santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jesse Pelton" <...@PKC.com>
Subject RE: How do I avoid creating buffers just to pass data to MemBufInputSource()
Date Fri, 19 Aug 2005 19:03:20 GMT
I don't know the answer off the top of my head, and I have to leave for
the day.  I can say  this, though: the "XSecMem" parameter in
MemBufInputSource() is just a string.  The appropriate place for your
question is indeed on the Xerces list; I subscribe to both and didn't
notice which one you'd posted to.  Someone over there can probably help
you out. 

> -----Original Message-----
> From: Cullum, Steve [mailto:steven.cullum@eds.com] 
> Sent: Friday, August 19, 2005 2:46 PM
> To: security-dev@xml.apache.org
> Subject: RE: How do I avoid creating buffers just to pass 
> data to MemBufInputSource() 
> 
> Thanks for the insight Jesse.
> 
> Do you know of any references or examples I can use as a 
> start point.  
> 
> I apologise if I should be asking these questions in the Apache Xml
> mailing list. I thought it was relevant to this list because 
> of the last
> param of "XSecMem" in MemBufInputSource().
> 
> Thanks again
> 
> 
> -----Original Message-----
> From: Jesse Pelton [mailto:jsp@PKC.com] 
> Sent: 19 August 2005 14:47
> To: security-dev@xml.apache.org
> Subject: RE: How do I avoid creating buffers just to pass data to
> MemBufInputSource() 
> 
> You can prevent MemBufInputSource from cloning the buffer with
> MemBufInputSource::setCopyBufToStream(false).
> 
> I think you can avoid the need for any buffers by 
> implementing your own
> InputSource and BinInputStream.  It looks to me like you only need to
> implement InputSource::makeStream(), BinInputStream::curPos(), and
> BinInputStream::readBytes().
> 
> > -----Original Message-----
> > From: Cullum, Steve [mailto:steven.cullum@eds.com]
> > Sent: Friday, August 19, 2005 8:36 AM
> > To: security-dev@xml.apache.org
> > Subject: How do I avoid creating buffers just to pass data to
> > MemBufInputSource()
> > 
> > I am using Apache sec lib inside an ISAPI filter to 
> validate digital 
> > sigs as they flow through our network.
> > 
> > I store the raw packets as they are streamed over the 
> network inside a
> 
> > linked list and want to avoid excessive buffer copying.
> > Currently I walk
> > my list of packets, accumulate the packets into a buffer 
> and pass this
> 
> > buffer into MemBufInputSource(); which internally creates 
> another copy
> 
> > (I now have 2 temporary copies of the orignal stream).  Is there 
> > anyway I can override this behaviour to pass my custom 
> packet linked 
> > list into
> > MemBufInputSource() thus avoiding the buffer creation/copy?
> > 
> > // super simple List of nodes
> > struct Node
> > {
> >   void *data;
> >   int   len;
> >   struct  Node *next;
> > };
> > Node *LList;
> > 
> > Ideally I want to do...something akin to the following.. 
> can this be 
> > done?
> > 
> >     MemMyLinkedListInputSource *memIS = new 
> MemMyLinkedListInputSource
> > ((const XMLByte *)llist, "XSECMem");    
> >     parser.parse(*memIS);
> > Or
> >     parser.parse(LList);	// this is gonna be a no-no
> > 
> > To explain my current situation, rough pseudo code is 
> probably easier 
> > to understand.
> > 
> > 
> > 
> > 
> > ValidateSoapXML(struct Node *rawPacketBuffer /* filled 
> linked list of 
> > SOAP packets */) {
> > 	
> >   Char  *buffer = 
> BuildBufferFromAllThePacketsInList(rawPacketBuffer);
> >   Int    bufferLen =
> > GetBufferLenFromAllThePacketsInList(rawPacketBuffer);
> > 
> >   //
> >   // parse the XML document, load in the signature field 
> and attempt 
> > to validate it using a copy of the
> >   // X509 public key we create earlier from the certificate store.
> >   //
> >   HRESULT hr = S_FALSE;
> > 
> >   XercesDOMParser *parser;
> > 
> >   try
> >   {
> >     XercesDOMParser parser;			// NOT new'ed .. Don't
> > think this is an issue
> >     parser.setDoNamespaces(true);
> >     parser.setCreateEntityReferenceNodes(true);
> >     parser.setDoSchema(true);
> > 
> >     MemBufInputSource *memIS = new MemBufInputSource((const XMLByte 
> > *)buffer,  bufferLen, "XSECMem");
> >       
> >     parser.parse(*memIS);
> >     delete memIS;   // destroy as soon as possible
> > 
> >     if(parser.getErrorCount() > 0) 
> >     {
> >       OutputDebugStringF(_T("Error parsing input document\n"));
> >       return hr;
> >     }
> >  
> >     // Now create a signature object to validate the document
> >     XSECProvider prov;
> >     DSIGSignature *sig =
> > prov.newSignatureFromDOM(parser.getDocument());
> > 
> >     sig->registerIdAttributeName(config.idAttributeName);
> >     sig->registerIdAttributeNameNS(config.idAttributeNS,
> > config.idAttributeName);
> > 
> >     sig->load();  
> >     sig->setSigningKey(X509->clonePublicKey());
> > 
> >     if(sig->verify()) 
> >     {
> >       OutputDebugStringW(_T("Signature Valid"));
> >       hr = S_OK;  // the only way to set this is if this fn() is 
> > successfull
> >     }
> >     else 
> >     {
> >       // sig->getErrMsgs() is WIDE 
> >       OutputDebugStringF(_T("Error parsing & validating document 
> > %s\n"),
> > sig->getErrMsgs());
> >     }
> >   }
> >   catch(XSECException &e) // signature related errors)
> >   {
> >     // e.getMsg() is WIDE 
> >     OutputDebugStringW(_T("EURESWEBFILTER:An error occured during a 
> > signature load %s\n"), e.getMsg());
> >   }
> >   catch(const XMLException &e) // xml related parsing errors)
> >   {
> >     // e.getMessage() is WIDE
> >     OutputDebugStringW(_T("An error occured during a xerces parsing 
> > and loading of xml %s\n"),
> >   }
> >   return hr;
> > }
> > 
> >  
> > 
> > 
> > Thanks
> > 
> > Steve
> > 
> > 
> 

Mime
View raw message