[xsd-users] [Q] XSD in combination with Apache Xml Security
Alexander Petry
petry at itwm.fhg.de
Tue Mar 11 12:56:11 EDT 2008
Hello list!
I am currently working on a project that is going to use XML in
combination with the XML security specifications ([1] and [2]). The Apache
Foundation implemented both specs (XML Digital Signature and XML
Encryption) in the XML Security Library ([3]). Under Debian this library
can be installed via apt-get install libxml-security-c{12,-dev}.
The problem I am facing right now is how to combine the xsd-generated
classes with this library. My document structure looks something like
that:
<xbe:message>
<xbe:header>
...
<dsig:Signature>
...
</dsig:Signature>
</xbe:header>
<xbe:body>
...
</xbe:body>
</xbe:message>
Building and parsing of simple "xbe:message" objects works, but I don't
know how I am supposed to integrate the 'dsig:Signature' part correctly,
the examples in [3] are not that obvious (at least to me). The steps I
tried so far have been:
1. create the in-memory representation of a 'xbe:message'
2. serialize the message to a DOMDocument
3. find the 'xbe:header' element
4. create a Signature object (via library calls) and append it to the
header element
5. sign the document
6. write the (signed) document to a file
7. read the file and validate the signature (fails!)
Did somebody already implement something like that and is able to share
the code? Is there a known procedure how to integrate other libraries that
modify the DOM tree with xsd? I am grateful for any hints.
Best regards,
Alex
References:
[1] http://www.w3.org/TR/xmldsig-core/
[2] http://www.w3.org/TR/xmlenc-core/
[3] http://santuario.apache.org/index.html
More information about the xsd-users
mailing list