Hi,
> You're confusing some terminology. A Base URI is not the URI of a document
> being signed, it's used to resolve relative URIs during various stages of
> work, and is irrelevant if you're trying to sign a complete document. Put
> another way, "" is sort of a degenerate absolute URI, so a Base
In your code put the correct REFERENCE URI:
sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
REFERENCE URI is different from BASE URI.
It's REFERENCE URI that you had to set empty for correct XPATH
calculations used by the XPATH Filter 2 transforms.
With a empty reference uri and
> I'll rephrase my question: How do I sign and verify Documents that I only
> have as Java objects, because they are retrieved via Java deserialisation? In
> particular, what is the BaseURI expected to be in such cases?
That depends on how the Signature relates to the content. Is it enveloped,
en
Hi Scott,
[... Help...]
Thanks for the tips, I'll try them out asap!
> > Sorry for all these questions and demand on your time, but XML Security
> > needs more documentation, quite badly, I think.
>
> These libraries just aren't set up for novices. Mine aren't either.
> Documentation takes a lot
> Well, that's the thing, isn't it - a vicious circle. E.g., I am not new to
> XML nor cryptography (my topic is network security), but very new to XML
> Security... and if people don't find their way into the lib, they will
> hardly be able to contribute. No offense was meant, Scott, I am sure the
