| int | xmlSecDSigCtxProcessSignatureNode | ( | xmlSecDSigCtxPtr | dsigCtx, |
| xmlNodePtr | node | |||
| ) | [static] | |||
xmlSecDSigCtxProcessSignatureNode:
The Signature element ( http://www.w3.org/TR/xmldsig-core/#sec-Signature )
The Signature element is the root element of an XML Signature. Implementation MUST generate laxly schema valid [XML-schema] Signature elements as specified by the following schema: The way in which the SignedInfo element is presented to the canonicalization method is dependent on that method. The following applies to algorithms which process XML as nodes or characters:
XML based canonicalization implementations MUST be provided with a [XPath] node-set originally formed from the document containing the SignedInfo and currently indicating the SignedInfo, its descendants, and the attribute and namespace nodes of SignedInfo and its descendant elements.
Text based canonicalization algorithms (such as CRLF and charset normalization) should be provided with the UTF-8 octets that represent the well-formed SignedInfo element, from the first character to the last character of the XML representation, inclusive. This includes the entire text of the start and end tags of the SignedInfo element as well as all descendant markup and character data (i.e., the text) between those tags. Use of text based canonicalization of SignedInfo is NOT RECOMMENDED.
================================= we do not support any non XML based C14N
Schema Definition:
<element name="Signature" type="ds:SignatureType"> <complexType name="SignatureType"> <sequence> <element ref="ds:SignedInfo"> <element ref="ds:SignatureValue"> <element ref="ds:KeyInfo" minoccurs="0"> <element ref="ds:Object" minoccurs="0" maxoccurs="unbounded"> </sequence> <attribute name="Id" type="ID" use="optional"> </complexType>
DTD:
<!ELEMENT Signature (SignedInfo, SignatureValue, KeyInfo?, Object*) > <!ATTLIST Signature xmlns CDATA FIXED 'http://www.w3.org/2000/09/xmldsig#' Id ID IMPLIED >
| xmlSecDSigCtxPtr dsigCtx | |
| xmlNodePtr node |
| int | xmlSecDSigCtxProcessSignedInfoNode | ( | xmlSecDSigCtxPtr | dsigCtx, |
| xmlNodePtr | node | |||
| ) | [static] | |||
xmlSecDSigCtxProcessSignedInfoNode:
The SignedInfo Element ( http://www.w3.org/TR/xmldsig-core/#sec-SignedInfo )
The structure of SignedInfo includes the canonicalization algorithm, a result algorithm, and one or more references. The SignedInfo element may contain an optional ID attribute that will allow it to be referenced by other signatures and objects.
SignedInfo does not include explicit result or digest properties (such as calculation time, cryptographic device serial number, etc.). If an application needs to associate properties with the result or digest, it may include such information in a SignatureProperties element within an Object element.
Schema Definition:
<element name="SignedInfo" type="ds:SignedInfoType"> <complexType name="SignedInfoType"> <sequence> <element ref="ds:CanonicalizationMethod"> <element ref="ds:SignatureMethod"> <element ref="ds:Reference" maxoccurs="unbounded"> </sequence> <attribute name="Id" type="ID" use="optional"> </complexType>
DTD:
<!ELEMENT SignedInfo (CanonicalizationMethod, SignatureMethod, Reference+) > <!ATTLIST SignedInfo Id ID IMPLIED>
| xmlSecDSigCtxPtr dsigCtx | |
| xmlNodePtr node |
| int | xmlSecDSigCtxProcessKeyInfoNode | ( | xmlSecDSigCtxPtr | dsigCtx, |
| xmlNodePtr | node | |||
| ) | [static] | |||
| xmlSecDSigCtxPtr dsigCtx | |
| xmlNodePtr node |
| int | xmlSecDSigCtxProcessObjectNode | ( | xmlSecDSigCtxPtr | dsigCtx, |
| xmlNodePtr | node | |||
| ) | [static] | |||
xmlSecDSigCtxProcessObjectNode:
The Object Element ( http://www.w3.org/TR/xmldsig-core/#sec-Object )
Object is an optional element that may occur one or more times. When present, this element may contain any data. The Object element may include optional MIME type, ID, and encoding attributes.
Schema Definition:
<element name="Object" type="ds:ObjectType"> <complexType name="ObjectType" mixed="true"> <sequence minoccurs="0" maxoccurs="unbounded"> <any namespace="##any" processcontents="lax"> </sequence> <attribute name="Id" type="ID" use="optional"> <attribute name="MimeType" type="string" use="optional"> <attribute name="Encoding" type="anyURI" use="optional"> </complexType>
DTD:
<!ELEMENT Object (PCDATA|Signature|SignatureProperties|Manifest Object.ANY;)* > <!ATTLIST Object Id ID IMPLIED MimeType CDATA IMPLIED Encoding CDATA IMPLIED >
| xmlSecDSigCtxPtr dsigCtx | |
| xmlNodePtr node |
| int | xmlSecDSigCtxProcessManifestNode | ( | xmlSecDSigCtxPtr | dsigCtx, |
| xmlNodePtr | node | |||
| ) | [static] | |||
xmlSecDSigCtxProcessManifestNode:
The Manifest Element ( http://www.w3.org/TR/xmldsig-core/#sec-Manifest )
The Manifest element provides a list of References. The difference from the list in SignedInfo is that it is application defined which, if any, of the digests are actually checked against the objects referenced and what to do if the object is inaccessible or the digest compare fails. If a Manifest is pointed to from SignedInfo, the digest over the Manifest itself will be checked by the core result validation behavior. The digests within such a Manifest are checked at the application's discretion. If a Manifest is referenced from another Manifest, even the overall digest of this two level deep Manifest might not be checked.
Schema Definition:
<element name="Manifest" type="ds:ManifestType"> <complexType name="ManifestType"> <sequence> <element ref="ds:Reference" maxoccurs="unbounded"> </sequence> <attribute name="Id" type="ID" use="optional"> </complexType>
DTD:
<!ELEMENT Manifest (Reference+) > <!ATTLIST Manifest Id ID IMPLIED >
| xmlSecDSigCtxPtr dsigCtx | |
| xmlNodePtr node |
| xmlSecPtrListKlass | xmlSecDSigReferenceCtxListKlass | [static] |
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.