Hi Sean, Thanks for your reply. I tried with the input that were given by you to use XPathFilter2Transform with an XPathFilter2ParameterSpec. But the thing is in output XML, Under signature tag I am getting the following output::
---------------------------------------------------Source-start------------------------------------ <ds:Signature> <ds:SignedInfo> <ds:CanonicalizationMethod Algorithm=" http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/> <ds:SignatureMethod Algorithm=" http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/> <ds:Reference URI="#xpointer(//*%5B@authenticate='true'])"> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2";> <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2"; Filter="subtract">/descendant::*[name()='ds:Signature']</XPath> </ds:Transform> <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/> </ds:Transforms> <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/> <ds:DigestValue>mCvp/VNBFGQZFGJKBjT6dOifpoeS6G2j+t88RQEwnFQ=</ds:DigestValue> </ds:Reference> </ds:SignedInfo> <ds:SignatureValue>IEzsw0I0qQ00s0r1iigXBg+KwiDilclQfvnqC2QpdS1F6CaKHMOWsWm76oFaCXClAK18A0pMwxTw E7DKmkGQfYHyFyt/XojuFsF9CwObS5TItsG4hdcD9MFaTUOe0D44nI3GU6g5dUB4eI1/F51GvWYd dN1CXLFhsgrj1GfvDCSa6bM5U700aFX5WqiM73COf40h0/uHYRgW69zn+gqAidZqqDWJ9t55rUYk 9kOCLZr5JsLkE0fiwy/Ep37JgDxVDn5Lyi1x24T7inBo8jivtSkex9hjTtSBmzR0wxZTvaJAW/bx JBxbRsIEMw5Hz6rDgFcCNA5WRB6l5Yf4pVuB+w==</ds:SignatureValue> </ds:Signature> ----------------------------------------------------Source-end------------------------------------- So the issue is the below tag info also gets add in <Signature tag>: ---------------------------------------------------Source-start------------------------------------ <ds:Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2";> <XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2"; Filter="subtract">/descendant::*[name()='ds:Signature']</XPath> </ds:Transform> ----------------------------------------------------Source-end------------------------------------- Which is not required and if I remove this tag from the output I will face signature verification failure issue!! Any leads how to pivot or remedy for this issue? Thanks in advance, Regards, Shubham On Fri, May 18, 2018 at 7:58 PM Sean Mullan <sean.mul...@oracle.com> wrote: > On 5/17/18 1:54 AM, Shubham Rajput wrote: > > > > Any lead why the signature is forming for the node element name only and > > not for the whole node? > > I can't remember for sure now, but it probably has something to do with > the way you are returning the nodes from your URIDereferencer. > > You are probably better off defining an XPathFilter2Transform with an > XPathFilter2ParameterSpec [1] for your signature and letting that do the > filtering for you automatically. > > HTH, > Sean > > [1] > > https://docs.oracle.com/javase/10/docs/api/javax/xml/crypto/dsig/spec/XPathFilter2ParameterSpec.html >
