xml-security-c: Verify signature over anonymous files

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

xml-security-c: Verify signature over anonymous files

Raul Metsma

We are building remote xml signature verify service.
Currently we are sending all content to service to verify integrity and status of this signature.
XML Signature contains references to external files and also references to some part XML document self (XAdES SignedProperties).
The problem is that external files are sometimes big or confidential that cannot shared to service.
We are thinking to building API to send only XML signature to service with pre calculated digests of files.

Scanning through XML-security-C API I see one possible way to resolve the issue.

There is XSECAlgorithmHandler/DSIGAlgorithmHandlerDefault we can create probably custom XSECAlgorithmHandler
and register to default handler
XSECPlatformUtils::registerAlgorithmHandler(DSIGConstants::s_unicodeStrURISHA1, def);

now the process verify-s signature calls
bool DSIGAlgorithmHandlerDefault::appendHashTxfm(
TXFMChain * inputBytes,
const XMLCh * URI

where we can return custom digest handler with pre calculated hashes.
The problem with this API is, it only says digest URI and input Bytes and there is no way to know what is the input reference (XML content or external files).
I created patch that adds additional URI parameter, is this acceptable for upstream or is there other ways resolve this?

Raul Metsma

xml-security-c-1.7.3-ReferenceURI.patch (3K) Download Attachment