Bug 32657

Summary: Experimental single pass SAX xml signature verification
Product: Security - Now in JIRA Reporter: Raul Benito <raul-info>
Component: SignatureAssignee: XML Security Developers Mailing List <security-dev>
Status: NEW ---    
Severity: enhancement    
Priority: P2    
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: All   
Attachments: First Version
Second version

Description Raul Benito 2004-12-12 14:09:54 UTC
I attached a patch that includes an experimental (i.e. nearly working, and hard
to use) single pass SAX xml signature verification.
Right now it can only verify signatures that the name of the element signed, and
the way it is c14n are known before hand (no other transformations are
implemented, so no enveloped signatures right now). Some examples of use can be
found in the src_samples/prb/SaxPrb.java. I have documented my progress somehow
in my blog so please take a look to http://r-bg.com/apache for more info.
 
This feature has been tested by some other people finding very big improvements
both in memory consumption and in performance. But the API is really unstable
and it is going to change radically in next versions.

I'm expecting some help in order to design the API, and the functionality in
order to include it (when polished) in the official distribution.

Thanks,

Raul
Comment 1 Raul Benito 2004-12-12 14:10:40 UTC
Created attachment 13738 [details]
First Version
Comment 2 Raul Benito 2005-01-07 18:27:45 UTC
Created attachment 13928 [details]
Second version

New version, major changes: 
 * easier to use API(see tests for examples), in enveloping signatures no other
parameters need to be given. 
 * verification of enveloped signature.
Stills:
 The api is still not stable, only verification not creation API. More ways of
telling what to verificate and how.