xml-security-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anderson Jonathan" <anderson_jonat...@bah.com>
Subject RE: Verify signature references against a set of required elements?
Date Fri, 27 Feb 2004 15:31:15 GMT
Thanks for the response Berin.  :)

To answer you're question: I've got anywhere between 4-8 Reference elements,
the NodeSets of which usually contain 50-100 Nodes.  Of course the Nodes are
not just Element nodes, but rather all of the child nodes of the original
elements that were referenced, and they are in no particular order in the
Set.

So, if I've got 4-8 required Elements and 4-8 References, I thought it would
be even uglier to do something like:

foreach (NodeSet)
{
	foreach (ElementToCheck)
	{
		NodeSet.contains(ElementToCheck)
	}
}

due to the efficiency of ArrayList.contains().  My biggest problem is that
(to my current knowledge and understanding) I cannot determine the top level
Node that the Reference actually referenced from the current XML-Security
APIs.  Hence the ugly 2 dimensional loop.

If you've got any helpful hints, they would be greatly appreciated.  :)

	-Jon



-----Original Message-----
From: Berin Lautenbach [mailto:berin@wingsofhermes.org]
Sent: Friday, February 27, 2004 6:10 AM
To: security-users@xml.apache.org
Subject: Re: Verify signature references against a set of required
elements?


Jon,

Wow, that is some ugly code you have there!

<GRIN>.

There is no "nice" way I know of to do what you want - but one question
- why do you first extract everything from the set and put into a list?
  Can't you call nodes.contains() for each node you are interested in?

Cheers,
	Berin

Anderson Jonathan wrote:

> Greetings,
> 	I'm curious - is there an efficient way to verify signature references
> against a set of required elements?  I'm trying to write some code that
> enforces signature "coverage," and I'm struggling to find an elegant way
to
> do it.  Here's what I've got so far:
>
> List coveredElementNodes = new ArrayList();
> for (int i=0; i < sig.getSignedInfo().getLength(); i++)
> {
>     Reference ref = sig.getSignedInfo().item(i);
>     XMLSignatureInput input = ref.getContentsBeforeTransformation();
>     Set nodes = input.getNodeSet();
>     for (Iterator iterator = nodes.iterator(); iterator.hasNext();)
>     {
>         Node node = (Node) iterator.next();
>         if (node.getNodeType() == Node.ELEMENT_NODE)
>         {
>             coveredElementNodes.add(node);
>         }
>     }
> }
>
> And then I simply do a coverElementNodes.contains() for every Element in
the
> DOM that I want to ensure has been signed.  It's ugly, it's inefficient,
and
> I'm curious - is there a better way?
>
> Any and all feedback would be appreciated (including "wow, that is some
ugly
> code you've got there" comments).  :)  Thanks in advance.
>
> 	-Jon
>
>
>
>



Mime
View raw message