I think you've hit a bug. The Spec requires that the input to the XPath transform be a node set - which implies that what you are doing is legal.
The C++ library assumes that the input is a document. Which means that what you are doing will fail.
I just had a look at the Java library. It performs an XPath evaluation on each node in the input node set to see whether it is matched in the expression. If it is, it is added to the output node set.
That could get fairly expensive if Xalan-J is anything like Xalan-C. The setup time to get the XPath evaluation going is fairly large.
So I think the easiest way to fix this might simply be to
1. Add the case of DOM_NODE_XPATH_NODESET to the input switch, and in such a case find the base document and continue as before.
2. Perform the XPath evaluation over the entire document as before.
3. At the end, add a test to the output nodelist creation to see if the node in the result of the XPath is in the input node-set, and if so add it to the final result.
That won't be quick to do, and I probably won't get a chance to look at it until the weekend.
I'd be interested in thoughts here!
As an aside - can you use a more complex approach and build everything into one expression?
Cheers,
BerinJohn Moore wrote:
I dont know if this is legal XML DSIG but I tried to create one Reference that contained multiple XPath Transforms, as below (note: both Transforms are the same in this example, but I an really interested in a complex sequence of them):
<ds:Reference URI=""> <ds:Transforms> <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116";> <ds:XPath xmlns:xpsig="http://www.w3.org/2000/09/xmldsig#";>not(ancestor- or-self::xpsig:Signature)</ds:XPath> </ds:Transform> <ds:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116";> <ds:XPath xmlns:xpsig="http://www.w3.org/2000/09/xmldsig#";>not(ancestor- or-self::xpsig:Signature)</ds:XPath> </ds:Transform> <ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n- 20010315#WithComments"/> </ds:Transforms>
The C++ implementation failed to sign. The utility program txfmout also complains about an error in Xpath evaluation. I traced the code and found the following:
In TXFMXPath::evaluateExpr(...), the first Transform is done OK. The second Transform enters this method with "inputType = input->getNodeType()" set to a value of DOM_NODE_XPATH_NODESET. Unfortunately the switch statement "switch (inputType)" does not have a case for DOM_NODE_XPATH_NODESET, so it goes to the default which raises an exception.
I have had a little play around with what code might be run at this point, but I dont really understand what I am doing here.
So, questions:
1. Should you be able to specify multiple XPath Transforms in the one Reference?
2. If so, is this a bug?
3. If so, any chance of somebody smarter than me figuring out a solution (even if only temporary to let me continue on)
4. If it is not a bug, and should work, any hints as to what I am doing wrong?
ta john
