[Java] XML Signature on external files

Fri, 27 Feb 2004 00:39:45 -0800 

Hi,

I'm trying to sign an XML file that requires external files
(attachments) to be signed together with parts of the XML document
itself. These attachment files - which can be of any type (plain text,
binary, ...) are referenced from within the document by including them
in the 'href' attribute of certain elements in the document. Currently,
I'm signing them by using a custom Transformation (our own URI as
transformation URI and a custom class that extends the TransformSpi
class to provide the file contents to the XML Security signature
classes) to sign these files.

The reason for using a custom transformation instead of including the
filename of the external file directly in the signature XML (I guess as
baseURI) is that the href value can change (if the filename of the
external attachment changes) without the signature breaking, as long as
the content of the file doesn't change. What I'm wondering is if there
is a method to create a signature over external data by saying something
like 'the contents of the file that is specified in the href attribute
of the aml-block:Data tag'.



Example of XML file that will include signature:

<soap-env:Envelope
xmlns:soap-env="http://www.w3.org/2003/05/soap-envelope";>
        <soap-env:Header>
                ...
        </soap-env:Header>
        <soap-env:Body>
                ...
                        <aml-block:Attachment
aml-block:id="3fe29258d1efb468:1da669c:faf61069c1:-7ffc"
type="external">
                                <aml-block:Data
href="file:///d:/tmp/xyz.xml" />
                        </aml-block:Attachment>
        </soap-env:Body>
</soap-env:Envelope>



So the transforms that I currently use:

<ds:Transforms xmlns:aml-block="...">
        <ds:Transform
Algorithm="http://www.w3.org/2002/06/xmldsig-filter2";>
                <dsig-xpath:XPath Filter="intersect"
xmlns:dsig-xpath="http://www.w3.org/2002/06/xmldsig-filter2";>
        
//aml-block:[EMAIL PROTECTED]:id='3fe29258d1efb468:1da669c:faf61069c
1:-7ffc']
                </dsig-xpath:XPath>
        </ds:Transform>
        <ds:Transform Algorithm="http://test_uri"; />
</ds:Transforms>

Where the 'http://test_uri' transformation will parse the
<aml-block:Attachment> that is passed to it as input and return the
contents of the file in the <aml-block:Data> href attribute (in this
case file:///d:/tmp/xyz.xml) as output.


Any hints will be greatly appreciated.


Regards,

Johan Vanbockryck

Reply via email to