📄 rfc2803.txt
字号:
- 0x00 0x00 - PI data in UTF-16BE stream (variable length) public byte[] getDigest(String digestAlgorithm) { MessageDigest md = MessageDigest.getInstance(digestAlgorithm); md.update((byte)0); md.update((byte)0); md.update((byte)0); md.update((byte)7); md.update(getName().getBytes("UnicodeBigUnmarked")); md.update((byte)0); md.update((byte)0); md.update(getData().getBytes("UnicodeBigUnmarked")); return md.digest(); }2.3.3. Attr Nodes The digest value of Attr nodes are defined similarly to PI nodes, except that we need a separator between the expanded attribute name and the attribute value. The '0x0000' value in UTF-16BE is allowed nowhere in an XML document, so it can serve as an unambiguous separator. The expanded name must be used as the attribute name because it may be qualified. Note that if the attribute is aMaruyama, et al. Informational [Page 6]
RFC 2803 Digest Values for DOM (DOMHASH) April 2000 namespace declaration (either the attribute name is "xmlns" or its prefix is "xmlns"), the digest value is undefined and the getDigest() method should return null. - ATTRIBUTE_NODE (2) in 32 bit network-byte-ordered integer - Expanded attribute name in UTF-16BE stream (variable length) - 0x00 0x00 - Attribute value in UTF-16BE stream (variable length) public byte[] getDigest(String digestAlgorithm) { if (getNodeName().equals("xmlns") || getNodeName().startsWith("xmlns:")) return null; MessageDigest md = MessageDigest.getInstance(digestAlgorithm); md.update((byte)0); md.update((byte)0); md.update((byte)0); md.update((byte)2); md.update(getExpandedName().getBytes("UnicodeBigUnmarked")); md.update((byte)0); md.update((byte)0); md.update(getValue().getBytes("UnicodeBigUnmarked")); return md.digest(); }2.3.4. Element Nodes Element nodes are the most complex because they consist of other nodes recursively. Hash values of these component nodes are used to calculate the node's digest so that we can save computation when the structure is partially changed. First, all the attributes except for namespace declarations must be collected. This list is sorted lexicographically by the expanded attribute names (based on Unicode character code points). When no surrogate characters are involved, this is the same as sorting in ascending order in terms of the UTF-16BE encoded expanded attribute names, using the string comparison operator String.compareTo() in Java. - ELEMENT_NODE (1) in 32 bit network-byte-ordered integer - Expanded element name in UTF-16BE stream (variable length) - 0x00 0x00 - A number of non-namespace-declaration attributes in 32 bit network-byte-ordered unsigned integer - Sequence of digest values of non-namespace-declaration attributes, sorted lexicographically by expanded attribute names - A number of child nodes (except for Comment nodes) in 32bitMaruyama, et al. Informational [Page 7]
RFC 2803 Digest Values for DOM (DOMHASH) April 2000 network-byte-ordered unsigned integer - Sequence of digest values of each child node except for Comment nodes (variable length) (A sequence of child texts is merged to one text. A zero-length text and Comment nodes are not counted as child) public byte[] getDigest(String digestAlgorithm) { MessageDigest md = MessageDigest.getInstance(digestAlgorithm); ByteArrayOutputStream baos = new ByteArrayOutputStream(); DataOutputStream dos = new DataOutputStream(baos); dos.writeInt(ELEMENT_NODE);//This is stored in network byte order dos.write(getExpandedName().getBytes("UnicodeBigUnmarked")); dos.write((byte)0); dos.write((byte)0); // Collect all attributes except for namespace declarations NamedNodeMap nnm = this.getAttributes(); int len = nnm.getLength() // Find "xmlns" or "xmlns:foo" in nnm and omit it. ... dos.writeInt(len); // This is sorted in the network byte order // Sort attributes lexicographically by expanded attribute // names. ... // Assume that `Attr[] aattr' has sorted Attribute instances. for (int i = 0; i < len; i ++) dos.write(aattr[i].getDigest(digestAlgorithm)); Node n = this.getFirstChild(); // Assume that adjoining Texts are merged, // there is no 0-length Text, and // comment nodes are removed. len = this.getChildNodes().getLength(); dos.writeInt(len); // This is stored in the network byte order while (n != null) { dos.write(n.getDigest(digestAlgorithm)); n = n.getNextSibling(); } dos.close(); md.update(baos.toByteArray()); return md.digest(); }Maruyama, et al. Informational [Page 8]
RFC 2803 Digest Values for DOM (DOMHASH) April 20002.3.5. Document Nodes A Document node may have PI nodes before and after the root Element node. The digest value of a Document node is computed based on the sequence of the digest values of the pre-root PI nodes, the root Element node, and the post-root PI nodes in this order. Comment nodes and DocumentType nodes, if any, are ignored. - DOCUMENT_NODE (9) in 32 bit network-byte-ordered integer - A number of child nodes (except for Comment and DocumentType nodes) in 32bit network-byte-ordered unsigned integer - Sequence of digest values of each child node except for Comment and DocumentType nodes (variable length) public byte[] getDigest(String digestAlgorithm) { MessageDigest md = MessageDigest.getInstance(digestAlgorithm); ByteArrayOutputStream baos = new ByteArrayOutputStream(); DataOutputStream dos = new DataOutputStream(baos); dos.writeInt(DOCUMENT_NODE);//This is stored in network byte order // Assume that Comment and DocumentType nodes are removed and this // node has only an Element node and PI nodes. len = this.getChildNodes().getLength(); dos.writeInt(len); // This is stored in the network byte order Node n = this.getFirstChild(); while (n != null) { dos.write(n.getDigest(digestAlgorithm)); n = n.getNextSibling(); } dos.close(); md.update(baos.toByteArray()); return md.digest(); }3. Discussion The definition described above can be efficiently implemented with any XML processor that is conformant to either DOM and SAX specification. Reference implementations are available on request.4. Security Considerations DOMHASH is expected to be used as the basis for digital signatures and other security and integrity uses. It's appropriateness for such uses depends on the security of the hash algorithm used and inclusion of the fundamental characteristics it is desired to check in parts of the DOM model incorporated in the digest by DOMHASH.Maruyama, et al. Informational [Page 9]
RFC 2803 Digest Values for DOM (DOMHASH) April 2000References [DOM] "Document Object Model (DOM), Level 1 Specification", October 1998, http://www.w3.org/TR/REC-DOM-Level-1/ [MD5] Rivest, R., "The MD5 Message-Digest Algorithm", RFC 1321, April 1992. [NAM] Tim Bray, Dave Hollander, Andrew Layman, "Namespaces in XML", http://www.w3.org/TR/1999/REC-xml-names-19990114. [SAX] David Megginson, "SAX 1.0: The Simple API for XML", http://www.megginson.com/SAX/, May 1998. [SHA] (US) National Institute of Standards and Technology, "Federal Information Processing Standards Publication 180-1: Secure Hash Standard", 17 April 1995. [URI] Berners-Lee, T., Fielding, R. and L. Masinter, "Uniform Resource Identifiers (URI): Generic Syntax", RFC 2396, August 1998. [UTF16] Hoffman, P., Yergeau, F., "UTF-16, an encoding of ISO 10646", RFC 2781, February 2000. [XML] Tim Bray, Jean Paoli, C. M. Sperber-McQueen, "Extensible Markup Language (XML) 1.0", http://www.w3.org/TR/1998/REC-xml- 19980210Authors' Addresses Hiroshi Maruyama, IBM Research, Tokyo Research Laboratory EMail: maruyama@jp.ibm.com Kent Tamura, IBM Research, Tokyo Research Laboratory EMail: kent@trl.ibm.co.jp Naohiko Uramoto, IBM Research, Tokyo Research Laboratory EMail: uramoto@jp.ibm.comMaruyama, et al. Informational [Page 10]
RFC 2803 Digest Values for DOM (DOMHASH) April 2000Full Copyright Statement Copyright (C) The Internet Society (2000). All Rights Reserved. This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English. The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns. This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.Acknowledgment Funding for the RFC Editor function is currently provided by the Internet Society.Maruyama, et al. Informational [Page 11]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -