xml-security-c: Verify signature over anonymous files
We are building remote xml signature verify service.
Currently we are sending all content to service to verify integrity and status of this signature.
XML Signature contains references to external files and also references to some part XML document self (XAdES SignedProperties).
The problem is that external files are sometimes big or confidential that cannot shared to service.
We are thinking to building API to send only XML signature to service with pre calculated digests of files.
Scanning through XML-security-C API I see one possible way to resolve the issue.
There is XSECAlgorithmHandler/DSIGAlgorithmHandlerDefault we can create probably custom XSECAlgorithmHandler
and register to default handler
now the process verify-s signature calls
TXFMChain * inputBytes,
const XMLCh * URI
where we can return custom digest handler with pre calculated hashes.
The problem with this API is, it only says digest URI and input Bytes and there is no way to know what is the input reference (XML content or external files).
I created patch that adds additional URI parameter, is this acceptable for upstream or is there other ways resolve this?