[XML Security Suite]

DOMHASH Test Tool


Requirements


How to use

This tool lets an XML parser process XML documents (James Clark's or David Brownell's) and checks whether DOMAHSH values calculated from parser's output are correct.

The tool has two user interface. Both interfaces require the following information:

GUI-based Tool

Type the following command:

java com.ibm.dom.tester.TestDomhashGUI

Note: You can use the same command-line arguments as the Text-based tool.

Setup

[Snapshot of setup window]
XML Parser
Select an XML parser you use. Checkboxes for XML parsers not on CLASSPATH are disabled.
Table document URL
URL of a table file (*.hash). If you installed this package into E:\xss4j and use jc-md5.hash, this field must be file:///E:/xss4j/data/jc-md5.hash. This package contains four table documents:
Base URL for test cases
For xmltest.zip, if you extracted xmltest.zip on E:\xmldocs, specify file:///E:/xmldocs/xmltest/.
For suntest.zip, if you extracted suntest.zip on E:\xmldocs\suntest, specify file:///E:/xmldocs/suntest/.

Result

[Snapshot of result window]

The third and fourth columns show you the result

Text-based Tool

The program requires 3 arguments.

java com.ibm.dom.tester.TestDomhash <Parser name> <Table document URL> <Base URL for test cases>
Parser name
Class name of SAX Parser implementation, or -xml4j1, -xml4j2, -projx, -openx.
Table document URL
Base URL for test cases

The program outputs whether DOMHASH values are matched for each documents in the table file.

valid/sa/108.xml: OK.
valid/sa/109.xml: OK.
valid/sa/110.xml: FAILED: Mismatched DOMHASH: table=5B7EF821086F16AA52371AE8BD777139 realdata=0C83F567007B37342971E2565A002D91
valid/sa/111.xml: OK.

Changes

1999.4.27
The GUI-tool accepts command-line arguments.
Added com.sun.xml.parser.ValidatinSAXParser to the SAX parser list.


TAMURA, Kent
Last modified: Tue Apr 27 16:32:52 JST 1999