Top |
The Transforms Element contains an ordered list of Transform elements; these describe how the signer obtained the data object that was digested.
Schema Definition:
<element name="Transforms" type="ds:TransformsType"/> <complexType name="TransformsType"> <sequence> <element ref="ds:Transform" maxOccurs="unbounded"/> </sequence> </complexType> <element name="Transform" type="ds:TransformType"/> <complexType name="TransformType" mixed="true"> <choice minOccurs="0" maxOccurs="unbounded"> <any namespace="##other" processContents="lax"/> <!-- (1,1) elements from (0,unbounded) namespaces --> <element name="XPath" type="string"/> </choice> <attribute name="Algorithm" type="anyURI" use="required"/> </complexType>
DTD:
<!ELEMENT Transforms (Transform+)> <!ELEMENT Transform (#PCDATA|XPath %Transform.ANY;)* > <!ATTLIST Transform Algorithm CDATA #REQUIRED > <!ELEMENT XPath (#PCDATA) >
xmlSecPtrListPtr
xmlSecTransformIdsGet (void
);
Gets global registered transform klasses list.
int
xmlSecTransformIdsInit (void
);
Initializes the transform klasses. This function is called from the xmlSecInit function and the application should not call it directly.
void
xmlSecTransformIdsShutdown (void
);
Shuts down the keys data klasses. This function is called from the xmlSecShutdown function and the application should not call it directly.
int
xmlSecTransformIdsRegisterDefault (void
);
Registers default (implemented by XML Security Library) transform klasses: XPath transform, Base64 transform, ...
int
xmlSecTransformIdsRegister (xmlSecTransformId id
);
Registers id
in the global list of transform klasses.
int xmlSecTransformUriTypeCheck (xmlSecTransformUriType type
,const xmlChar *uri
);
Checks if uri
matches expected type type
.
int
(*xmlSecTransformCtxPreExecuteCallback)
(xmlSecTransformCtxPtr transformCtx
);
The callback called after creating transforms chain but before starting data processing. Application can use this callback to do additional transforms chain verification or modification and aborting transforms execution (if necessary).
xmlSecTransformCtxPtr
xmlSecTransformCtxCreate (void
);
Creates transforms chain processing context. The caller is responsible for destroying returned object by calling xmlSecTransformCtxDestroy function.
void
xmlSecTransformCtxDestroy (xmlSecTransformCtxPtr ctx
);
Destroy context object created with xmlSecTransformCtxCreate function.
int
xmlSecTransformCtxInitialize (xmlSecTransformCtxPtr ctx
);
Initializes transforms chain processing context. The caller is responsible for cleaning up returned object by calling xmlSecTransformCtxFinalize function.
void
xmlSecTransformCtxFinalize (xmlSecTransformCtxPtr ctx
);
Cleans up ctx
object initialized with xmlSecTransformCtxInitialize function.
void
xmlSecTransformCtxReset (xmlSecTransformCtxPtr ctx
);
Resets transforms context for new processing.
int xmlSecTransformCtxCopyUserPref (xmlSecTransformCtxPtr dst
,xmlSecTransformCtxPtr src
);
Copies user settings from src
context to dst
.
int xmlSecTransformCtxSetUri (xmlSecTransformCtxPtr ctx
,const xmlChar *uri
,xmlNodePtr hereNode
);
Parses uri and adds xpointer transforms if required.
The following examples demonstrate what the URI attribute identifies and how it is dereferenced (http://www.w3.org/TR/xmldsig-core/sec-ReferenceProcessingModel):
URI="http://example.com/bar.xml" identifies the octets that represent the external resource 'http://example.com/bar.xml', that is probably an XML document given its file extension.
URI="http://example.com/bar.xmlchapter1" identifies the element with ID attribute value 'chapter1' of the external XML resource 'http://example.com/bar.xml', provided as an octet stream. Again, for the sake of interoperability, the element identified as 'chapter1' should be obtained using an XPath transform rather than a URI fragment (barename XPointer resolution in external resources is not REQUIRED in this specification).
URI="" identifies the node-set (minus any comment nodes) of the XML resource containing the signature
URI="chapter1" identifies a node-set containing the element with ID attribute value 'chapter1' of the XML resource containing the signature. XML Signature (and its applications) modify this node-set to include the element plus all descendants including namespaces and attributes -- but not comments.
int xmlSecTransformCtxAppend (xmlSecTransformCtxPtr ctx
,xmlSecTransformPtr transform
);
Connects the transform
to the end of the chain of transforms in the ctx
(see xmlSecTransformConnect function for details).
int xmlSecTransformCtxPrepend (xmlSecTransformCtxPtr ctx
,xmlSecTransformPtr transform
);
Connects the transform
to the beggining of the chain of transforms in the ctx
(see xmlSecTransformConnect function for details).
xmlSecTransformPtr xmlSecTransformCtxCreateAndAppend (xmlSecTransformCtxPtr ctx
,xmlSecTransformId id
);
Creates new transform and connects it to the end of the chain of
transforms in the ctx
(see xmlSecTransformConnect function for details).
xmlSecTransformPtr xmlSecTransformCtxCreateAndPrepend (xmlSecTransformCtxPtr ctx
,xmlSecTransformId id
);
Creates new transform and connects it to the end of the chain of
transforms in the ctx
(see xmlSecTransformConnect function for details).
xmlSecTransformPtr xmlSecTransformCtxNodeRead (xmlSecTransformCtxPtr ctx
,xmlNodePtr node
,xmlSecTransformUsage usage
);
Reads the transform from the node
and appends it to the current chain
of transforms in ctx
.
int xmlSecTransformCtxNodesListRead (xmlSecTransformCtxPtr ctx
,xmlNodePtr node
,xmlSecTransformUsage usage
);
Reads transforms from the <dsig:Transform/> children of the node
and
appends them to the current transforms chain in ctx
object.
ctx |
the pointer to transforms chain processing context. |
|
node |
the pointer to <dsig:Transform/> nodes parent node. |
|
usage |
the transform's usage (signature, encryption, etc.). |
int xmlSecTransformCtxPrepare (xmlSecTransformCtxPtr ctx
,xmlSecTransformDataType inputDataType
);
Prepares the transform context for processing data of inputDataType
.
int xmlSecTransformCtxBinaryExecute (xmlSecTransformCtxPtr ctx
,const xmlSecByte *data
,xmlSecSize dataSize
);
Processes binary data using transforms chain in the ctx
.
int xmlSecTransformCtxUriExecute (xmlSecTransformCtxPtr ctx
,const xmlChar *uri
);
Process binary data from the URI using transforms chain in ctx
.
int xmlSecTransformCtxXmlExecute (xmlSecTransformCtxPtr ctx
,xmlSecNodeSetPtr nodes
);
Process nodes
using transforms in the transforms chain in ctx
.
int xmlSecTransformCtxExecute (xmlSecTransformCtxPtr ctx
,xmlDocPtr doc
);
Executes transforms chain in ctx
.
void xmlSecTransformCtxDebugDump (xmlSecTransformCtxPtr ctx
,FILE *output
);
Prints transforms context debug information to output
.
void xmlSecTransformCtxDebugXmlDump (xmlSecTransformCtxPtr ctx
,FILE *output
);
Prints transforms context debug information to output
in XML format.
xmlSecTransformPtr
xmlSecTransformCreate (xmlSecTransformId id
);
Creates new transform of the id
klass. The caller is responsible for
destroying returned transform using xmlSecTransformDestroy function.
void
xmlSecTransformDestroy (xmlSecTransformPtr transform
);
Destroys transform created with xmlSecTransformCreate function.
xmlSecTransformPtr xmlSecTransformNodeRead (xmlNodePtr node
,xmlSecTransformUsage usage
,xmlSecTransformCtxPtr transformCtx
);
Reads transform from the node
as follows:
1) reads "Algorithm" attribute;
2) checks the lists of known and allowed transforms;
3) calls transform's create method;
4) calls transform's read transform node method.
int xmlSecTransformPump (xmlSecTransformPtr left
,xmlSecTransformPtr right
,xmlSecTransformCtxPtr transformCtx
);
Pops data from left
transform and pushes to right
transform until
no more data is available.
int xmlSecTransformSetKey (xmlSecTransformPtr transform
,xmlSecKeyPtr key
);
Sets the transform's key.
int xmlSecTransformSetKeyReq (xmlSecTransformPtr transform
,xmlSecKeyReqPtr keyReq
);
Sets the key requirements for transform
in the keyReq
.
int xmlSecTransformVerify (xmlSecTransformPtr transform
,const xmlSecByte *data
,xmlSecSize dataSize
,xmlSecTransformCtxPtr transformCtx
);
Verifies the data with transform's processing results (for digest, HMAC and signature transforms). The verification result is stored in the status member of xmlSecTransform object.
int xmlSecTransformVerifyNodeContent (xmlSecTransformPtr transform
,xmlNodePtr node
,xmlSecTransformCtxPtr transformCtx
);
Gets the node
content, base64 decodes it and calls xmlSecTransformVerify
function to verify binary results.
xmlSecTransformDataType xmlSecTransformGetDataType (xmlSecTransformPtr transform
,xmlSecTransformMode mode
,xmlSecTransformCtxPtr transformCtx
);
Gets transform input (mode
is "push") or output (mode
is "pop") data
type (binary or XML).
int xmlSecTransformPushBin (xmlSecTransformPtr transform
,const xmlSecByte *data
,xmlSecSize dataSize
,int final
,xmlSecTransformCtxPtr transformCtx
);
Process binary data
and pushes results to next transform.
int xmlSecTransformPopBin (xmlSecTransformPtr transform
,xmlSecByte *data
,xmlSecSize maxDataSize
,xmlSecSize *dataSize
,xmlSecTransformCtxPtr transformCtx
);
Pops data from previous transform in the chain, processes data and
returns result in the data
buffer. The size of returned data is
placed in the dataSize
.
int xmlSecTransformPushXml (xmlSecTransformPtr transform
,xmlSecNodeSetPtr nodes
,xmlSecTransformCtxPtr transformCtx
);
Processes nodes
and pushes result to the next transform in the chain.
int xmlSecTransformPopXml (xmlSecTransformPtr transform
,xmlSecNodeSetPtr *nodes
,xmlSecTransformCtxPtr transformCtx
);
Pops data from previous transform in the chain, processes the data and
returns result in nodes
.
int xmlSecTransformExecute (xmlSecTransformPtr transform
,int last
,xmlSecTransformCtxPtr transformCtx
);
Executes transform (used by default popBin/pushBin/popXml/pushXml methods).
void xmlSecTransformDebugDump (xmlSecTransformPtr transform
,FILE *output
);
Prints transform's debug information to output
.
void xmlSecTransformDebugXmlDump (xmlSecTransformPtr transform
,FILE *output
);
Prints transform's debug information to output
in XML format.
#define xmlSecTransformIsValid(transform)
Macro. Returns 1 if the transform
is valid or 0 otherwise.
#define xmlSecTransformCheckId(transform, i)
Macro. Returns 1 if the transform
is valid and has specified id i
or 0 otherwise.
#define xmlSecTransformCheckSize(transform, size)
Macro. Returns 1 if the transform
is valid and has at least size
bytes or 0 otherwise.
int xmlSecTransformConnect (xmlSecTransformPtr left
,xmlSecTransformPtr right
,xmlSecTransformCtxPtr transformCtx
);
If the data object is a node-set and the next transform requires octets, the signature application MUST attempt to convert the node-set to an octet stream using Canonical XML [XML-C14N].
The story is different if the right transform is base64 decode (http://www.w3.org/TR/xmldsig-core/sec-Base-64):
This transform requires an octet stream for input. If an XPath node-set
(or sufficiently functional alternative) is given as input, then it is
converted to an octet stream by performing operations logically equivalent
to 1) applying an XPath transform with expression self::text()
, then 2)
taking the string-value of the node-set. Thus, if an XML element is
identified by a barename XPointer in the Reference URI, and its content
consists solely of base64 encoded character data, then this transform
automatically strips away the start and end tags of the identified element
and any of its descendant elements as well as any descendant comments and
processing instructions. The output of this transform is an octet stream.
void
xmlSecTransformRemove (xmlSecTransformPtr transform
);
Removes transform
from the chain.
xmlSecTransformDataType xmlSecTransformDefaultGetDataType (xmlSecTransformPtr transform
,xmlSecTransformMode mode
,xmlSecTransformCtxPtr transformCtx
);
Gets transform input (mode
is "push") or output (mode
is "pop") data
type (binary or XML) by analyzing available pushBin/popBin/pushXml/popXml
methods.
int xmlSecTransformDefaultPushBin (xmlSecTransformPtr transform
,const xmlSecByte *data
,xmlSecSize dataSize
,int final
,xmlSecTransformCtxPtr transformCtx
);
Process binary data
by calling transform's execute method and pushes
results to next transform.
int xmlSecTransformDefaultPopBin (xmlSecTransformPtr transform
,xmlSecByte *data
,xmlSecSize maxDataSize
,xmlSecSize *dataSize
,xmlSecTransformCtxPtr transformCtx
);
Pops data from previous transform in the chain, processes data by calling
transform's execute method and returns result in the data
buffer. The
size of returned data is placed in the dataSize
.
int xmlSecTransformDefaultPushXml (xmlSecTransformPtr transform
,xmlSecNodeSetPtr nodes
,xmlSecTransformCtxPtr transformCtx
);
Processes nodes
by calling transform's execute method and pushes
result to the next transform in the chain.
int xmlSecTransformDefaultPopXml (xmlSecTransformPtr transform
,xmlSecNodeSetPtr *nodes
,xmlSecTransformCtxPtr transformCtx
);
Pops data from previous transform in the chain, processes the data
by calling transform's execute method and returns result in nodes
.
xmlOutputBufferPtr xmlSecTransformCreateOutputBuffer (xmlSecTransformPtr transform
,xmlSecTransformCtxPtr transformCtx
);
Creates output buffer to write data to transform
.
xmlParserInputBufferPtr xmlSecTransformCreateInputBuffer (xmlSecTransformPtr transform
,xmlSecTransformCtxPtr transformCtx
);
Creates input buffer to read data from transform
.
int
(*xmlSecTransformInitializeMethod) (xmlSecTransformPtr transform
);
The transform specific initialization method.
void
(*xmlSecTransformFinalizeMethod) (xmlSecTransformPtr transform
);
The transform specific destroy method.
xmlSecTransformDataType (*xmlSecTransformGetDataTypeMethod) (xmlSecTransformPtr transform
,xmlSecTransformMode mode
,xmlSecTransformCtxPtr transformCtx
);
The transform specific method to query information about transform
data type in specified mode mode
.
int (*xmlSecTransformNodeReadMethod) (xmlSecTransformPtr transform
,xmlNodePtr node
,xmlSecTransformCtxPtr transformCtx
);
The transform specific method to read the transform data from
the node
.
transform |
the pointer to transform object. |
|
node |
the pointer to <dsig:Transform/> node. |
|
transformCtx |
the pointer to transform context object. |
int (*xmlSecTransformNodeWriteMethod) (xmlSecTransformPtr transform
,xmlNodePtr node
,xmlSecTransformCtxPtr transformCtx
);
The transform specific method to write transform information to an XML node node
.
transform |
the pointer to transform object. |
|
node |
the pointer to <dsig:Transform/> node. |
|
transformCtx |
the pointer to transform context object. |
int (*xmlSecTransformSetKeyRequirementsMethod) (xmlSecTransformPtr transform
,xmlSecKeyReqPtr keyReq
);
Transform specific method to set transform's key requirements.
int (*xmlSecTransformSetKeyMethod) (xmlSecTransformPtr transform
,xmlSecKeyPtr key
);
The transform specific method to set the key for use.
int (*xmlSecTransformVerifyMethod) (xmlSecTransformPtr transform
,const xmlSecByte *data
,xmlSecSize dataSize
,xmlSecTransformCtxPtr transformCtx
);
The transform specific method to verify transform processing results
(used by digest and signature transforms). This method sets status
member of the xmlSecTransform structure to either xmlSecTransformStatusOk
if verification succeeded or xmlSecTransformStatusFail otherwise.
int (*xmlSecTransformPushBinMethod) (xmlSecTransformPtr transform
,const xmlSecByte *data
,xmlSecSize dataSize
,int final
,xmlSecTransformCtxPtr transformCtx
);
The transform specific method to process data from data
and push
result to the next transform in the chain.
int (*xmlSecTransformPopBinMethod) (xmlSecTransformPtr transform
,xmlSecByte *data
,xmlSecSize maxDataSize
,xmlSecSize *dataSize
,xmlSecTransformCtxPtr transformCtx
);
The transform specific method to pop data from previous transform
in the chain and return result in the data
buffer. The size of returned
data is placed in the dataSize
.
int (*xmlSecTransformPushXmlMethod) (xmlSecTransformPtr transform
,xmlSecNodeSetPtr nodes
,xmlSecTransformCtxPtr transformCtx
);
The transform specific method to process nodes
and push result to the next
transform in the chain.
int (*xmlSecTransformPopXmlMethod) (xmlSecTransformPtr transform
,xmlSecNodeSetPtr *nodes
,xmlSecTransformCtxPtr transformCtx
);
The transform specific method to pop data from previous transform in the chain,
process the data and return result in nodes
.
int (*xmlSecTransformExecuteMethod) (xmlSecTransformPtr transform
,int last
,xmlSecTransformCtxPtr transformCtx
);
Transform specific method to process a chunk of data.
#define xmlSecTransformKlassGetName(klass)
Macro. Returns transform klass name.
xmlSecPtrListId
xmlSecTransformIdListGetKlass (void
);
The transform id list klass.
int xmlSecTransformIdListFind (xmlSecPtrListPtr list
,xmlSecTransformId transformId
);
Lookups dataId
in list
.
xmlSecTransformId xmlSecTransformIdListFindByHref (xmlSecPtrListPtr list
,const xmlChar *href
,xmlSecTransformUsage usage
);
Lookups data klass in the list with given href
and usage
in list
.
xmlSecTransformId xmlSecTransformIdListFindByName (xmlSecPtrListPtr list
,const xmlChar *name
,xmlSecTransformUsage usage
);
Lookups data klass in the list with given name
and usage
in list
.
void xmlSecTransformIdListDebugDump (xmlSecPtrListPtr list
,FILE *output
);
Prints binary transform debug information to output
.
void xmlSecTransformIdListDebugXmlDump (xmlSecPtrListPtr list
,FILE *output
);
Prints binary transform debug information to output
in XML format.
xmlSecTransformId
xmlSecTransformBase64GetKlass (void
);
The Base64 transform klass (http://www.w3.org/TR/xmldsig-core/sec-Base-64). The normative specification for base64 decoding transforms is RFC 2045 (http://www.ietf.org/rfc/rfc2045.txt). The base64 Transform element has no content. The input is decoded by the algorithms. This transform is useful if an application needs to sign the raw data associated with the encoded content of an element.
void xmlSecTransformBase64SetLineSize (xmlSecTransformPtr transform
,xmlSecSize lineSize
);
Sets the max line size to lineSize
.
xmlSecTransformId
xmlSecTransformInclC14NGetKlass (void
);
Inclusive (regular) canonicalization that omits comments transform klass (http://www.w3.org/TR/xmldsig-core/sec-c14nAlg and http://www.w3.org/TR/2001/REC-xml-c14n-20010315).
xmlSecTransformId
xmlSecTransformInclC14NWithCommentsGetKlass
(void
);
Inclusive (regular) canonicalization that includes comments transform klass (http://www.w3.org/TR/xmldsig-core/sec-c14nAlg and http://www.w3.org/TR/2001/REC-xml-c14n-20010315).
xmlSecTransformId
xmlSecTransformInclC14N11GetKlass (void
);
C14N version 1.1 (http://www.w3.org/TR/xml-c14n11)
xmlSecTransformId
xmlSecTransformInclC14N11WithCommentsGetKlass
(void
);
C14N version 1.1 (http://www.w3.org/TR/xml-c14n11) with comments
xmlSecTransformId
xmlSecTransformExclC14NGetKlass (void
);
Exclusive canoncicalization that omits comments transform klass (http://www.w3.org/TR/xml-exc-c14n/).
xmlSecTransformId
xmlSecTransformExclC14NWithCommentsGetKlass
(void
);
Exclusive canoncicalization that includes comments transform klass (http://www.w3.org/TR/xml-exc-c14n/).
xmlSecTransformId
xmlSecTransformEnvelopedGetKlass (void
);
The enveloped transform klass (http://www.w3.org/TR/xmldsig-core/sec-EnvelopedSignature):
An enveloped signature transform T removes the whole Signature element containing T from the digest calculation of the Reference element containing T. The entire string of characters used by an XML processor to match the Signature with the XML production element is removed. The output of the transform is equivalent to the output that would result from replacing T with an XPath transform containing the following XPath parameter element:
<XPath> count(ancestor-or-self::dsig:Signature |here()
/ancestor::dsig:Signature[1]) >
count(ancestor-or-self::dsig:Signature)
</XPath>The input and output requirements of this transform are identical to those of the XPath transform, but may only be applied to a node-set from its parent XML document. Note that it is not necessary to use an XPath expression evaluator to create this transform. However, this transform MUST produce output in exactly the same manner as the XPath transform parameterized by the XPath expression above.
xmlSecTransformId
xmlSecTransformXPathGetKlass (void
);
The XPath transform evaluates given XPath expression and intersects the result with the previous nodes set. See http://www.w3.org/TR/xmldsig-core/sec-XPath for more details.
xmlSecTransformId
xmlSecTransformXPath2GetKlass (void
);
The XPath2 transform (http://www.w3.org/TR/xmldsig-filter2/).
xmlSecTransformId
xmlSecTransformXPointerGetKlass (void
);
The XPointer transform klass (http://www.ietf.org/internet-drafts/draft-eastlake-xmldsig-uri-02.txt).
int xmlSecTransformXPointerSetExpr (xmlSecTransformPtr transform
,const xmlChar *expr
,xmlSecNodeSetType nodeSetType
,xmlNodePtr hereNode
);
Sets the XPointer expression for an XPointer transform
.
xmlSecTransformId
xmlSecTransformRelationshipGetKlass (void
);
xmlSecTransformId
xmlSecTransformXsltGetKlass (void
);
XSLT transform klass (http://www.w3.org/TR/xmldsig-core/sec-XSLT):
The normative specification for XSL Transformations is [XSLT]. Specification of a namespace-qualified stylesheet element, which MUST be the sole child of the Transform element, indicates that the specified style sheet should be used. Whether this instantiates in-line processing of local XSLT declarations within the resource is determined by the XSLT processing model; the ordered application of multiple stylesheet may require multiple Transforms. No special provision is made for the identification of a remote stylesheet at a given URI because it can be communicated via an xsl:include or xsl:import within the stylesheet child of the Transform.
This transform requires an octet stream as input. If the actual input is an XPath node-set, then the signature application should attempt to convert it to octets (apply Canonical XML]) as described in the Reference Processing Model (section 4.3.3.2).]
The output of this transform is an octet stream. The processing rules for the XSL style sheet or transform element are stated in the XSLT specification [XSLT]. We RECOMMEND that XSLT transform authors use an output method of xml for XML and HTML. As XSLT implementations do not produce consistent serializations of their output, we further RECOMMEND inserting a transform after the XSLT transform to canonicalize the output. These steps will help to ensure interoperability of the resulting signatures among applications that support the XSLT transform. Note that if the output is actually HTML, then the result of these steps is logically equivalent [XHTML].
void
xmlSecTransformXsltSetDefaultSecurityPrefs
(xsltSecurityPrefsPtr sec
);
Sets the new default security preferences. The xmlsec default security policy is to disable everything.
xmlSecTransformId
xmlSecTransformRemoveXmlTagsC14NGetKlass
(void
);
The "remove xml tags" transform klass (http://www.w3.org/TR/xmldsig-core/sec-Base-64):
Base64 transform requires an octet stream for input. If an XPath node-set
(or sufficiently functional alternative) is given as input, then it is
converted to an octet stream by performing operations logically equivalent
to 1) applying an XPath transform with expression self::text()
, then 2)
taking the string-value of the node-set. Thus, if an XML element is
identified by a barename XPointer in the Reference URI, and its content
consists solely of base64 encoded character data, then this transform
automatically strips away the start and end tags of the identified element
and any of its descendant elements as well as any descendant comments and
processing instructions. The output of this transform is an octet stream.
xmlSecTransformId
xmlSecTransformVisa3DHackGetKlass (void
);
The Visa3DHack transform klass. The only reason why we need this is Visa3D protocol. It doesn't follow XML/XPointer/XMLDSig specs and allows invalid XPointer expressions in the URI attribute. Since we couldn't evaluate such expressions thru XPath/XPointer engine, we need to have this hack here.
int xmlSecTransformVisa3DHackSetID (xmlSecTransformPtr transform
,const xmlChar *id
);
Sets the ID value for an Visa3DHack transform
.
#define XMLSEC_TRANSFORM_BINARY_CHUNK 1024
The binary data chunks size. XMLSec processes binary data one chunk at a time. Changing this impacts xmlsec memory usage and performance.
The transform operation.
#define xmlSecTransformUriTypeNone 0x0000
The URI type is unknown or not set.
#define xmlSecTransformUriTypeSameDocument 0x0002
The same document ("#...") but not empty ("") URI type.
#define xmlSecTransformUriTypeLocal 0x0004
The local URI ("file:///....") type.
#define xmlSecTransformDataTypeUnknown 0x0000
The transform data type is unknown or nor data expected.
#define xmlSecTransformUsageUnknown 0x0000
Transforms usage is unknown or undefined.
#define xmlSecTransformUsageDSigTransform 0x0001
Transform could be used in <dsig:Transform/>.
#define xmlSecTransformUsageC14NMethod 0x0002
Transform could be used in <dsig:CanonicalizationMethod/>.
#define xmlSecTransformUsageDigestMethod 0x0004
Transform could be used in <dsig:DigestMethod/>.
#define xmlSecTransformUsageSignatureMethod 0x0008
Transform could be used in <dsig:SignatureMethod/>.
#define xmlSecTransformUsageEncryptionMethod 0x0010
Transform could be used in <enc:EncryptionMethod/>.
#define xmlSecTransformUsageAny 0xFFFF
Transform could be used for operation.
#define XMLSEC_TRANSFORMCTX_FLAGS_USE_VISA3D_HACK 0x00000001
If this flag is set then URI ID references are resolved directly without using XPointers. This allows one to sign/verify Visa3D documents that don't follow XML, XPointer and XML DSig specifications.
struct xmlSecTransformCtx { /* user settings */ void* userData; unsigned int flags; unsigned int flags2; xmlSecTransformUriType enabledUris; xmlSecPtrList enabledTransforms; xmlSecTransformCtxPreExecuteCallback preExecCallback; /* results */ xmlSecBufferPtr result; xmlSecTransformStatus status; xmlChar* uri; xmlChar* xptrExpr; xmlSecTransformPtr first; xmlSecTransformPtr last; /* for the future */ void* reserved0; void* reserved1; };
The transform execution context.
the pointer to user data (xmlsec and xmlsec-crypto never touch this). |
||
the bit mask flags to control transforms execution (reserved for the future). |
||
the bit mask flags to control transforms execution (reserved for the future). |
||
xmlSecTransformUriType |
the allowed transform data source uri types. |
|
xmlSecPtrList |
the list of enabled transforms; if list is empty (default) then all registered transforms are enabled. |
|
xmlSecTransformCtxPreExecuteCallback |
the callback called after preparing transform chain and right before actual data processing; application can use this callback to change transforms parameters, insert additional transforms in the chain or do additional validation (and abort transform execution if needed). |
|
xmlSecBufferPtr |
the pointer to transforms result buffer. |
|
xmlSecTransformStatus |
the transforms chain processing status. |
|
the data source URI without xpointer expression. |
||
the xpointer expression from data source URI (if any). |
||
xmlSecTransformPtr |
the first transform in the chain. |
|
xmlSecTransformPtr |
the last transform in the chain. |
|
reserved for the future. |
||
reserved for the future. |
struct xmlSecTransform { xmlSecTransformId id; xmlSecTransformOperation operation; xmlSecTransformStatus status; xmlNodePtr hereNode; /* transforms chain */ xmlSecTransformPtr next; xmlSecTransformPtr prev; /* binary data */ xmlSecBuffer inBuf; xmlSecBuffer outBuf; /* xml data */ xmlSecNodeSetPtr inNodes; xmlSecNodeSetPtr outNodes; /* reserved for the future */ void* reserved0; void* reserved1; };
The transform structure.
the transform id (pointer to xmlSecTransformId). |
||
xmlSecTransformOperation |
the transform's operation. |
|
xmlSecTransformStatus |
the current status. |
|
the pointer to transform's <dsig:Transform /> node. |
||
xmlSecTransformPtr |
the pointer to next transform in the chain. |
|
xmlSecTransformPtr |
the pointer to previous transform in the chain. |
|
xmlSecBuffer |
the input binary data buffer. |
|
xmlSecBuffer |
the output binary data buffer. |
|
xmlSecNodeSetPtr |
the input XML nodes. |
|
xmlSecNodeSetPtr |
the output XML nodes. |
|
reserved for the future. |
||
reserved for the future. |
struct xmlSecTransformKlass { /* data */ xmlSecSize klassSize; xmlSecSize objSize; const xmlChar* name; const xmlChar* href; xmlSecTransformUsage usage; /* methods */ xmlSecTransformInitializeMethod initialize; xmlSecTransformFinalizeMethod finalize; xmlSecTransformNodeReadMethod readNode; xmlSecTransformNodeWriteMethod writeNode; xmlSecTransformSetKeyRequirementsMethod setKeyReq; xmlSecTransformSetKeyMethod setKey; xmlSecTransformVerifyMethod verify; xmlSecTransformGetDataTypeMethod getDataType; xmlSecTransformPushBinMethod pushBin; xmlSecTransformPopBinMethod popBin; xmlSecTransformPushXmlMethod pushXml; xmlSecTransformPopXmlMethod popXml; /* low level method */ xmlSecTransformExecuteMethod execute; /* reserved for future */ void* reserved0; void* reserved1; };
The transform klass description structure.
xmlSecSize |
the transform klass structure size. |
|
xmlSecSize |
the transform object size. |
|
the transform's name. |
||
the transform's identification string (href). |
||
xmlSecTransformUsage |
the allowed transforms usages. |
|
xmlSecTransformInitializeMethod |
the initialization method. |
|
xmlSecTransformFinalizeMethod |
the finalization (destroy) function. |
|
xmlSecTransformNodeReadMethod |
the XML node read method. |
|
xmlSecTransformNodeWriteMethod |
the XML node write method. |
|
xmlSecTransformSetKeyRequirementsMethod |
the set key requirements method. |
|
xmlSecTransformSetKeyMethod |
the set key method. |
|
xmlSecTransformVerifyMethod |
the verify method (for digest and signature transforms). |
|
xmlSecTransformGetDataTypeMethod |
the input/output data type query method. |
|
xmlSecTransformPushBinMethod |
the binary data "push thru chain" processing method. |
|
xmlSecTransformPopBinMethod |
the binary data "pop from chain" procesing method. |
|
xmlSecTransformPushXmlMethod |
the XML data "push thru chain" processing method. |
|
xmlSecTransformPopXmlMethod |
the XML data "pop from chain" procesing method. |
|
xmlSecTransformExecuteMethod |
the low level data processing method used by default
implementations of |
|
reserved for the future. |
||
reserved for the future. |
#define xmlSecTransformIdListId xmlSecTransformIdListGetKlass()
Transform klasses list klass.
#define xmlSecTransformIdUnknown ((xmlSecTransformId)NULL)
The "unknown" transform id (NULL).
#define xmlSecTransformInclC14NId
The regular (inclusive) C14N without comments transform klass.
#define xmlSecTransformInclC14NWithCommentsId
The regular (inclusive) C14N with comments transform klass.
#define xmlSecTransformInclC14N11Id
The regular (inclusive) C14N 1.1 without comments transform klass.
#define xmlSecTransformInclC14N11WithCommentsId
The regular (inclusive) C14N 1.1 with comments transform klass.
#define xmlSecTransformExclC14NId
The exclusive C14N without comments transform klass.
#define xmlSecTransformExclC14NWithCommentsId
The exclusive C14N with comments transform klass.
#define xmlSecTransformRelationshipId
The Relationship transform klass.
#define xmlSecTransformRemoveXmlTagsC14NId
The "remove all xml tags" transform klass (used before base64 transforms).
#define xmlSecTransformVisa3DHackId
Selects node subtree by given node id string. The only reason why we need this is Visa3D protocol. It doesn't follow XML/XPointer/XMLDSig specs and allows invalid XPointer expressions in the URI attribute. Since we couldn't evaluate such expressions thru XPath/XPointer engine, we need to have this hack here.