Presentation is loading. Please wait.

Presentation is loading. Please wait.

Debugging lab 2.

Similar presentations

Presentation on theme: "Debugging lab 2."— Presentation transcript:

1 Debugging lab 2

2 Outline XML Digital signature Laboratory of debugging XML-security

3 Xml: eXtensible Language Markup
Language to describe and transmit data Based on tags Designed to be self-descriptive W3C recommendation

4 Xml: elements Open tag <root> <child>
<subchild>.....</subchild> </child> </root> Close tag Comment <?xml version="1.0" encoding="ISO "?> <!-- very important note --> <note> <to>Tove</to> <from>Jani</from> <heading>Reminder</heading> <body>Don't forget me this weekend!</body> </note> source:

5 Xml: attributes <bookstore> <book category="COOKING">
<title lang="en">Everyday Italian</title> <author>Giada De Laurentiis</author> <year>2005</year> <price>30.00</price> </book> <book category="CHILDREN"> <title lang="en">Harry Potter</title> <author>J K. Rowling</author> <price>29.99</price> </bookstore> Attributes source:

6 Xml: special characters
Some characters have special meaning, so they must be handled with care < > & & &apos; " <message>if salary < 1000 then</message> <message>if salary < 1000 then</message> source:

7 Solving conflicts using prefixes
<table> <tr> <td>Apples</td> <td>Bananas</td> </tr> </table> <name>African Coffee Table</name> <width>80</width> <length>120</length> source:

8 Solving conflicts using prefixes
<h:table xmlns:h=""> <h:tr> <h:td>Apples</h:td> <h:td>Bananas</h:td> </h:tr> </h:table> <f:table xmlns:f=""> <f:name>African Coffee Table</f:name> <f:width>80</f:width> <f:length>120</f:length> </f:table> source:

9 Public/private key Document f

10 Digital signing

11 Signature verification

12 Main features of XML-security
Canonize (standardize) xml documents, make logically-equivalent xml parts comparable  Sign xml elements: whole document, element, element content Verify signatures

13 XML-Security project Xml-security (Apache Santuario) project is aimed at providing implementation of security standards for XML. Currently the focus is on the W3C standards: XML-Signature Syntax and Processing; and XML Encryption Syntax and Processing. Java implementation library includes a mature Digital Signature and Encryption implementation. It also includes the standard JSR 105 (Java XML Digital Signature) API.  Applications can use the standard JSR 105 API or the Apache Santuario API to create and validate XML Signatures.

14 Component of an XML Signature
Each resource to be signed has its own <Reference> element, identified by the URI attribute <Signature> <SignedInfo> (CanonicalizationMethod) (SignatureMethod) ( <Reference (URI=)?> (Transforms)? (DigestMethod) (DigestValue) </Reference> )+ </SignedInfo> (SignatureValue) (KeyInfo)? (Object)* </Signature> The <Transform> element specifies an ordered list of processing steps that were applied to the referenced resource’s content before it was digested. The <DigestValue> element carries the value of the digest of the referenced resource The <SignatureValue> element carries the value of the encrypted digest of the <SignedInfo> element The <KeyInfo> element indicates the key to be used to validate the signature. Possible forms for identification include certificates, key names, and key agreement algorithms and information source:

15 Example of xml signature
 <Signature Id="MyFirstSignature" xmlns="">     <SignedInfo>         <CanonicalizationMethod Algorithm=" " />         <SignatureMethod Algorithm="" />         <Reference URI=" /">             <Transforms>                 <Transform Algorithm=" " />             </Transforms>             <DigestMethod Algorithm="" />             <DigestValue>j6lwx3rvEPO0vKtMup4NbeVu8nk=</DigestValue>         </Reference>     </SignedInfo>     <SignatureValue>MC0CFFrVLtRlk=...</SignatureValue>     <KeyInfo>         <KeyValue>             <DSAKeyValue>                 <p> ... </p>                 <Q> ... </Q>                 <G> ... </G>                 <Y> ... </Y>             </DSAKeyValue>         </KeyValue>     </KeyInfo> </Signature> Source:

16 Laboratory Download xml-security from Import the project in Eclipse
Import the project in Eclipse Address tasks in order Fix the bugs reported by the test cases/answer the question Record start time Fix the bug/answer the question Record stop time Fill the feedback questions Deliver the paper sheet Export the eclipse project and send it to

Download ppt "Debugging lab 2."

Similar presentations

Ads by Google