Transforms with prefixes in XPath values

Mon, 23 Aug 2004 03:34:48 -0700 

Hi!

I have a situation where I would like to use XPath or Filter2 transforms to sign a part of a document that is prefixed.

Example:

<doc xmlns:a="http://www.biz.com/ns/a.html";
     xmlns:b="http://www.biz.com/ns/b.html";>
  <a:foo>foo</a:foo>
  <b:bar>bar</b:bar>
</doc>

Transform type 'Filter2 - intersect' with the value '//a:foo'


This works fine, as the prefix-namespace declaration can be seen when creating the signature. It gets more interesting when the namespace declarations are not in the root node.

Example:

<doc>
  <a:foo xmlns:a="http://www.biz.com/ns/a.html";>foo</a:foo>
  <b:bar xmlns:b="http://www.biz.com/ns/b.html";>bar</b:bar>
</doc>

This will lead to a 'javax.xml.transform.TransformerException: Prefix must resolve to a namespace: a'.

What is the general advice for using prefixes in the XPath value for Filter2 and XPath transforms, and what does the standards say?

As far as I can see, with my limited knowledge in this area, there are two solutions. One is to always have the declarations in the root node, or to somehow dynamically add them to the Transform objects.

Example:

/** The signature */
XMLSignature signature;

/** The document that gets signed */
Document document;

/** Filter2 map (type - xpath)
String[][] filters;

/** Prefix map (prefix - namespace)
String[][] prefixes;

...

Transforms transforms = new Transforms( document );
transforms.addTransform( Transforms.TRANSFORM_ENVELOPED_SIGNATURE );
transforms.addTransform( Transforms.TRANSFORM_XPATH2FILTER,
  XPath2FilterContainer.newInstances( document, filters ) );

signature.addDocument( "", transforms, Constants.ALGO_ID_DIGEST_SHA1 );

for( int i = 0; i < transforms.getLength(); i++ )
{
    Transform transform = transforms.item( i );
    for( int j = 0; j < prefixes.length; j++ )
    {
        transform.setXPathNamespaceContext(
          prefixes[j][0], prefixes[j][1] );
    }
}


Thoughts?


My personal first reaction would be to always have the original documents declare all prefix mappings in the root element. Mostly this is not possible as documents usually come from other sources plus that some tools optimize the document, so even if the original one was like the first example it might become like the second. Changing the original documents might also be little dangerous as they easily get unverifiable.


Cheers,

//
Johan

Reply via email to