xml-security-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Anderson Jonathan" <anderson_jonat...@bah.com>
Subject RE: Verify signature references against a set of required elements?
Date Fri, 27 Feb 2004 15:31:15 GMT
Thanks for the response Berin.  :)

To answer you're question: I've got anywhere between 4-8 Reference elements,
the NodeSets of which usually contain 50-100 Nodes.  Of course the Nodes are
not just Element nodes, but rather all of the child nodes of the original
elements that were referenced, and they are in no particular order in the

So, if I've got 4-8 required Elements and 4-8 References, I thought it would
be even uglier to do something like:

foreach (NodeSet)
	foreach (ElementToCheck)

due to the efficiency of ArrayList.contains().  My biggest problem is that
(to my current knowledge and understanding) I cannot determine the top level
Node that the Reference actually referenced from the current XML-Security
APIs.  Hence the ugly 2 dimensional loop.

If you've got any helpful hints, they would be greatly appreciated.  :)


-----Original Message-----
From: Berin Lautenbach [mailto:berin@wingsofhermes.org]
Sent: Friday, February 27, 2004 6:10 AM
To: security-users@xml.apache.org
Subject: Re: Verify signature references against a set of required


Wow, that is some ugly code you have there!


There is no "nice" way I know of to do what you want - but one question
- why do you first extract everything from the set and put into a list?
  Can't you call nodes.contains() for each node you are interested in?


Anderson Jonathan wrote:

> Greetings,
> 	I'm curious - is there an efficient way to verify signature references
> against a set of required elements?  I'm trying to write some code that
> enforces signature "coverage," and I'm struggling to find an elegant way
> do it.  Here's what I've got so far:
> List coveredElementNodes = new ArrayList();
> for (int i=0; i < sig.getSignedInfo().getLength(); i++)
> {
>     Reference ref = sig.getSignedInfo().item(i);
>     XMLSignatureInput input = ref.getContentsBeforeTransformation();
>     Set nodes = input.getNodeSet();
>     for (Iterator iterator = nodes.iterator(); iterator.hasNext();)
>     {
>         Node node = (Node) iterator.next();
>         if (node.getNodeType() == Node.ELEMENT_NODE)
>         {
>             coveredElementNodes.add(node);
>         }
>     }
> }
> And then I simply do a coverElementNodes.contains() for every Element in
> DOM that I want to ensure has been signed.  It's ugly, it's inefficient,
> I'm curious - is there a better way?
> Any and all feedback would be appreciated (including "wow, that is some
> code you've got there" comments).  :)  Thanks in advance.
> 	-Jon

View raw message