I have send to you alreadyHello,
The changes are a big path file of 168.243 bytes that can be summarized in four parts:
Send them my way!
Yes, I have the same problem. My first approach was to circumvent when the xpath is used, and mark the xmlsignatureInput as circumvented. And then check in the c14nXpathnodeset if it was c14ned or not.
* C14N rewrite: I’ll see that a big part of time is gone in the
canonicalization. This part is our biggest time hog: So I have
more or less rewrite it using a name spaces table approach. As I
descend the document nodes I fill a name space table with the
xmlns definitions and whether are rendered in c14n tree or not.
The old method relay of having the doc tree circumvented (i.e.
have all the namespaces of the parent copies in all of its
children) and then look upward in the tree (using the getParent()
DOM function) to see if a current namespace had been already
rendered. This method is memory expensive (it creates a new
attribute for every namespace defined in a parent node) and not
very efficient for big tree documents. The new one seems better in
these two aspects. But the speed improvements depend of the
specific DOM tree.
These changes permit to get rid of a lot of calls to
circumventeBug2650
These changes are the 60% of the patch. And impact only: org/apache/xml/security/c14n/implementations/*
How did you get past the XPath selection problem?
I started doing the same approach in the C++ code but found it fails, because you have to have cascaded the name spaces for certain XPath transformations to work. There is a test case from Merlin that fails beautifully. Unless you put each namespace in each element, you don't know whether the XPath expression will select it or not, so you don't know whether to render it or not.
And acts apropietly.
But after the exclude node and things i see that the c14nxpathnodeset is mostly called because the xpath was needed. And i put the restriction of the c14nxpathnodeset must be called with a circumbeted dom. The c14nsubtree can be called without this.
