xml-general-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From blaut...@apache.org
Subject cvs commit: xml-site/targets/security/c faq.html faq.pdf
Date Thu, 20 Nov 2003 10:16:22 GMT
blautenb    2003/11/20 02:16:22

  Modified:    targets/security/Java faq.html faq.pdf
               targets/security/c faq.html faq.pdf
  Log:
  New FAQ for signature/element node insertion ordering
  
  Revision  Changes    Path
  1.2       +50 -14    xml-site/targets/security/Java/faq.html
  
  Index: faq.html
  ===================================================================
  RCS file: /home/cvs/xml-site/targets/security/Java/faq.html,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- faq.html	5 Oct 2003 07:38:00 -0000	1.1
  +++ faq.html	20 Nov 2003 10:16:22 -0000	1.2
  @@ -185,8 +185,8 @@
   <!--================= end middle NavBar ==================-->
   <!--================= start Content==================-->
   <tr>
  -<td align="left" width="10"><img width="10" height="1" alt="" src="../skin/images/spacer.gif"
class="spacer"></td><td align="left" width="100%">
  -<div xmlns:xhtml="http://www.w3.org/1999/xhtml" class="content">
  +<td align="left" width="10"><img width="10" height="1" alt="" src="../skin/images/spacer.gif"
class="spacer"></td><td colspan="2" align="left" width="100%">
  +<div class="content">
   <table class="title" summary="">
   <tr>
   <td valign="middle">
  @@ -253,18 +253,23 @@
   	I get a NullPointerException, and I don't know what's wrong.
         </a>
   </li>
  +<li>
  +<a name="elementorder-menu"></a><a href="#elementorder">
  +		I sign a document and when I try to verify using the same key, it fails
  +	  </a>
  +</li>
   </ul>
   <br>
   </li>
   </ol>
   </div>
  -<a name="N10046"></a><a name="Answers"></a>
  +<a name="N1004B"></a><a name="Answers"></a>
   <h3>Answers</h3>
   <div style="margin-left: 0 ; border: 2px">
  -<a name="N1004A"></a><a name="general_j"></a>
  +<a name="N1004F"></a><a name="general_j"></a>
   <h4>1. Questions about Java</h4>
   <div style="margin-left: 0 ; border: 2px">
  -<a name="N1004E"></a><a name="security_j"></a>
  +<a name="N10053"></a><a name="security_j"></a>
   <h5>1.1. 
   	I have a Java-(security/cryptography) problem. Can you help me?
         <span style="float: right"><a href="#security_j-menu">^</a></span>
  @@ -276,7 +281,7 @@
   	  a keypair", etc.
   	</p>
   </div>
  -<a name="N1005A"></a><a name="xml_j"></a>
  +<a name="N1005F"></a><a name="xml_j"></a>
   <h5>1.2. 
   	I have a Java-XML problem.
         <span style="float: right"><a href="#xml_j-menu">^</a></span>
  @@ -288,10 +293,10 @@
   	</p>
   </div>
   </div>
  -<a name="N1006A"></a><a name="specific_"></a>
  +<a name="N1006F"></a><a name="specific_"></a>
   <h4>2. Questions about this package</h4>
   <div style="margin-left: 0 ; border: 2px">
  -<a name="N1006E"></a><a name="crimson"></a>
  +<a name="N10073"></a><a name="crimson"></a>
   <h5>2.1. 
   	I'm using Crimson, but it throws Exceptions. Why?
         <span style="float: right"><a href="#crimson-menu">^</a></span>
  @@ -311,7 +316,7 @@
   	  instead of Crimson.
   	</p>
   </div>
  -<a name="N10083"></a><a name="bouncy"></a>
  +<a name="N10088"></a><a name="bouncy"></a>
   <h5>2.2. 
   	What's up with the Bouncy Castle CSP? / Where is my CSP?
         <span style="float: right"><a href="#bouncy-menu">^</a></span>
  @@ -354,7 +359,7 @@
   	  More information can be found in the <a href="../Java/installation.html">Installation</a>
section.
   	</p>
   </div>
  -<a name="N100BD"></a><a name="logging"></a>
  +<a name="N100C2"></a><a name="logging"></a>
   <h5>2.3. 
   	How do I enable/turn off logging?
         <span style="float: right"><a href="#logging-menu">^</a></span>
  @@ -380,7 +385,7 @@
   	
   </p>
   </div>
  -<a name="N100E0"></a><a name="baseURI"></a>
  +<a name="N100E5"></a><a name="baseURI"></a>
   <h5>2.4. 
   	What is the meaning of BaseURI?
         <span style="float: right"><a href="#baseURI-menu">^</a></span>
  @@ -424,7 +429,7 @@
   	  say <span class="codefrag">URI="http://www.acme.com/index.html"</span>.

   	</p>
   </div>
  -<a name="N1011E"></a><a name="examples"></a>
  +<a name="N10123"></a><a name="examples"></a>
   <h5>2.5. 
   	How do I use the package to generate and verify a signature?
         <span style="float: right"><a href="#examples-menu">^</a></span>
  @@ -444,7 +449,7 @@
   	</div>
   </div>
   </div>
  -<a name="N10135"></a><a name="jdk140"></a>
  +<a name="N1013A"></a><a name="jdk140"></a>
   <h5>2.6. 
   	I'm using SUN JDK v1.4.0 or v1.4.1 and it get some exceptions. Any clues?
         <span style="float: right"><a href="#jdk140-menu">^</a></span>
  @@ -475,7 +480,7 @@
   	    Unofficial JAXP FAQ </a>. 
   	</p>
   </div>
  -<a name="N10152"></a><a name="nullptrexception"></a>
  +<a name="N10157"></a><a name="nullptrexception"></a>
   <h5>2.7. 
   	I get a NullPointerException, and I don't know what's wrong.
         <span style="float: right"><a href="#nullptrexception-menu">^</a></span>
  @@ -496,6 +501,37 @@
   	  using DOM1 calls which are not namespace aware, they do not care about
   	  any problem you have because of incorrect hehaviour of Xalan.
   	</p>
  +</div>
  +<a name="N10168"></a><a name="elementorder"></a>
  +<h5>2.8. 
  +		I sign a document and when I try to verify using the same key, it fails
  +	  <span style="float: right"><a href="#elementorder-menu">^</a></span>
  +</h5>
  +<div style="margin-left: 15 ; border: 2px">
  +<p>
  +		  After you have created the XMLSignature object, before you sign the
  +		  document, you <em>must</em> embed the signature element in the owning
  +		  document (using a call to <span class="codefrag">XMLSignature.getElement()</span>
to
  +		  retrieve the newly created Element node from the signature) before
  +		  calling the <span class="codefrag">XMLSignature.sign()</span> method,
  +		</p>
  +<p>
  +		  During canonicalisation of the SignedInfo element, the library looks
  +		  at the parent and ancestor nodes of the Signature element to find
  +		  any namespaces that the SignedInfo node has inherited.  Any that are
  +		  found are embedded in the canonical form of the SignedInfo.  (This
  +		  is not true when Exclusive Canonicalisation is used, but it is still
  +		  good practice to insert the element node prior to the sign()
  +		  method being called).
  +		</p>
  +<p>
  +		  If you have not embedded the signature node in the document, it will
  +		  not have any parent or ancestor nodes, so it will not inherit their
  +		  namespaces.  If you then embed it in the document and call <span class="codefrag">
  +			verify()</span>, the namespaces will be found and the canonical 
  +		  form of SignedInfo will be different to that generated during 
  +		  <span class="codefrag">sign()</span>.
  +		</p>
   </div>
   </div>
   </div>
  
  
  
  1.2       +233 -205  xml-site/targets/security/Java/faq.pdf
  
  	<<Binary file>>
  
  
  1.2       +45 -9     xml-site/targets/security/c/faq.html
  
  Index: faq.html
  ===================================================================
  RCS file: /home/cvs/xml-site/targets/security/c/faq.html,v
  retrieving revision 1.1
  retrieving revision 1.2
  diff -u -r1.1 -r1.2
  --- faq.html	5 Oct 2003 07:38:00 -0000	1.1
  +++ faq.html	20 Nov 2003 10:16:22 -0000	1.2
  @@ -192,8 +192,8 @@
   <!--================= end middle NavBar ==================-->
   <!--================= start Content==================-->
   <tr>
  -<td align="left" width="10"><img width="10" height="1" alt="" src="../skin/images/spacer.gif"
class="spacer"></td><td align="left" width="100%">
  -<div xmlns:xhtml="http://www.w3.org/1999/xhtml" class="content">
  +<td align="left" width="10"><img width="10" height="1" alt="" src="../skin/images/spacer.gif"
class="spacer"></td><td colspan="2" align="left" width="100%">
  +<div class="content">
   <table class="title" summary="">
   <tr>
   <td valign="middle">
  @@ -234,18 +234,23 @@
   		Are versions of Xalan prior to 1.6 supported?
   	  </a>
   </li>
  +<li>
  +<a name="elementorder-menu"></a><a href="#elementorder">
  +		I sign a document and when I try to verify using the same key, it fails
  +	  </a>
  +</li>
   </ul>
   <br>
   </li>
   </ol>
   </div>
  -<a name="N1002A"></a><a name="Answers"></a>
  +<a name="N1002F"></a><a name="Answers"></a>
   <h3>Answers</h3>
   <div style="margin-left: 0 ; border: 2px">
  -<a name="N1002E"></a><a name="general_c"></a>
  +<a name="N10033"></a><a name="general_c"></a>
   <h4>1. Compiling and Using the Library</h4>
   <div style="margin-left: 0 ; border: 2px">
  -<a name="N10032"></a><a name="openssl_c"></a>
  +<a name="N10037"></a><a name="openssl_c"></a>
   <h5>1.1. 
   		Is OpenSSL required?
         <span style="float: right"><a href="#openssl_c-menu">^</a></span>
  @@ -263,7 +268,7 @@
   		  call).
   		</p>
   </div>
  -<a name="N10040"></a><a name="openssl2_c"></a>
  +<a name="N10045"></a><a name="openssl2_c"></a>
   <h5>1.2. 
   		Does the library provide a full C++ wrapper for OpenSSL?
   	  <span style="float: right"><a href="#openssl2_c-menu">^</a></span>
  @@ -278,7 +283,7 @@
   		  objects and passed into the library.
   		</p>
   </div>
  -<a name="N10048"></a><a name="wincapi_c"></a>
  +<a name="N1004D"></a><a name="wincapi_c"></a>
   <h5>1.3. 
   		What is WinCAPI?
   	  <span style="float: right"><a href="#wincapi_c-menu">^</a></span>
  @@ -292,7 +297,7 @@
   		  It is <em>not</em> a C API wrapper for the overall library.
   		</p>
   </div>
  -<a name="N10056"></a><a name="xalan_c"></a>
  +<a name="N1005B"></a><a name="xalan_c"></a>
   <h5>1.4. 
   		Is Xalan required?
         <span style="float: right"><a href="#xalan_c-menu">^</a></span>
  @@ -307,7 +312,7 @@
   		  configure on UNIX, or use the VC++ "without Xalan" settings.
   		</p>
   </div>
  -<a name="N10061"></a><a name="oldXalanC"></a>
  +<a name="N10066"></a><a name="oldXalanC"></a>
   <h5>1.5. 
   		Are versions of Xalan prior to 1.6 supported?
   	  <span style="float: right"><a href="#oldXalanC-menu">^</a></span>
  @@ -318,6 +323,37 @@
   		  versions, the location of include files changed in 1.6.  A
   		  decision was made in version 1.0.0 of xml-security-c to
   		  update the source to support these new locations.
  +		</p>
  +</div>
  +<a name="N1006E"></a><a name="elementorder"></a>
  +<h5>1.6. 
  +		I sign a document and when I try to verify using the same key, it fails
  +	  <span style="float: right"><a href="#elementorder-menu">^</a></span>
  +</h5>
  +<div style="margin-left: 15 ; border: 2px">
  +<p>
  +		  After you have created the XMLSignature object, before you sign the
  +		  document, you <em>must</em> embed the signature element in the owning
  +		  document (which is returned by the call to 
  +		  <span class="codefrag">DSIGSignature::createBlankSignature(...)</span>)
before
  +		  calling the <span class="codefrag">DSIGSignature::sign()</span> method,
  +		</p>
  +<p>
  +		  During canonicalisation of the SignedInfo element, the library looks
  +		  at the parent and ancestor nodes of the Signature element to find
  +		  any namespaces that the SignedInfo node has inherited.  Any that are
  +		  found are embedded in the canonical form of the SignedInfo.  (This
  +		  is not true when Exclusive Canonicalisation is used, but it is still
  +		  good practice to insert the element node prior to the sign()
  +		  method being called).
  +		</p>
  +<p>
  +		  If you have not embedded the signature node in the document, it will
  +		  not have any parent or ancestor nodes, so it will not inherit their
  +		  namespaces.  If you then embed it in the document and call <span class="codefrag">
  +			verify()</span>, the namespaces will be found and the canonical 
  +		  form of SignedInfo will be different to that generated during 
  +		  <span class="codefrag">sign()</span>.
   		</p>
   </div>
   </div>
  
  
  
  1.2       +152 -116  xml-site/targets/security/c/faq.pdf
  
  	<<Binary file>>
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: general-cvs-unsubscribe@xml.apache.org
For additional commands, e-mail: general-cvs-help@xml.apache.org


Mime
View raw message