The only problem with this (and the reason it's not done this way in the C++ library) is that the document could be absolutely enormous (that's a technical term there ;>), and in the worst case this takes a copy of the entire document.
So by adding the namespace attributes to the current document, but keeping a record of what you have added so you can remove it, you keep memory down.
You have to re-generate the entire thing anyway on every sign/verify, even if the signature object hasn't changed, as the application *may* have changed the underlying DOM tree, so throwing away the work after every operation is not as wasteful as it sounds.
What do others think?
Cheers,
BerinVishal Mahajan wrote:
We can probably use the following approach for cascading the namespace attributes and at the same time not modifying the original document --
1) Let X be the element selected for signing/verification.
2) Find the set of namespaces attributes that need to be added to X by traversing up the tree starting from X (till we reach the document element).
3) Clone X to get Y.
4) Add the above computed (Step 2) set of attributes to Y.
4) Cascade namespace attributes down the Y tree.
5) Use Y for all future operations.
This can be implemented without making too many major changes to the code (I can volunteer for this). The only drawback that I see with this approach is the expense of the clone operation.
Any comments on this?
Regards,
Vishal
Berin Lautenbach wrote:
Jozef Aerts - Comp.Chem.Cons. - XML4Pharma wrote:
Dear Berin,
Many thanks. Does the cascading down HAVE to happen ? Or can it be avoided ?
As I understand it (and maybe someone else can comment here!) - yes it does.
The C++ library bypasses this by keeping a record of the cascaded namespace attributes and then removing them after canonicalisation, but that hasn't been built into the Java library (yet... :>).
If it cannot be avoided, is there a way to "uncascade" it after signing, or at verification time ?
Not that I am aware of.
Unfortunately, the code from "the code below" was missing in your mail. Could you send it to me ?
Apologies - I meant your code (it was originally "below" when I quoted :>.) SO the question was - are you trying to validate a previously signed document that you have now added the schema attribute to, or are you signing a "schema document" and then the validation is failing? If the former, then the validation *should* fail. If the latter, then the validation should succeed, so we need to track down the problem.
