You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@santuario.apache.org by Michael McIntosh <mi...@us.ibm.com> on 2006/06/25 16:59:22 UTC
CanonicalizerSpi
I am trying to implement a Canonicalization algorithm using the XML
Security framework. My algorithm needs to access values(parameters) from
elements passed as children of the CanonicalizationMethod element (similar
to InclusiveNamespaces with Exclusive C14N). The schema[1] (below)
provided for CanonicalizationMethod clearly allows for children of the
element. It is unclear how to access the element in the implementation of
the Canonicalization algorithm (the examples for Transform algorithm
clearly demonstrate how this is done for Transforms but that method does
not work for Canonicalization algorithms). Can someone please tell me
whether this can be done? If I need to modify the framework to enable this
would you consider including this in the official code base?
Thanks,
Mike
[1] Schema for CanonicalizationMethod
<element name="CanonicalizationMethod"
type="ds:CanonicalizationMethodType"/>
<complexType name="CanonicalizationMethodType" mixed="true">
<sequence>
<any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
<!-- (0,unbounded) elements from (1,1) namespace -->
</sequence>
<attribute name="Algorithm" type="anyURI" use="required"/>
</complexType>
Re: CanonicalizerSpi
Posted by Raul Benito <ra...@apache.org>.
On 6/26/06, Michael McIntosh <mi...@us.ibm.com> wrote:
>
> Sean.Mullan@Sun.COM wrote on 06/26/2006 10:09:31 AM:
>
> > Can you be more specific about what the problem is?
>
> The problem is that there is no equivalent to _transformObject in the
> CanonicalizerSpi. An implementation of a Transform can include the
> following code in order to access any parameter values encapsulated in the
> Transform element:
>
> protected XMLSignatureInput enginePerformTransform
> (XMLSignatureInput input)
> {
> org.w3c.dom.Element elemTransform =
> this._transformObject.getElement();
> ...
> }
>
> there is no way to access the current CanonicalizationMethod element from
> within the implementation.
Ohh, that´s so 1.3ies. In 1.4 the API has change a little not too much. The
enginePerformTransform method accepts also a Tranform object argument.
> Also, the next release of Apache XML Security (1.4) will include JSR 105
>
> > (Java XML DSig API). The JSR 105 API allows you to implement your own
> > Canonicalization (or Transform) algorithms (with support for input
> > parameters) by subclassing the javax.xml.crypto.dsig.TransformService
> > class. An initial beta of XMLSec 1.4 is now available for testing:
> > http://xml.apache.org/security/dist/java-library/xmlsec-1.4.Beta0.jar
>
> How different is code written for 1.4 vs. 1.3? Are there easy to
> understand porting guidelines available?
The 1.4 is backward compatible from the client API point of view(if you
implement new Transform or KeyResolver the api has change slightly, you can
see the CVS Changelog).
But it also includes a whole new API: the JSR105. This standard API that
will be implemented by several vendors, while the old api was always
proprietary of apache xmlsec API and a little leaky one by the way.
So from now on we will maintain the two APIs. But I think the old one will
be deprecated and go to the JSR105.
Thanks,
> Mike
>
> > --Sean
>
>
--
http://r-bg.com
Re: CanonicalizerSpi
Posted by Sean Mullan <Se...@Sun.COM>.
You can download the code using subversion:
svn co https://svn.apache.org/repos/asf/xml/security/trunk xml-security
--Sean
Michael McIntosh wrote:
> Raul,
>
> That would be good. Since I am going to be building a transform and
> canonicalization algorithm, I was also hoping to get access to the source
> code, but I'll take what I can get.
>
> Thanks,
> Mike
>
> raul.benito.garcia@gmail.com wrote on 06/28/2006 03:35:06 AM:
>
>> Hi Mike,
>>
>> Due to a problem in the ant build scripts the 1.4 beta0 does NOT
>> have include JSR105 API but this weekend I will do a new release.
>> With new funcionality and I can create a zip with the javadoc if you
> want.
>> That will be ok for you?
>>
>> Regards,
>>
>> Raul
>
>> On 6/28/06, Michael McIntosh <mi...@us.ibm.com> wrote:
>> Sean.Mullan@Sun.COM wrote on 06/26/2006 10:09:31 AM:
>>
>>> Can you be more specific about what the problem is?
>>>
>>> Also, the next release of Apache XML Security (1.4) will include JSR
> 105
>>> (Java XML DSig API). The JSR 105 API allows you to implement your own
>>> Canonicalization (or Transform) algorithms (with support for input
>>> parameters) by subclassing the javax.xml.crypto.dsig.TransformService
>>> class. An initial beta of XMLSec 1.4 is now available for testing:
>>> http://xml.apache.org/security/dist/java-library/xmlsec-1.4.Beta0.jar
>> Is the source code for the 1.4 beta available? Is there API
> documentation?
>> Thanks,
>> Mike
>>
>>
>>
>> --
>> http://r-bg.com
Re: CanonicalizerSpi
Posted by Michael McIntosh <mi...@us.ibm.com>.
Raul,
That would be good. Since I am going to be building a transform and
canonicalization algorithm, I was also hoping to get access to the source
code, but I'll take what I can get.
Thanks,
Mike
raul.benito.garcia@gmail.com wrote on 06/28/2006 03:35:06 AM:
> Hi Mike,
>
> Due to a problem in the ant build scripts the 1.4 beta0 does NOT
> have include JSR105 API but this weekend I will do a new release.
> With new funcionality and I can create a zip with the javadoc if you
want.
> That will be ok for you?
>
> Regards,
>
> Raul
> On 6/28/06, Michael McIntosh <mi...@us.ibm.com> wrote:
> Sean.Mullan@Sun.COM wrote on 06/26/2006 10:09:31 AM:
>
> > Can you be more specific about what the problem is?
> >
> > Also, the next release of Apache XML Security (1.4) will include JSR
105
>
> > (Java XML DSig API). The JSR 105 API allows you to implement your own
> > Canonicalization (or Transform) algorithms (with support for input
> > parameters) by subclassing the javax.xml.crypto.dsig.TransformService
> > class. An initial beta of XMLSec 1.4 is now available for testing:
> > http://xml.apache.org/security/dist/java-library/xmlsec-1.4.Beta0.jar
>
> Is the source code for the 1.4 beta available? Is there API
documentation?
>
> Thanks,
> Mike
>
>
>
> --
> http://r-bg.com
Re: CanonicalizerSpi
Posted by Raul Benito <ra...@apache.org>.
Hi Mike,
Due to a problem in the ant build scripts the 1.4 beta0 does NOT have
include JSR105 API but this weekend I will do a new release. With new
funcionality and I can create a zip with the javadoc if you want.
That will be ok for you?
Regards,
Raul
On 6/28/06, Michael McIntosh <mi...@us.ibm.com> wrote:
>
> Sean.Mullan@Sun.COM wrote on 06/26/2006 10:09:31 AM:
>
> > Can you be more specific about what the problem is?
> >
> > Also, the next release of Apache XML Security (1.4) will include JSR 105
>
> > (Java XML DSig API). The JSR 105 API allows you to implement your own
> > Canonicalization (or Transform) algorithms (with support for input
> > parameters) by subclassing the javax.xml.crypto.dsig.TransformService
> > class. An initial beta of XMLSec 1.4 is now available for testing:
> > http://xml.apache.org/security/dist/java-library/xmlsec-1.4.Beta0.jar
>
> Is the source code for the 1.4 beta available? Is there API documentation?
>
> Thanks,
> Mike
>
--
http://r-bg.com
Re: CanonicalizerSpi
Posted by Michael McIntosh <mi...@us.ibm.com>.
Sean.Mullan@Sun.COM wrote on 06/26/2006 10:09:31 AM:
> Can you be more specific about what the problem is?
The problem is that there is no equivalent to _transformObject in the
CanonicalizerSpi. An implementation of a Transform can include the
following code in order to access any parameter values encapsulated in the
Transform element:
protected XMLSignatureInput enginePerformTransform
(XMLSignatureInput input)
{
org.w3c.dom.Element elemTransform =
this._transformObject.getElement();
...
}
there is no way to access the current CanonicalizationMethod element from
within the implementation.
> Also, the next release of Apache XML Security (1.4) will include JSR 105
> (Java XML DSig API). The JSR 105 API allows you to implement your own
> Canonicalization (or Transform) algorithms (with support for input
> parameters) by subclassing the javax.xml.crypto.dsig.TransformService
> class. An initial beta of XMLSec 1.4 is now available for testing:
> http://xml.apache.org/security/dist/java-library/xmlsec-1.4.Beta0.jar
How different is code written for 1.4 vs. 1.3? Are there easy to
understand porting guidelines available?
Thanks,
Mike
> --Sean
Re: CanonicalizerSpi
Posted by Michael McIntosh <mi...@us.ibm.com>.
Sean.Mullan@Sun.COM wrote on 06/26/2006 10:09:31 AM:
> Can you be more specific about what the problem is?
>
> Also, the next release of Apache XML Security (1.4) will include JSR 105
> (Java XML DSig API). The JSR 105 API allows you to implement your own
> Canonicalization (or Transform) algorithms (with support for input
> parameters) by subclassing the javax.xml.crypto.dsig.TransformService
> class. An initial beta of XMLSec 1.4 is now available for testing:
> http://xml.apache.org/security/dist/java-library/xmlsec-1.4.Beta0.jar
Is the source code for the 1.4 beta available? Is there API documentation?
Thanks,
Mike
Re: CanonicalizerSpi
Posted by Sean Mullan <Se...@Sun.COM>.
Can you be more specific about what the problem is?
Also, the next release of Apache XML Security (1.4) will include JSR 105
(Java XML DSig API). The JSR 105 API allows you to implement your own
Canonicalization (or Transform) algorithms (with support for input
parameters) by subclassing the javax.xml.crypto.dsig.TransformService
class. An initial beta of XMLSec 1.4 is now available for testing:
http://xml.apache.org/security/dist/java-library/xmlsec-1.4.Beta0.jar
--Sean
Michael McIntosh wrote:
> I am trying to implement a Canonicalization algorithm using the XML
> Security framework. My algorithm needs to access values(parameters) from
> elements passed as children of the CanonicalizationMethod element (similar
> to InclusiveNamespaces with Exclusive C14N). The schema[1] (below)
> provided for CanonicalizationMethod clearly allows for children of the
> element. It is unclear how to access the element in the implementation of
> the Canonicalization algorithm (the examples for Transform algorithm
> clearly demonstrate how this is done for Transforms but that method does
> not work for Canonicalization algorithms). Can someone please tell me
> whether this can be done? If I need to modify the framework to enable this
> would you consider including this in the official code base?
>
> Thanks,
> Mike
>
> [1] Schema for CanonicalizationMethod
> <element name="CanonicalizationMethod"
> type="ds:CanonicalizationMethodType"/>
> <complexType name="CanonicalizationMethodType" mixed="true">
> <sequence>
> <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
> <!-- (0,unbounded) elements from (1,1) namespace -->
> </sequence>
> <attribute name="Algorithm" type="anyURI" use="required"/>
> </complexType>