I dont know if this is legal XML DSIG but I tried to create one Reference that contained multiple XPath Transforms, as below (note: both Transforms are the same in this example, but I an really interested in a complex sequence of them):
<ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116";> <ds:XPath xmlns:xpsig="http://www.w3.org/2000/09/xmldsig#";>not(ancestor- or-self::xpsig:Signature)</ds:XPath> </ds:Transform> <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116";> <ds:XPath xmlns:xpsig="http://www.w3.org/2000/09/xmldsig#";>not(ancestor- or-self::xpsig:Signature)</ds:XPath> </ds:Transform> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n- 20010315#WithComments"/> </ds:Transforms> The C++ implementation failed to sign. The utility program txfmout also complains about an error in Xpath evaluation. I traced the code and found the following: In TXFMXPath::evaluateExpr(...), the first Transform is done OK. The second Transform enters this method with "inputType = input->getNodeType()" set to a value of DOM_NODE_XPATH_NODESET. Unfortunately the switch statement "switch (inputType)" does not have a case for DOM_NODE_XPATH_NODESET, so it goes to the default which raises an exception. I have had a little play around with what code might be run at this point, but I dont really understand what I am doing here. So, questions: 1. Should you be able to specify multiple XPath Transforms in the one Reference? 2. If so, is this a bug? 3. If so, any chance of somebody smarter than me figuring out a solution (even if only temporary to let me continue on) 4. If it is not a bug, and should work, any hints as to what I am doing wrong? ta john
