of the intended recipient(s) and may contain confidential and privileged information.
If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. 
Any unauthorised review, use, disclosure, dissemination, forwarding, printing or copying of this email or any action taken in reliance on this e-mail is strictly 
prohibited and may be unlawful.

Re: Info required on SAX implementation of XML Dgital Signature verification

Posted by Sean Mullan <Se...@Sun.COM>.
The difference in memory usage should be noticeable in a streaming 
implementation, especially when validating large signatures. Also, the 
amount of memory used should be fairly constant as the size of the data 
increases.

--Sean

Sean Mullan wrote:
> It seems like the last time I worked on this, I didn't check in those 
> new classes. Let me see if I can find an old workspace and I'll get back 
> to you.
> 
> --Sean
> 
> Pankaj.Kharbe@cognizant.com wrote:
>> Hi all,
>>
>> We are trying to use the SAX implementation of the XML Digital 
>> Signature verification. The reason of choosing SAX over DOM is because 
>> we are having huge files(10-30MB) whose signature needs to be created 
>> and verified( Also it should be multithreaded). And in the DOM 
>> implementation we are not able to meet NFRs in the processing time and 
>> the Memory usage. Using the SAX implementation has reduced the 
>> processing time and memory usage also but the difference is not huge. 
>>  Has anyone got any different implementation or way of using the SAX 
>> parser for the signature validation?
>>
>>  
>>
>> I was also looking at the STAX implementation code 
>> (https://svn.apache.org/repos/asf/xml/security/branches/stax_jsr105/) 
>> but I found that the branch code itself is incomplete. There are 
>> couple of missing classes which have been used in it and its giving 
>> compilation error.
>>
>> Missing Classes name are –
>>
>>> com.r_bg.stax.StaxStructure
>>
>>> com.r_bg.stax.c14n.StaxCanonicalizationMethod
>>
>>  
>>
>> Can anyone point out where I can find these classes or how to 
>> implement these classes?
>>
>>  
>>
>> Regards,
>>
>> Pankaj Kharbe
>>
>>  
>>
>> This e-mail and any files transmitted with it are for the sole use of 
>> the intended recipient(s) and may contain confidential and privileged 
>> information.
>> If you are not the intended recipient, please contact the sender by 
>> reply e-mail and destroy all copies of the original message.
>> Any unauthorised review, use, disclosure, dissemination, forwarding, 
>> printing or copying of this email or any action taken in reliance on 
>> this e-mail is strictly
>> prohibited and may be unlawful.
>>
>

Re: Info required on SAX implementation of XML Dgital Signature verification

Posted by Sean Mullan <Se...@Sun.COM>.
It seems like the last time I worked on this, I didn't check in those 
new classes. Let me see if I can find an old workspace and I'll get back 
to you.

--Sean

Pankaj.Kharbe@cognizant.com wrote:
> Hi all,
> 
> We are trying to use the SAX implementation of the XML Digital Signature 
> verification. The reason of choosing SAX over DOM is because we are 
> having huge files(10-30MB) whose signature needs to be created and 
> verified( Also it should be multithreaded). And in the DOM 
> implementation we are not able to meet NFRs in the processing time and 
> the Memory usage. Using the SAX implementation has reduced the 
> processing time and memory usage also but the difference is not huge. 
>  Has anyone got any different implementation or way of using the SAX 
> parser for the signature validation?
> 
>  
> 
> I was also looking at the STAX implementation code 
> (https://svn.apache.org/repos/asf/xml/security/branches/stax_jsr105/) 
> but I found that the branch code itself is incomplete. There are couple 
> of missing classes which have been used in it and its giving compilation 
> error.
> 
> Missing Classes name are –
> 
>>com.r_bg.stax.StaxStructure
> 
>>com.r_bg.stax.c14n.StaxCanonicalizationMethod
> 
>  
> 
> Can anyone point out where I can find these classes or how to implement 
> these classes?
> 
>  
> 
> Regards,
> 
> Pankaj Kharbe
> 
>  
> 
> This e-mail and any files transmitted with it are for the sole use of 
> the intended recipient(s) and may contain confidential and privileged 
> information.
> If you are not the intended recipient, please contact the sender by 
> reply e-mail and destroy all copies of the original message.
> Any unauthorised review, use, disclosure, dissemination, forwarding, 
> printing or copying of this email or any action taken in reliance on 
> this e-mail is strictly
> prohibited and may be unlawful.
>