You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2015/07/15 16:19:33 UTC
svn commit: r958429 [1/2] - in /websites/production/santuario/content: ./
cache/
Author: coheigea
Date: Wed Jul 15 14:19:32 2015
New Revision: 958429
Log:
Updating website
Modified:
websites/production/santuario/content/cache/main.pageCache
websites/production/santuario/content/cindex.html
websites/production/santuario/content/cinstallation.html
websites/production/santuario/content/contributing.html
websites/production/santuario/content/cprogramming.html
websites/production/santuario/content/download.html
websites/production/santuario/content/faq.html
websites/production/santuario/content/index.html
websites/production/santuario/content/java150releasenotes.html
websites/production/santuario/content/javaindex.html
websites/production/santuario/content/javareleasenotes.html
websites/production/santuario/content/oldnews.html
websites/production/santuario/content/secadv.html
Modified: websites/production/santuario/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.
Modified: websites/production/santuario/content/cindex.html
==============================================================================
--- websites/production/santuario/content/cindex.html (original)
+++ websites/production/santuario/content/cindex.html Wed Jul 15 14:19:32 2015
@@ -99,13 +99,7 @@ Apache Santuario -- c_index
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="c_index-ApacheXMLSecurityforC++">Apache XML Security for C++</h1><h3 id="c_index-Overview">Overview</h3><p>The Apache XML Security for C++ library is an implementation of the XML Digital Signature and Encryption specifications, along with some additional XKMS code. It is designed to be easily ported to new platforms, and is generally tested on Windows, Linux, OS X, and Solaris. Other platforms with autoconf support may also work.</p><p>The library makes use of the Apache Xerces-C XML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms. The use of Xalan-C is optional, but without it, XPath and XSLT transformations cannot be performed.</p> <div class="aui-message warning shadowed information-macro">
- <span class="aui-icon icon-warning">Icon</span>
- <div class="message-content">
- <p>The state of the Xalan-C project is unclear at this time, and these features should be viewed with caution.</p>
- </div>
- </div>
-<p>In addition, the library currently uses OpenSSL to provide cryptographic functionality. The cryptographic interface is implemented via a thin wrapper layer, and development versions of implementations for the Windows Cryptographic API and NSS have also been implemented.</p><h3 id="c_index-News">News</h3><p>Version 1.7.3 of the Apache XML Security for C++ library has been released. This is a bug fix release primarily addressing problems with ECDSA signature generation and several reported issues with the Windoes CAPI support.</p><h3 id="c_index-OldNews">Old News</h3><p>See <a shape="rect" href="oldnews.html">here</a> for old news.</p></div>
+<div id="ConfluenceContent"><h1 id="c_index-ApacheXMLSecurityforC++">Apache XML Security for C++</h1><h3 id="c_index-Overview">Overview</h3><p>The Apache XML Security for C++ library is an implementation of the XML Digital Signature and Encryption specifications, along with some additional XKMS code. It is designed to be easily ported to new platforms, and is generally tested on Windows, Linux, OS X, and Solaris. Other platforms with autoconf support may also work.</p><p>The library makes use of the Apache Xerces-C XML Parser and Xalan-C XSLT processor. The latter is used for processing XPath and XSLT transforms. The use of Xalan-C is optional, but without it, XPath and XSLT transformations cannot be performed.</p><div class="confluence-information-macro confluence-information-macro-note"><span class="aui-icon aui-icon-small aui-iconfont-warning confluence-information-macro-icon"></span><div class="confluence-information-macro-body"><p>The state of the Xalan-C project is unclear at
this time, and these features should be viewed with caution.</p></div></div><p>In addition, the library currently uses OpenSSL to provide cryptographic functionality. The cryptographic interface is implemented via a thin wrapper layer, and development versions of implementations for the Windows Cryptographic API and NSS have also been implemented.</p><h3 id="c_index-News">News</h3><p>Version 1.7.3 of the Apache XML Security for C++ library has been released. This is a bug fix release primarily addressing problems with ECDSA signature generation and several reported issues with the Windoes CAPI support.</p><h3 id="c_index-OldNews">Old News</h3><p>See <a shape="rect" href="oldnews.html">here</a> for old news.</p></div>
</div>
<!-- Content -->
</td>
Modified: websites/production/santuario/content/cinstallation.html
==============================================================================
--- websites/production/santuario/content/cinstallation.html (original)
+++ websites/production/santuario/content/cinstallation.html Wed Jul 15 14:19:32 2015
@@ -166,11 +166,11 @@ Apache Santuario -- c_installation
<p>For the Include directories you will need something similar to my setup below (replacing D:\PROG\CLIB\.. with the appropriate path on your system).</p>
-<p><img class="confluence-embedded-image" src="https://cwiki.apache.org/confluence/download/attachments/25199053/vc6a.gif?version=1&modificationDate=1295355799000&api=v2" data-image-src="/confluence/download/attachments/25199053/vc6a.gif?version=1&modificationDate=1295355799000&api=v2"></p>
+<p><span class="confluence-embedded-file-wrapper"><img class="confluence-embedded-image" src="cinstallation.data/vc6a.gif"></span></p>
<p>Similarly the library directories will need to be added to. Note that in the example below, I use both Debug and Release libraries for Xalan and Xerces. As provided, the workspace projects link to the debug libraries for XSEC Debug and Release for XSEC Release.</p>
-<p><img class="confluence-embedded-image" src="https://cwiki.apache.org/confluence/download/attachments/25199053/vc6b.gif?version=1&modificationDate=1295355807000&api=v2" data-image-src="/confluence/download/attachments/25199053/vc6b.gif?version=1&modificationDate=1295355807000&api=v2"></p>
+<p><span class="confluence-embedded-file-wrapper"><img class="confluence-embedded-image" src="cinstallation.data/vc6b.gif"></span></p>
<h5 id="c_installation-Configure.1">Configure</h5>
Modified: websites/production/santuario/content/contributing.html
==============================================================================
--- websites/production/santuario/content/contributing.html (original)
+++ websites/production/santuario/content/contributing.html Wed Jul 15 14:19:32 2015
@@ -152,7 +152,7 @@ Apache Santuario -- contributing
<p>This is a collection of tips for contributing to the project in a manner that is productive for all parties.</p>
-<ul><li>Every contribution is worthwhile. Even if the ensuing discussion proves it to be off-beam, then it may jog ideas for other people.</li><li>Use sensible and concise email subject headings. Search engines, and humans trying to browse a voluminous list, will respond favourably to a descriptive title.</li><li>Start new threads with a new Subject for new topics, rather than reusing the previous Subject line.</li><li>Keep each topic focused. If some new topic arises then start a new discussion. This leaves the original topic to continue uncluttered.</li><li>Whenever you decide to start a new topic, then start with a fresh new email message window. Do not use the "Reply to" button, because threaded mail-readers get confused (they utilise the In-reply-to header). If so, then your new topic will get lost in the previous thread and go unanswered.</li><li>Prepend your email subject line with a marker when that is appropriate, e.g. <a shape="rect" class="unresolved" href="#">Patch</a>,
<a shape="rect" class="unresolved" href="#">Proposal</a>, <a shape="rect" class="unresolved" href="#">RT</a> (Random Thought which quickly blossom into research topics <img class="emoticon emoticon-smile" src="https://cwiki.apache.org/confluence/s/en_GB-1988229788/4109/76e0dbb30bc8580e459c201f3535d84f9283a9ac.1/_/images/icons/emoticons/smile.png" data-emoticon-name="smile" alt="(smile)">, <a shape="rect" class="unresolved" href="#">STATUS</a> (development status of a certain facility).</li><li>When making changes to XML documentation, or any XML document for that matter, use a <a shape="rect" class="external-link" href="http://www.oasis-open.org/cover/" rel="nofollow">validating parser</a> (one that is tried and true is <a shape="rect" class="external-link" href="http://openjade.sourceforge.net/" rel="nofollow">OpenSP/onsgmls</a>). This procedure will detect errors without having to go through the whole build docs process to find them. Do not expect Forrest or the build system to de
tect the validation errors for you - they can do it, but that is not their purpose. (Anyway, nsgmls validation error messages are more informative.)</li><li>Remember that most people are participating in development on a volunteer basis and in their "spare time". These enthusiasts will attempt to respond to issues. It may take a little while to get your answers.</li><li>Research your topic thoroughly before beginning to discuss a new development issue. Search and browse through the email archives - your issue may have been discussed before. Do not just perceive a problem and then rush out with a question - instead, delve.</li><li>Try to at least offer a partial solution and not just a problem statement.</li><li>Take the time to clearly explain your issue and write a concise email message. Less confusion facilitates fast and complete resolution.</li><li>Do not bother to send an email reply that simply says "thanks". When the issue is resolved, that is the finish - end of thread. Redu
ce clutter.</li><li>You would usually do any development work against the HEAD branch of CVS.</li><li>When sending a patch, you usually do not need to worry about which CVS branch it should be applied to. The maintainers of the repository will decide.</li><li>If an issue starts to get bogged down in list discussion, then it may be appropriate to go into private off-list discussion with a few interested other people. Spare the list from the gory details. Report a summary back to the list to finalise the thread.</li><li>Become familiar with the mailing lists. As you browse and search, you will see the way other people do things. Follow the leading examples.</li></ul>
+<ul><li>Every contribution is worthwhile. Even if the ensuing discussion proves it to be off-beam, then it may jog ideas for other people.</li><li>Use sensible and concise email subject headings. Search engines, and humans trying to browse a voluminous list, will respond favourably to a descriptive title.</li><li>Start new threads with a new Subject for new topics, rather than reusing the previous Subject line.</li><li>Keep each topic focused. If some new topic arises then start a new discussion. This leaves the original topic to continue uncluttered.</li><li>Whenever you decide to start a new topic, then start with a fresh new email message window. Do not use the "Reply to" button, because threaded mail-readers get confused (they utilise the In-reply-to header). If so, then your new topic will get lost in the previous thread and go unanswered.</li><li>Prepend your email subject line with a marker when that is appropriate, e.g. <a shape="rect" class="unresolved" href="#">Patch</a>,
<a shape="rect" class="unresolved" href="#">Proposal</a>, <a shape="rect" class="unresolved" href="#">RT</a> (Random Thought which quickly blossom into research topics <img class="emoticon emoticon-smile" src="https://cwiki.apache.org/confluence/s/en_GB/5982/f2b47fb3d636c8bc9fd0b11c0ec6d0ae18646be7.1/_/images/icons/emoticons/smile.png" data-emoticon-name="smile" alt="(smile)">, <a shape="rect" class="unresolved" href="#">STATUS</a> (development status of a certain facility).</li><li>When making changes to XML documentation, or any XML document for that matter, use a <a shape="rect" class="external-link" href="http://www.oasis-open.org/cover/" rel="nofollow">validating parser</a> (one that is tried and true is <a shape="rect" class="external-link" href="http://openjade.sourceforge.net/" rel="nofollow">OpenSP/onsgmls</a>). This procedure will detect errors without having to go through the whole build docs process to find them. Do not expect Forrest or the build system to detect the va
lidation errors for you - they can do it, but that is not their purpose. (Anyway, nsgmls validation error messages are more informative.)</li><li>Remember that most people are participating in development on a volunteer basis and in their "spare time". These enthusiasts will attempt to respond to issues. It may take a little while to get your answers.</li><li>Research your topic thoroughly before beginning to discuss a new development issue. Search and browse through the email archives - your issue may have been discussed before. Do not just perceive a problem and then rush out with a question - instead, delve.</li><li>Try to at least offer a partial solution and not just a problem statement.</li><li>Take the time to clearly explain your issue and write a concise email message. Less confusion facilitates fast and complete resolution.</li><li>Do not bother to send an email reply that simply says "thanks". When the issue is resolved, that is the finish - end of thread. Reduce clutter.
</li><li>You would usually do any development work against the HEAD branch of CVS.</li><li>When sending a patch, you usually do not need to worry about which CVS branch it should be applied to. The maintainers of the repository will decide.</li><li>If an issue starts to get bogged down in list discussion, then it may be appropriate to go into private off-list discussion with a few interested other people. Spare the list from the gory details. Report a summary back to the list to finalise the thread.</li><li>Become familiar with the mailing lists. As you browse and search, you will see the way other people do things. Follow the leading examples.</li></ul>
</div>
</div>
<!-- Content -->
Modified: websites/production/santuario/content/cprogramming.html
==============================================================================
--- websites/production/santuario/content/cprogramming.html (original)
+++ websites/production/santuario/content/cprogramming.html Wed Jul 15 14:19:32 2015
@@ -31,6 +31,7 @@ rce">
<link href='http://cxf.apache.org/resources/highlighter/styles/shThemeCXF.css' rel='stylesheet' type='text/css' />
<script src='http://cxf.apache.org/resources/highlighter/scripts/shCore.js' type='text/javascript'></script>
<script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushJava.js' type='text/javascript'></script>
+ <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushXml.js' type='text/javascript'></script>
<script type="text/javascript">
SyntaxHighlighter.defaults['toolbar'] = false;
@@ -134,7 +135,7 @@ Apache Santuario -- c_programming
<p>The following code snippet initialises Xerces, Xalan and XSEC. Note that the enveloped transform is implemented using an XPath expression, so it is imperitive the Xalan libraries are initialised.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
int main (int argc, char **argv) {
try {
@@ -146,8 +147,8 @@ int main (int argc, char **argv) {
}
catch (const XMLException &e) {
- cerr << "Error during initialisation of Xerces" << endl;
- cerr << "Error Message = : "
+ cerr << "Error during initialisation of Xerces" << endl;
+ cerr << "Error Message = : "
<< e.getMessage() << endl;
}
@@ -155,12 +156,12 @@ int main (int argc, char **argv) {
// Create a blank Document
DOMImplementation *impl =
- DOMImplementationRegistry::getDOMImplementation(MAKE_UNICODE_STRING("Core"));
+ DOMImplementationRegistry::getDOMImplementation(MAKE_UNICODE_STRING("Core"));
// Create a letter
DOMDocument *doc = createLetter(impl);
DOMElement *rootElem = doc->getDocumentElement();
-]]></script>
+</pre>
</div></div>
<p>In the sample application, the call to createLetter(impl) simply creates a letter DOM structure with a to and from address and some text. This is done using standard DOM calls via Xerces.</p>
@@ -168,7 +169,7 @@ int main (int argc, char **argv) {
<p>Once the system is initialised and the DOM document is created, a DSIGSignature object is created via the XSECProvider interface class. The signature object is then used to create a blank signature DOM node structure which is then inserted at the end of the document.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
XSECProvider prov;
DSIGSignature *sig;
DOMElement *sigNode;
@@ -178,7 +179,7 @@ int main (int argc, char **argv) {
// Create a signature object
sig = prov.newSignature();
- sig->setDSIGNSPrefix("ds");
+ sig->setDSIGNSPrefix("ds");
// Use it to create a blank signature DOM structure from the doc
@@ -186,7 +187,7 @@ int main (int argc, char **argv) {
CANON_C14N_COM,
SIGNATURE_HMAC,
HASH_SHA1);
-]]></script>
+</pre>
</div></div>
<p>The call to newSignature creates a signature object only. No DOM nodes are created at this point. The call to setDSIGNSPrefix tells the XSEC library what namespace prefix to use for the signature object when it starts to create DOM nodes (in this case "ds" will be used). By default, the library will use "dsig" as the prefix for the name space for Digital Signatures.</p>
@@ -199,17 +200,17 @@ int main (int argc, char **argv) {
<p>Now that the signature object is created, the signature is inserted into the document, and a reference is created and set for an enveloping transform.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
// Insert the signature DOM nodes into the doc
- rootElem->appendChild(doc->createTextNode(MAKE_UNICODE_STRING("\n")));
+ rootElem->appendChild(doc->createTextNode(MAKE_UNICODE_STRING("\n")));
rootElem->appendChild(sigNode);
- rootElem->appendChild(doc->createTextNode(MAKE_UNICODE_STRING("\n")));
+ rootElem->appendChild(doc->createTextNode(MAKE_UNICODE_STRING("\n")));
// Create an envelope reference for the text to be signed
- DSIGReference * ref = sig->createReference("");
+ DSIGReference * ref = sig->createReference("");
ref->appendEnvelopedSignatureTransform();
-]]></script>
+</pre>
</div></div>
<p>The "" parameter to createReference sets the URI attribute for the reference to be "" - indicating the root element of the document in which the signature resides. The call to appendEnvelopedSignatureTransform adds a standard eneveloped-signature transform to the Reference node.</p>
@@ -218,15 +219,15 @@ int main (int argc, char **argv) {
<p>Finally we create a signing key and sign the document.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
- // Set the HMAC Key to be the string "secret"
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
+ // Set the HMAC Key to be the string "secret"
OpenSSLCryptoKeyHMAC * hmacKey = new OpenSSLCryptoKeyHMAC();
- hmacKey->setKey((unsigned char *) "secret", strlen("secret"));
+ hmacKey->setKey((unsigned char *) "secret", strlen("secret"));
sig->setSigningKey(hmacKey);
// Add a KeyInfo element
- sig->appendKeyName("The secret key is \"secret\"");
+ sig->appendKeyName("The secret key is \"secret\"");
// Sign
@@ -235,12 +236,12 @@ int main (int argc, char **argv) {
catch (XSECException &e)
{
- cerr << "An error occured during a signature load\n Message: "
+ cerr << "An error occured during a signature load\n Message: "
<< e.getMsg() << endl;
exit(1);
}
-]]></script>
+</pre>
</div></div>
<p>The first two code lines create an OpenSSLCryptoKeyHMAC object, and set the key value to the string "secret". The OpenSSL... classes are the interface layer between XSEC and OpenSSL. More information can be found in the API documentation, but the main point of note is that the XSEC library never deals directly with OpenSSL - it works via the XSECCrypto abstract classes which are implemented in the OpenSSLCrypto code. This would allow another person to re-implement the XSECCrypto code to use any cryptographic provider required.</p>
@@ -253,7 +254,7 @@ int main (int argc, char **argv) {
<p>The last part of the code does some work to output the new DOM structure. The output should look something like the following:</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
<Letter>
<ToAddress>The address of the Recipient</ToAddress>
<FromAddress>The address of the Sender</FromAddress>
@@ -262,28 +263,28 @@ To whom it may concern
...
</Text>
-<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
<ds:SignedInfo>
<ds:CanonicalizationMethod Algorithm=
-"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
-<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
-<ds:Reference URI="">
+"http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
+<ds:Reference URI="">
<ds:Transforms>
<ds:Transform Algorithm=
-"http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+"http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
-<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>askxS/A3BaLCjFjZ/ttU9c12kA4=</ds:DigestValue>
</ds:Reference>
</ds:SignedInfo>
<ds:SignatureValue>oYEdQYG1IHzbkR1UcJ9Q5VriRPs=
</ds:SignatureValue>
<ds:KeyInfo>
-<ds:KeyName>The secret key is "secret"</ds:KeyName>
+<ds:KeyName>The secret key is "secret"</ds:KeyName>
</ds:KeyInfo>
</ds:Signature>
</Letter>
-]]></script>
+</pre>
</div></div>
<p>Note that the DigestValue and SignatureValue elements have been filled in.</p>
@@ -300,7 +301,7 @@ To whom it may concern
<p>For the sake of brevity, the code relating to parsing the in-memory document has been removed from the snippet below.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
int main (int argc, char **argv) {
try {
@@ -312,8 +313,8 @@ int main (int argc, char **argv) {
}
catch (const XMLException &e) {
- cerr << "Error during initialisation of Xerces" << endl;
- cerr << "Error Message = : "
+ cerr << "Error during initialisation of Xerces" << endl;
+ cerr << "Error Message = : "
<< DOMString(e.getMessage()) << endl;
}
@@ -334,24 +335,24 @@ int main (int argc, char **argv) {
while (amt != NULL &&
(amt->getNodeType() != DOMNode::ELEMENT_NODE ||
- !strEquals(amt->getNodeName(), "Amount")))
+ !strEquals(amt->getNodeName(), "Amount")))
amt = amt->getNextSibling();
if (amt != NULL)
amt = amt->getFirstChild();
if (amt == NULL || amt->getNodeType() != DOMNode::TEXT_NODE) {
- cerr << "Error finding amount in purchase order" << endl;
+ cerr << "Error finding amount in purchase order" << endl;
exit (1);
}
-]]></script>
+</pre>
</div></div>
<h5 id="c_programming-CreatetheSignatureandKeyobjects">Create the Signature and Key objects</h5>
<p>Now that the document is in memory, an XSECProvider is created and used to create a new DSIGSignature object. In addition, the OpenSSL interface routines are used to read in a certificate and obtain the associated public key.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
XSECProvider prov;
DSIGSignature * sig = prov.newSignatureFromDOM(doc);
@@ -364,7 +365,7 @@ int main (int argc, char **argv) {
x509->loadX509Base64Bin(cert, strlen(cert));
sig->load();
-]]></script>
+</pre>
</div></div>
<p>In this case, the signature is create with the newSignatureFromDOM method. This tells the library that the signature structure (although not necessarily a signed structure) already exists in the DOM nodes. The library attempts to find the <Signature> node so that the load will work. (The library will throw an XSECException if it cannot find the Element.)</p>
@@ -382,7 +383,7 @@ int main (int argc, char **argv) {
<p>The call to clonePublicKey() returns a copy of the public key embedded in the certificate. It is owned by the caller, so in this case it can safely be passed to the DSIGSignature object where it will be destroyed when another key is loaded or the object is released by the XSECProvider.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
DSIGKeyInfoList * kinfList = sig->getKeyInfoList();
// See if we can find a Key Name
@@ -390,63 +391,63 @@ int main (int argc, char **argv) {
DSIGKeyInfo * kinf = kinfList->getFirstKeyInfo();
while (kinf != NULL) {
kname = kinf->getKeyName();
- if (kname.sbStrcmp("")) {
- cout << "Key Name = "
+ if (kname.sbStrcmp("")) {
+ cout << "Key Name = "
<< kname.rawCharBuffer() << endl;
}
kinf = kinfList->getNextKeyInfo();
}
sig->setSigningKey(x509->clonePublicKey());
-]]></script>
+</pre>
</div></div>
<h5 id="c_programming-Validatethesignature">Validate the signature</h5>
<p>Finally the signature is validated. In this case, we validate it three times. First with the original DOM structure, then with the price changed and finally with the price set back to the original value.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
- cout << "Amount = " << amt << " -> ";
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
+ cout << "Amount = " << amt << " -> ";
if (sig->verify()) {
- cout << "Signature Valid\n";
+ cout << "Signature Valid\n";
}
else {
- cout << "Incorrect Signature\n";
+ cout << "Incorrect Signature\n";
}
- amt.setNodeValue("$0.50");
+ amt.setNodeValue("$0.50");
- cout << "Amount = " << amt << " -> ";
+ cout << "Amount = " << amt << " -> ";
if (sig->verify()) {
- cout << "Signature Valid\n";
+ cout << "Signature Valid\n";
}
else {
- cout << "Incorrect Signature\n";
+ cout << "Incorrect Signature\n";
}
- amt.setNodeValue("$16.50");
+ amt.setNodeValue("$16.50");
- cout << "Amount = " << amt << " -> ";
+ cout << "Amount = " << amt << " -> ";
if (sig->verify()) {
- cout << "Signature Valid\n";
+ cout << "Signature Valid\n";
}
else {
- cout << "Incorrect Signature\n";
+ cout << "Incorrect Signature\n";
}
-]]></script>
+</pre>
</div></div>
<p>When run, the program outputs the following:</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
Key Name = C=AU, ST=Vic, O=XML-Security-C Project,
CN=Samples Demo Certificate
Amount = $16.50 -> Signature Valid
Amount = $0.50 -> Incorrect Signature
Amount = $16.50 -> Signature Valid
-]]></script>
+</pre>
</div></div>
<h1 id="c_programming-XMLEncryptionProgramming">XML Encryption Programming</h1>
@@ -469,7 +470,7 @@ Amount = $16.50 -> Signature Valid
<p>The first step is initialisation of Xerces, Xalan (if used) and XML-Security. Once this is done, we create a document. For brevity, the details of the call to createLetter are not included on this page. The function is very simple - it creates an XML DOM document that represents a letter, and sets a global variable (g_toEncrypt) that will be used later on to determine what node to encrypt.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
int main (int argc, char **argv) {
try {
@@ -481,8 +482,8 @@ int main (int argc, char **argv) {
}
catch (const XMLException &e) {
- cerr << "Error during initialisation of Xerces" << endl;
- cerr << "Error Message = : "
+ cerr << "Error during initialisation of Xerces" << endl;
+ cerr << "Error Message = : "
<< e.getMessage() << endl;
}
@@ -490,11 +491,11 @@ int main (int argc, char **argv) {
// Create a blank Document
DOMImplementation *impl =
- DOMImplementationRegistry::getDOMImplementation(MAKE_UNICODE_STRING("Core"));
+ DOMImplementationRegistry::getDOMImplementation(MAKE_UNICODE_STRING("Core"));
// Create a letter
DOMDocument *doc = createLetter(impl);
-]]></script>
+</pre>
</div></div>
<h5 id="c_programming-SetupforEncryption">Setup for Encryption</h5>
@@ -503,7 +504,7 @@ int main (int argc, char **argv) {
<p>As well as creating the XENCCipher object, the sample uses the RAND_bytes function within the <strong>OpenSSL</strong> library to create a random key that will be used during the encryption process.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
try {
/* Create the cipher object that we need */
@@ -520,7 +521,7 @@ int main (int argc, char **argv) {
if (RAND_status() != 1) {
- cerr << "OpenSSL random generation not properly initialised" << endl;
+ cerr << "OpenSSL random generation not properly initialised" << endl;
exit(1);
}
@@ -528,11 +529,11 @@ int main (int argc, char **argv) {
unsigned char keyBuf[24];
if (RAND_bytes(keyBuf, 24) == 0) {
- cerr << "Error obtaining 24 bytes of random from OpenSSL" << endl;
+ cerr << "Error obtaining 24 bytes of random from OpenSSL" << endl;
exit(1);
}
-]]></script>
+</pre>
</div></div>
<h5 id="c_programming-EncryptionofElement">Encryption of Element</h5>
@@ -547,7 +548,7 @@ int main (int argc, char **argv) {
<p>If no further information is required to be embedded in the <EncryptedData> structure (such as <KeyInfo> nodes), the usage of the library could be terminated here.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
/* Wrap this in a Symmetric 3DES key */
OpenSSLCryptoSymmetricKey * key =
@@ -557,7 +558,7 @@ int main (int argc, char **argv) {
/* Encrypt the element that needs to be hidden */
cipher->encryptElement(g_toEncrypt, ENCRYPT_3DES_CBC);
-]]></script>
+</pre>
</div></div>
<h5 id="c_programming-Createan<EncryptedKey>">Create an <EncryptedKey></h5>
@@ -572,7 +573,7 @@ int main (int argc, char **argv) {
<p>The encryptedKey method returns an XENCEncryptedKey object. This contains the DOM structure for the object, but it is not yet rooted in a particular document. (Although it is created using the DOMDocument that was passed in during the call to newCipher.)</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
/* Now lets create an EncryptedKey element to hold the generated key */
/* First lets load the public key in the certificate */
@@ -587,14 +588,14 @@ int main (int argc, char **argv) {
XENCEncryptedKey * encryptedKey =
cipher->encryptKey(keyBuf, 24, ENCRYPT_RSA_15);
-]]></script>
+</pre>
</div></div>
<h5 id="c_programming-Append<EncryptedKey>to<EncryptedData>">Append <EncryptedKey> to <EncryptedData></h5>
<p>The final part (other than outputting the result) is to retrieve the <EncryptedData> element that was previously created and append the newly created <EncryptedKey> as a <KeyInfo> element.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
/*
* Add the encrypted Key to the previously created EncryptedData, which
* we first retrieve from the cipher object. This will automatically create
@@ -603,20 +604,20 @@ int main (int argc, char **argv) {
XENCEncryptedData * encryptedData = cipher->getEncryptedData();
encryptedData->appendEncryptedKey(encryptedKey);
-]]></script>
+</pre>
</div></div>
<p>The above code results in a document that contains the newly created <EncryptedData> as follows:</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
<Letter>
<ToAddress>The address of the Recipient</ToAddress>
<FromAddress>The address of the Sender</FromAddress>
-<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
-xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
-<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
-<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
-<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
-<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
+<xenc:EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
+xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc"/>
+<ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<xenc:EncryptedKey xmlns:xenc="http://www.w3.org/2001/04/xmlenc#">
+<xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5"/>
<xenc:CipherData>
<xenc:CipherValue>Wh8pAkDsQceHiktGxnlhXGfEMPDOLB6FwWp8PLedFEB3L3F6xHUoCOerIvA7Pgvv
VYzVqLv4a5x5YdnCqikkFBLE/fruAUe2Z8ZTEn/CaPYmpzU6qYHALCl7Q61LcbqH
@@ -632,7 +633,7 @@ R87TzroBYsYwfHmXmrKHL9K9sB6zmuec1TjVzm2c
</xenc:CipherValue>
</xenc:CipherData>
</xenc:EncryptedData></Letter>
-]]></script>
+</pre>
</div></div>
<h3 id="c_programming-Asimpledecryptionexample">A simple decryption example</h3>
@@ -653,7 +654,7 @@ R87TzroBYsYwfHmXmrKHL9K9sB6zmuec1TjVzm2c
<p>The key is loaded using a call to setKEK. This method loads the key as a Key Encryption Key - which means it will be used to decrypt an <EncryptedKey> structure.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
XSECProvider prov;
XENCCipher *cipher;
@@ -668,7 +669,7 @@ R87TzroBYsYwfHmXmrKHL9K9sB6zmuec1TjVzm2c
OpenSSLCryptoKeyRSA * k = new OpenSSLCryptoKeyRSA(pk);
cipher->setKEK(k);
-]]></script>
+</pre>
</div></div>
<h5 id="c_programming-PerformDecryption">Perform Decryption</h5>
@@ -681,18 +682,18 @@ R87TzroBYsYwfHmXmrKHL9K9sB6zmuec1TjVzm2c
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
/* Find the EncryptedData node */
- DOMNode * encryptedNode = findXENCNode(doc, "EncryptedData");
+ DOMNode * encryptedNode = findXENCNode(doc, "EncryptedData");
/* Do the decrypt */
cipher->decryptElement((DOMElement *) encryptedNode);
-]]></script>
+</pre>
</div></div>
<p>The result of these steps is the decrypted letter.</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
<Letter>
<ToAddress>The address of the Recipient</ToAddress>
<FromAddress>The address of the Sender</FromAddress>
@@ -702,7 +703,7 @@ To whom it may concern, my secret credit
...
</Text></Letter>
-]]></script>
+</pre>
</div></div>
</div>
Modified: websites/production/santuario/content/download.html
==============================================================================
--- websites/production/santuario/content/download.html (original)
+++ websites/production/santuario/content/download.html Wed Jul 15 14:19:32 2015
@@ -108,8 +108,8 @@ Apache Santuario -- download
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="download-ObtaintheApacheSantuariodistribution">Obtain the Apache Santuario distribution</h1><p>The <strong>Apache Santuario</strong> project is aimed at providing implementation of the primary security standards for XML. Two libraries are currently available.</p><ul><li>Apache XML Security for Java - This library includes a mature Digital Signature and Encryption implementation. It also includes the standard JSR 105 (Java XML Digital Signature) API. Applications can use the standard JSR 105 API or the Apache Santuario API to create and validate XML Signatures.</li><li>Apache XML Security for C++ - This library includes a mature Digital Signature and Encryption implementation using a proprietary C++ API on top of the Xerces-C XML Parser's DOM API. It includes a pluggable cryptographic layer, but support for alternatives to OpenSSL are less complete and less mature.</li></ul><h3 id="download-Howtodownload">How to download</h3><p>Use the links below
to download a distribution of Apache Santuario from one of our mirrors. It is good practice to verify the integrity of the distribution files. Apache Santuario releases are available under the <a shape="rect" class="external-link" href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> - see the LICENSE.txt and NOTICE.txt files contained in each release artifact.</p><h3 id="download-Currentofficialrelease(closestmirrorsiteselectedautomatically)">Current official release (closest mirror site selected automatically)</h3><ul><li>The current stable Java release is Apache XML Security for Java 2.0.4: <a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/santuario/java-library/2_0_4/xmlsec-2.0.4-source-release.zip">xmlsec-2.0.4-source-release.zip</a> (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/java-library/2_0_4/xmlsec-2.0.4-source-release.zip.asc">PGP</a>) (<a shape="rect" class="external-lin
k" href="http://www.apache.org/dist/santuario/java-library/2_0_4/xmlsec-2.0.4-source-release.zip.md5">MD5</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/java-library/2_0_4/xmlsec-2.0.4-source-release.zip.sha1">SHA1</a>)</li><li>The older stable Java release is Apache XML Security for Java 1.5.8: <a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/santuario/java-library/1_5_8/xml-security-bin-1_5_8.zip">xml-security-bin-1_5_8.zip</a> (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/java-library/1_5_8/xml-security-bin-1_5_8.zip.asc">PGP</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/java-library/1_5_8/xml-security-bin-1_5_8.zip.md5">MD5</a>)</li><li>The current C++ release is Apache XML Security for C++ 1.7.3:<br clear="none"><ul><li><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/santuario/c-library/
xml-security-c-1.7.3.tar.gz">xml-security-c-1.7.3.tar.gz</a> (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.gz.asc">PGP</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.gz.md5">MD5</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.gz.sha1">SHA1</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.gz.sha256">SHA256</a>)</li><li><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/santuario/c-library/xml-security-c-1.7.3.tar.bz2">xml-security-c-1.7.3.tar.bz2</a> (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.bz2.asc">PGP</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuar
io/c-library/xml-security-c-1.7.3.tar.bz2.md5">MD5</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.bz2.sha1">SHA1</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.bz2.sha256">SHA256</a>)</li><li><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/santuario/c-library/xml-security-c-1.7.3.zip">xml-security-c-1.7.3.zip</a> (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.zip.asc">PGP</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.zip.md5">MD5</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.zip.sha1">SHA1</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-se
curity-c-1.7.3.zip.sha256">SHA256</a>)</li></ul></li></ul><h3 id="download-Archiveofoldreleases">Archive of old releases</h3><p>Older releases are available in the <a shape="rect" class="external-link" href="http://archive.apache.org/dist/santuario/">archive</a>.</p><h3 id="download-Verifyreleases">Verify releases</h3><p>It is essential that you verify the integrity of the downloaded files using the MD5/SHA and PGP signatures. Digest verification ensures the file was not corrupted or tampered with. PGP verification ensures that the file is authentic. In practice, PGP verification is <strong>much</strong> more important and makes checksum verification redundant.</p><h3 id="download-PGPSignature">PGP Signature</h3><p>The PGP signatures can be verified using <a shape="rect" class="external-link" href="http://www.pgpi.org/" rel="nofollow">PGP</a> or <a shape="rect" class="external-link" href="http://www.gnupg.org/" rel="nofollow">GPG</a>. First download the Apache Santuario <a shape="re
ct" class="external-link" href="http://www.apache.org/dist/santuario/KEYS">KEYS</a> as well as the *.asc signature file for the particular distribution. It is important that you get these files from the ultimate trusted source - the main ASF distribution site, rather than from a mirror. Then verify the signatures using:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[% pgpk -a KEYS
+<div id="ConfluenceContent"><h1 id="download-ObtaintheApacheSantuariodistribution">Obtain the Apache Santuario distribution</h1><p>The <strong>Apache Santuario</strong> project is aimed at providing implementation of the primary security standards for XML. Two libraries are currently available.</p><ul><li>Apache XML Security for Java - This library includes a mature Digital Signature and Encryption implementation. It also includes the standard JSR 105 (Java XML Digital Signature) API. Applications can use the standard JSR 105 API or the Apache Santuario API to create and validate XML Signatures.</li><li>Apache XML Security for C++ - This library includes a mature Digital Signature and Encryption implementation using a proprietary C++ API on top of the Xerces-C XML Parser's DOM API. It includes a pluggable cryptographic layer, but support for alternatives to OpenSSL are less complete and less mature.</li></ul><h3 id="download-Howtodownload">How to download</h3><p>Use the links below
to download a distribution of Apache Santuario from one of our mirrors. It is good practice to verify the integrity of the distribution files. Apache Santuario releases are available under the <a shape="rect" class="external-link" href="http://www.apache.org/licenses/LICENSE-2.0">Apache License, Version 2.0</a> - see the LICENSE.txt and NOTICE.txt files contained in each release artifact.</p><h3 id="download-Currentofficialrelease(closestmirrorsiteselectedautomatically)">Current official release (closest mirror site selected automatically)</h3><ul><li>The current stable Java release is Apache XML Security for Java 2.0.5: <a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/santuario/java-library/2_0_5/xmlsec-2.0.5-source-release.zip">xmlsec-2.0.5-source-release.zip</a> (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/java-library/2_0_5/xmlsec-2.0.5-source-release.zip.asc">PGP</a>) (<a shape="rect" class="external-lin
k" href="http://www.apache.org/dist/santuario/java-library/2_0_5/xmlsec-2.0.5-source-release.zip.md5">MD5</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/java-library/2_0_5/xmlsec-2.0.5-source-release.zip.sha1">SHA1</a>)</li><li>The older stable Java release is Apache XML Security for Java 1.5.8: <a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/santuario/java-library/1_5_8/xml-security-bin-1_5_8.zip">xml-security-bin-1_5_8.zip</a> (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/java-library/1_5_8/xml-security-bin-1_5_8.zip.asc">PGP</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/java-library/1_5_8/xml-security-bin-1_5_8.zip.md5">MD5</a>)</li><li>The current C++ release is Apache XML Security for C++ 1.7.3:<br clear="none"><ul><li><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/santuario/c-library/
xml-security-c-1.7.3.tar.gz">xml-security-c-1.7.3.tar.gz</a> (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.gz.asc">PGP</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.gz.md5">MD5</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.gz.sha1">SHA1</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.gz.sha256">SHA256</a>)</li><li><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/santuario/c-library/xml-security-c-1.7.3.tar.bz2">xml-security-c-1.7.3.tar.bz2</a> (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.bz2.asc">PGP</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuar
io/c-library/xml-security-c-1.7.3.tar.bz2.md5">MD5</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.bz2.sha1">SHA1</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.tar.bz2.sha256">SHA256</a>)</li><li><a shape="rect" class="external-link" href="http://www.apache.org/dyn/closer.cgi?path=/santuario/c-library/xml-security-c-1.7.3.zip">xml-security-c-1.7.3.zip</a> (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.zip.asc">PGP</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.zip.md5">MD5</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-security-c-1.7.3.zip.sha1">SHA1</a>) (<a shape="rect" class="external-link" href="http://www.apache.org/dist/santuario/c-library/xml-se
curity-c-1.7.3.zip.sha256">SHA256</a>)</li></ul></li></ul><h3 id="download-Archiveofoldreleases">Archive of old releases</h3><p>Older releases are available in the <a shape="rect" class="external-link" href="http://archive.apache.org/dist/santuario/">archive</a>.</p><h3 id="download-Verifyreleases">Verify releases</h3><p>It is essential that you verify the integrity of the downloaded files using the MD5/SHA and PGP signatures. Digest verification ensures the file was not corrupted or tampered with. PGP verification ensures that the file is authentic. In practice, PGP verification is <strong>much</strong> more important and makes checksum verification redundant.</p><h3 id="download-PGPSignature">PGP Signature</h3><p>The PGP signatures can be verified using <a shape="rect" class="external-link" href="http://www.pgpi.org/" rel="nofollow">PGP</a> or <a shape="rect" class="external-link" href="http://www.gnupg.org/" rel="nofollow">GPG</a>. First download the Apache Santuario <a shape="re
ct" class="external-link" href="http://www.apache.org/dist/santuario/KEYS">KEYS</a> as well as the *.asc signature file for the particular distribution. It is important that you get these files from the ultimate trusted source - the main ASF distribution site, rather than from a mirror. Then verify the signatures using:</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">% pgpk -a KEYS
% pgpv xml-security-bin-1_4_4.zip.asc
or
% pgp -ka KEYS
@@ -117,11 +117,11 @@ Apache Santuario -- download
or
% gpg --import KEYS
% gpg --verify xml-security-bin-1_4_4.zip.asc
-]]></script>
+</pre>
</div></div><h3 id="download-Checksums">Checksums</h3><p>To verify the MD5 or SHA checksum on the files, you need to use a program called md5 or md5sum (or sha1, etc.), which is included in many unix distributions. It is also available as part of <a shape="rect" class="external-link" href="http://www.gnu.org/software/textutils/textutils.html" rel="nofollow">GNU Textutils</a>. Windows users can get binary md5 programs from <a shape="rect" class="external-link" href="http://www.fourmilab.ch/md5/" rel="nofollow">here</a>, <a shape="rect" class="external-link" href="http://www.pc-tools.net/win32/freeware/console/" rel="nofollow">here</a>, or <a shape="rect" class="external-link" href="http://www.slavasoft.com/fsum/" rel="nofollow">here</a> or an openssl client from <a shape="rect" class="external-link" href="http://www.slproweb.com/products/Win32OpenSSL.html" rel="nofollow">here</a>.</p><div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[% md5sum xml-security-X.Y.tar.gz
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">% md5sum xml-security-X.Y.tar.gz
... output should match the string in xml-security-X.Y.tar.gz.md5
-]]></script>
+</pre>
</div></div><p>We strongly recommend you verify your downloads with both PGP and a checksum.</p></div>
</div>
<!-- Content -->
Modified: websites/production/santuario/content/faq.html
==============================================================================
--- websites/production/santuario/content/faq.html (original)
+++ websites/production/santuario/content/faq.html Wed Jul 15 14:19:32 2015
@@ -30,7 +30,7 @@ rce">
<link href='http://cxf.apache.org/resources/highlighter/styles/shCoreCXF.css' rel='stylesheet' type='text/css' />
<link href='http://cxf.apache.org/resources/highlighter/styles/shThemeCXF.css' rel='stylesheet' type='text/css' />
<script src='http://cxf.apache.org/resources/highlighter/scripts/shCore.js' type='text/javascript'></script>
- <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushJava.js' type='text/javascript'></script>
+ <script src='http://cxf.apache.org/resources/highlighter/scripts/shBrushXml.js' type='text/javascript'></script>
<script type="text/javascript">
SyntaxHighlighter.defaults['toolbar'] = false;
@@ -145,24 +145,24 @@ Apache Santuario -- faq
<p>Enveloped signatures are signatures over an entire XML document, for which the <Signature> element is included in the document itself. An example could be:</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: xml; gutter: false" type="syntaxhighlighter"><![CDATA[
-<?xml version="1.0" encoding="UTF-8"?>
+<pre class="brush: xml; gutter: false; theme: Default" style="font-size:12px;">
+<?xml version="1.0" encoding="UTF-8"?>
<Root>
<SomeContent>
...
</SomeContent>
<ds:Signature>
<ds:SignedInfo>
- <ds:Reference URI="">
+ <ds:Reference URI="">
<ds:Transforms>
- <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
</ds:Transforms>
</ds:Reference>
</ds:SignedInfo>
....
</ds:Signature>
</Root>
-]]></script>
+</pre>
</div></div>
<p>The Reference indicates that Root and it's descendants (except for comments) are signed, but the Transform element says to throw out the Signature element (that is the parent of this Reference) from the stream that is to be signed. Note that if there are other Signature elements in Root, they will remain untouched.</p>
Modified: websites/production/santuario/content/index.html
==============================================================================
--- websites/production/santuario/content/index.html (original)
+++ websites/production/santuario/content/index.html Wed Jul 15 14:19:32 2015
@@ -99,7 +99,7 @@ Apache Santuario -- Index
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="Index-WelcometoApacheSantuario">Welcome to Apache Santuario</h1><h3 id="Index-TheProject">The Project</h3><p>The <strong>Apache Santuario</strong> project is aimed at providing implementation of the primary security standards for XML:</p><ul><li>XML-Signature Syntax and Processing</li><li>XML Encryption Syntax and Processing.</li></ul><p>Two libraries are currently available.</p><ul><li>Apache XML Security for Java: This library includes the standard JSR-105 (Java XML Digital Signature) API,  a mature DOM-based implementation of both XML Signature and XML Encryption, as well as a more recent StAX-based (streaming) XML Signature and XML Encryption implementation.</li><li>Apache XML Security for C++: This library includes a mature Digital Signature and Encryption implementation using a proprietary C++ API on top of the Xerces-C XML Parser's DOM API. It includes a pluggable cryptographic layer, but support for alternatives to OpenSSL are less co
mplete and less mature.</li></ul><p>Apache Santuario, Apache, and the Apache feather logo are trademarks of The Apache Software Foundation.</p><h3 id="Index-News">News</h3><h5 id="Index-April2015">April 2015</h5><p>Version 2.0.4 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><h5 id="Index-March2015">March 2015</h5><p>Version 1.7.3 of the Apache XML Security for C++ library has been released, fixing a number of bugs, including a major issue involving ECDSA signature generation.</p><h3 id="Index-OlderNews">Older News</h3><p>See <a shape="rect" href="oldnews.html">here</a> for old news.</p></div>
+<div id="ConfluenceContent"><h1 id="Index-WelcometoApacheSantuario">Welcome to Apache Santuario</h1><h3 id="Index-TheProject">The Project</h3><p>The <strong>Apache Santuario</strong> project is aimed at providing implementation of the primary security standards for XML:</p><ul><li>XML-Signature Syntax and Processing</li><li>XML Encryption Syntax and Processing.</li></ul><p>Two libraries are currently available.</p><ul><li>Apache XML Security for Java: This library includes the standard JSR-105 (Java XML Digital Signature) API,  a mature DOM-based implementation of both XML Signature and XML Encryption, as well as a more recent StAX-based (streaming) XML Signature and XML Encryption implementation.</li><li>Apache XML Security for C++: This library includes a mature Digital Signature and Encryption implementation using a proprietary C++ API on top of the Xerces-C XML Parser's DOM API. It includes a pluggable cryptographic layer, but support for alternatives to OpenSSL are less co
mplete and less mature.</li></ul><p>Apache Santuario, Apache, and the Apache feather logo are trademarks of The Apache Software Foundation.</p><h3 id="Index-News">News</h3><h5 id="Index-July2015">July 2015</h5><p>Version 2.0.5 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="javareleasenotes.html">release notes</a></span> for more information.</p><h5 id="Index-March2015">March 2015</h5><p>Version 1.7.3 of the Apache XML Security for C++ library has been released, fixing a number of bugs, including a major issue involving ECDSA signature generation.</p><h3 id="Index-OlderNews">Older News</h3><p>See <a shape="rect" href="oldnews.html">here</a> for old news.</p><p> </p></div>
</div>
<!-- Content -->
</td>
Modified: websites/production/santuario/content/java150releasenotes.html
==============================================================================
--- websites/production/santuario/content/java150releasenotes.html (original)
+++ websites/production/santuario/content/java150releasenotes.html Wed Jul 15 14:19:32 2015
@@ -144,10 +144,10 @@ Apache Santuario -- java_1_5_0_release_n
<p>This functionality is supported in the core library through additional method signatures which take a boolean, and in the JSR-105 API via the property "org.apache.jcp.xml.dsig.secureValidation, e.g.:</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
XMLValidateContext context = new DOMValidateContext(key, elem);
-context.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
-]]></script>
+context.setProperty("org.apache.jcp.xml.dsig.secureValidation", Boolean.TRUE);
+</pre>
</div></div>
<h3 id="java_1_5_0_release_notes-Dynamicregistrationofdefaultalgorithms">Dynamic registration of default algorithms</h3>
@@ -176,7 +176,7 @@ context.setProperty("org.apache.jcp
<p>However, the older XMLSignature, which pre-dates the JSR-105 API, did not include this functionality. This has been fixed in the 1.5.0 release, e.g.:</p>
<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
-<script class="theme: Default; brush: java; gutter: false" type="syntaxhighlighter"><![CDATA[
+<pre class="brush: java; gutter: false; theme: Default" style="font-size:12px;">
XMLSignature signature = ...
// Perform validation and then...
SignedInfo signedInfo = signature.getSignedInfo();
@@ -186,7 +186,7 @@ for (int i = 0; i < signedInfo.getLen
....
}
-]]></script>
+</pre>
</div></div>
<p>ReferenceData is a new interface that duplicates the way the JSR-105 API returns references. Three different implementations have been provided depending on whether the dereferenced Element is a NodeSet, Element or OctetStream.</p>
Modified: websites/production/santuario/content/javaindex.html
==============================================================================
--- websites/production/santuario/content/javaindex.html (original)
+++ websites/production/santuario/content/javaindex.html Wed Jul 15 14:19:32 2015
@@ -99,7 +99,7 @@ Apache Santuario -- java_index
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="java_index-ApacheXMLSecurityforJava">Apache XML Security for Java</h1><h3 id="java_index-Overview">Overview</h3><p>The Apache XML Security for Java library supports <a shape="rect" class="external-link" href="http://www.w3c.org/TR/2002/REC-xmldsig-core-20020212/" rel="nofollow">XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002</a> and <a shape="rect" class="external-link" href="http://www.w3c.org/TR/2002/REC-xmlenc-core-20021210/" rel="nofollow">XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002</a>.</p><p>There are a number of different options open to the developer using the library. For XML Signature, three different approaches are available:</p><ul><li>The JSR-105 API: The standard Java XML Digital Signature API. This uses a DOM (in-memory) implementation under-the-hood.</li><li>The Apache Santuario Java DOM API: The older DOM API which pre-dates JSR-105.</li><li>The Apache Santuario Java StAX API:
The newer StAX-based (streaming) API which uses far less memory for large XML trees than the DOM approach.</li></ul><p>For XML Encryption, two different approaches are available:</p><ul><li>The Apache Santuario Java DOM API: A DOM API for XML Encryption.</li><li>The Apache Santuario Java StAX API: The newer StAX-based (streaming) API which uses far less memory for large XML trees than the DOM approach.</li></ul><p>The StAX-based (streaming) functionality is only available as of the 2.0.0 release. Please see the <a shape="rect" href="streaming-xml-security.html">Streaming XML Security</a> page for more information about how to use this approach.</p><h3 id="java_index-News">News</h3><h5 id="java_index-April2015">April 2015</h5><p>Version 2.0.4 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more
information.</p><h3 id="java_index-OldNews">Old News</h3><p>See <a shape="rect" href="oldnews.html">here</a> for older news.</p></div>
+<div id="ConfluenceContent"><h1 id="java_index-ApacheXMLSecurityforJava">Apache XML Security for Java</h1><h3 id="java_index-Overview">Overview</h3><p>The Apache XML Security for Java library supports <a shape="rect" class="external-link" href="http://www.w3c.org/TR/2002/REC-xmldsig-core-20020212/" rel="nofollow">XML-Signature Syntax and Processing, W3C Recommendation 12 February 2002</a> and <a shape="rect" class="external-link" href="http://www.w3c.org/TR/2002/REC-xmlenc-core-20021210/" rel="nofollow">XML Encryption Syntax and Processing, W3C Recommendation 10 December 2002</a>.</p><p>There are a number of different options open to the developer using the library. For XML Signature, three different approaches are available:</p><ul><li>The JSR-105 API: The standard Java XML Digital Signature API. This uses a DOM (in-memory) implementation under-the-hood.</li><li>The Apache Santuario Java DOM API: The older DOM API which pre-dates JSR-105.</li><li>The Apache Santuario Java StAX API:
The newer StAX-based (streaming) API which uses far less memory for large XML trees than the DOM approach.</li></ul><p>For XML Encryption, two different approaches are available:</p><ul><li>The Apache Santuario Java DOM API: A DOM API for XML Encryption.</li><li>The Apache Santuario Java StAX API: The newer StAX-based (streaming) API which uses far less memory for large XML trees than the DOM approach.</li></ul><p>The StAX-based (streaming) functionality is only available as of the 2.0.0 release. Please see the <a shape="rect" href="streaming-xml-security.html">Streaming XML Security</a> page for more information about how to use this approach.</p><h3 id="java_index-News">News</h3><h5 id="java_index-July2015">July 2015</h5><p>Version 2.0.5 of the Apache XML Security for Java library has been released.</p><p>Please see the <span class="confluence-link"><a shape="rect" href="https://cwiki.apache.org/confluence/display/SANTUARIO/java_release_notes">release notes</a></span> for more in
formation.</p><h3 id="java_index-OldNews">Old News</h3><p>See <a shape="rect" href="oldnews.html">here</a> for older news.</p></div>
</div>
<!-- Content -->
</td>
Modified: websites/production/santuario/content/javareleasenotes.html
==============================================================================
--- websites/production/santuario/content/javareleasenotes.html (original)
+++ websites/production/santuario/content/javareleasenotes.html Wed Jul 15 14:19:32 2015
@@ -99,7 +99,7 @@ Apache Santuario -- java_release_notes
<td height="100%">
<!-- Content -->
<div class="wiki-content">
-<div id="ConfluenceContent"><h1 id="java_release_notes-ApacheXMLSecurityforJavaReleaseNotes">Apache XML Security for Java Release Notes</h1><h3 class="confluence-link" id="java_release_notes-CurrentReleases">Current Releases</h3><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO/fixforversion/12329273">Apache XML Security for Java 2.0.4</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO/fixforversion/12327162">Apache XML Security for Java 1.5.8</a></li></ul><h3 id="java_release_notes-Olderreleases">Older releases</h3><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO/fixforversion/12328679">Apache XML Security for Java 2.0.3</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO/fixforversion/12325592">Apache XML Security for Java 1.5.7</a></li><li><a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/SANTUARIO/fixforversion/12326812">Apache XML Security for Java 2.0.1</a><span class="confluence-link"> </span></li><li><span class="confluence-link"><a shape="rect" href="java200releasenotes.html">Apache XML Security for Java 2.0.0</a></span></li><li><a shape="rect" href="java156releasenotes.html">Apache XML Security for Java 1.5.6</a></li><li><a shape="rect" href="java148releasenotes.html">Apache XML Security for Java 1.4.8</a></li><li><a shape="rect" href="java155releasenotes.html">Apache XML Security for Java 1.5.5</a></li><li><a shape="rect" href="java154releasenotes.html">Apache XML Security for Java 1.5.4</a></li><li><a shape="rect" href="java147releasenotes.html">Apache XML Security for Java 1.4.7</a></li><li><a shape="rect" href="java153releasenotes.html">Apache XML Security for Java 1.5.3</a></li><li><a shape="rect" href="java152releasenotes.html">Apache XML Security for Java 1.5.2</a></li><li><a shape="rect" href="java151rel
easenotes.html">Apache XML Security for Java 1.5.1</a></li><li><a shape="rect" href="java146releasenotes.html">Apache XML Security for Java 1.4.6</a></li><li><a shape="rect" href="java150releasenotes.html">Apache XML Security for Java 1.5.0</a></li><li><a shape="rect" href="java145releasenotes.html">Apache XML Security for Java 1.4.5</a></li><li><a shape="rect" href="java144releasenotes.html">Apache XML Security for Java 1.4.4</a></li><li><a shape="rect" href="java143releasenotes.html">Apache XML Security for Java 1.4.3</a></li><li><a shape="rect" href="java142releasenotes.html">Apache XML Security for Java 1.4.2</a></li><li><a shape="rect" href="java141releasenotes.html">Apache XML Security for Java 1.4.1</a></li><li><a shape="rect" href="java140releasenotes.html">Apache XML Security for Java 1.4.0</a></li><li><a shape="rect" href="java130releasenotes.html">Apache XML Security for Java 1.3.0</a></li><li><a shape="rect" href="java121releasenotes.html">Apache XML Security for Java 1.
2.1</a></li><li><a shape="rect" href="java120releasenotes.html">Apache XML Security for Java 1.2.0</a></li></ul></div>
+<div id="ConfluenceContent"><h1 id="java_release_notes-ApacheXMLSecurityforJavaReleaseNotes">Apache XML Security for Java Release Notes</h1><h3 class="confluence-link" id="java_release_notes-CurrentReleases">Current Releases</h3><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO/fixforversion/12332067">Apache XML Security for Java 2.0.5</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO/fixforversion/12327162">Apache XML Security for Java 1.5.8</a></li></ul><h3 id="java_release_notes-Olderreleases">Older releases</h3><ul><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO/fixforversion/12329273">Apache XML Security for Java 2.0.4</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO/fixforversion/12328679">Apache XML Security for Java 2.0.3</a></li><li><a shape="rect" class="external-link"
href="https://issues.apache.org/jira/browse/SANTUARIO/fixforversion/12325592">Apache XML Security for Java 1.5.7</a></li><li><a shape="rect" class="external-link" href="https://issues.apache.org/jira/browse/SANTUARIO/fixforversion/12326812">Apache XML Security for Java 2.0.1</a><span class="confluence-link"> </span></li><li><span class="confluence-link"><a shape="rect" href="java200releasenotes.html">Apache XML Security for Java 2.0.0</a></span></li><li><a shape="rect" href="java156releasenotes.html">Apache XML Security for Java 1.5.6</a></li><li><a shape="rect" href="java148releasenotes.html">Apache XML Security for Java 1.4.8</a></li><li><a shape="rect" href="java155releasenotes.html">Apache XML Security for Java 1.5.5</a></li><li><a shape="rect" href="java154releasenotes.html">Apache XML Security for Java 1.5.4</a></li><li><a shape="rect" href="java147releasenotes.html">Apache XML Security for Java 1.4.7</a></li><li><a shape="rect" href="java153releasenotes.html">Apache XML
Security for Java 1.5.3</a></li><li><a shape="rect" href="java152releasenotes.html">Apache XML Security for Java 1.5.2</a></li><li><a shape="rect" href="java151releasenotes.html">Apache XML Security for Java 1.5.1</a></li><li><a shape="rect" href="java146releasenotes.html">Apache XML Security for Java 1.4.6</a></li><li><a shape="rect" href="java150releasenotes.html">Apache XML Security for Java 1.5.0</a></li><li><a shape="rect" href="java145releasenotes.html">Apache XML Security for Java 1.4.5</a></li><li><a shape="rect" href="java144releasenotes.html">Apache XML Security for Java 1.4.4</a></li><li><a shape="rect" href="java143releasenotes.html">Apache XML Security for Java 1.4.3</a></li><li><a shape="rect" href="java142releasenotes.html">Apache XML Security for Java 1.4.2</a></li><li><a shape="rect" href="java141releasenotes.html">Apache XML Security for Java 1.4.1</a></li><li><a shape="rect" href="java140releasenotes.html">Apache XML Security for Java 1.4.0</a></li><li><a shape="r
ect" href="java130releasenotes.html">Apache XML Security for Java 1.3.0</a></li><li><a shape="rect" href="java121releasenotes.html">Apache XML Security for Java 1.2.1</a></li><li><a shape="rect" href="java120releasenotes.html">Apache XML Security for Java 1.2.0</a></li></ul></div>
</div>
<!-- Content -->
</td>