jmg
/
blog
1
0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
Browse Source

convert http -> https if possible, add webarchive links when needed..

main
John-Mark Gurney 3 years ago
parent
2007a24877
commit
ebf924f11c
2 changed files with 12 additions and 8 deletions
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. +10
    -6
      content/2015/05/xml-schema-validation-for-command-line.html
  2. +2
    -2
      content/2017/09/adventures-in-autobahnwamp-security.html

+ 10
- 6
content/2015/05/xml-schema-validation-for-command-line.html View File

@@ -20,20 +20,24 @@ These URIs are for identifying it, and not a URL, so not able to be used.
In fact, different cases in the URIs specify different name spaces even
in the "host" part, though that is not the case with URLs. In order for
validators to find the schema, the attribute
<code>[xsi:schemaLocation](http://www.w3.org/TR/xmlschema-1/#schema-loc)</code> is
<code>[xsi:schemaLocation](https://www.w3.org/TR/xmlschema-1/#schema-loc)</code> is
used to map the name space URIs to the URLs of the schema.

The `xsi:schemaLocation` mapping is very simple. It is simply a white
space delimited list of URI/URL pairs. None of the command line tools
that I used uses this attribute to make the schema validation simple.
This includes [xmllint](http://xmlsoft.org/xmllint.html) which uses
the libxml2 library. I also tried to use the Java XML library
This includes [xmllint](https://web.archive.org/web/20210415145100/http://xmlsoft.org/xmllint.html)<label for="sn-xmlintarchive"
class="margin-toggle sidenote-number"></label>
<input type="checkbox" id="sn-xmlintarchive" class="margin-toggle"/><span class="sidenote">Via WebBackMachine as original link it http only.</span>
which uses the libxml2 library. I also tried to use the Java XML library
Xerces, but was unable to get it to work. Xerces did not provide a
simple command line utility, and I couldn't figure out the correct java
command line to invoke the validator class.

My coworker, [Patrick](http://fivetwentysix.com/), found the blog entry,
[Nokogiri XML schema validation with multiple schema files](http://avinmathew.com/nokogiri-xml-schema-validation-with-multiple-schema-files/),
My coworker, [Patrick](https://web.archive.org/web/20151012162546/http://fivetwentysix.com/)<label for="sn-526archive" class="margin-toggle sidenote-number"></label>
<input type="checkbox" id="sn-526archive" class="margin-toggle"/>
<span class="sidenote">Via WebBackMachine as original link is now defunct.</span>, found the blog entry,
[Nokogiri XML schema validation with multiple schema files](https://avinmathew.com/nokogiri-xml-schema-validation-with-multiple-schema-files/),
which talks about using `xs:import` to have a single schema file support
multiple name spaces. With this, we realized that we could finally get
our XML document verified.
@@ -51,7 +55,7 @@ With a little bit of help from `xsltproc` to extract xsi:schemaLocation,
it wasn't to hard to generate the schema document and provide it to
xmllint.

The code ([xmlval.sh](http://www.funkthat.com/~jmg/xmlval.sh)):
The code ([xmlval.sh](https://www.funkthat.com/~jmg/xmlval.sh)):

``` { .shell .showlines }
#!/bin/sh -


+ 2
- 2
content/2017/09/adventures-in-autobahnwamp-security.html View File

@@ -66,7 +66,7 @@ so not all was lost), I moved forward w/ CryptoSign. As has been
demonstrated many times, the only way to get security baked in, is to
make it as easy as possible to use. I've been long familiar w/
[Crypto Box](https://nacl.cr.yp.to/box.html) by djb (and used by the
Autobahn libraries), and also the [noise protocol](http://noiseprotocol.org/)
Autobahn libraries), and also the [noise protocol](https://noiseprotocol.org/)
(which my friend Trevor created). Both of these have goals of making
it simple to let developers include security in their projects and not
mess it up, resulting in a broken system. As currently implemented,
@@ -76,7 +76,7 @@ Though the documentation is decent, some examples are not present
(`client_ssh_key.py` for example from
[WAMP-cryptosign Static Authentication](https://github.com/crossbario/crossbar-examples/tree/master/authentication/cryptosign/static)).
The
[ApplicationRunner](http://autobahn.readthedocs.io/en/latest/wamp/programming.html#running-components)
[ApplicationRunner](https://autobahn.readthedocs.io/en/latest/wamp/programming.html#running-components)
helper class does not document how to make use of authentication. Though
the static authentication page has examples, they make you write quite
a bit of boiler plate.


Write Preview
Loading…
Cancel
Save