> Raul, > thanks. > > However, the element that I create is a top level > elemen, i.e. an apex node (as far as I understand the > c14n specs). According to the WSS specs > > <cite> > * Finally, employ the canonicalization method specified as a parameter to > the transform to > serialize N to produce the octet stream output of this transform; but, in > place of any > dereferenced <wsse:SecurityTokenReference> element Ri and its descendants, > process the dereferenced node set Ri' instead. During this step, > canonicalization of the > replacement node set MUST be augmented as follows: > o Note: A namespace declaration xmlns="" MUST be emitted with every apex > element that has no namespace node declaring a value for the default > namespace; cf. XML Decryption Transform. > </cite> > > I've tried several things, no success. I explicitly set an empty > default namespace, this is the top level argument (except for the > document node). > > If I use canonicalizeXPathNodeSet(nodeset, incNamespace) would this > work? A very confusing topic.... :-) (And hard to read specs too). > > Regards, > Werner >
My undestand of the c14n spec more empiricall than theoricall, but I can tell you, that at the beginig I forget to add this behaviour in my c14n rewrite and it emits xmlns="" definitions at the "apex" node. and It made all the signature test cases gently faild. If you see the xmlns="" must be emited only if the parent *emited* has a non null default namespace and the current node has a empty one(i.e. no definition or xmlns=""). I can propose you a bad hack that it think it will work: why you don't wrap the apex node with a fake parent that defines a xmlns to whatever. Then you c14n the tree and strip the fake root element with the xmlns def? It's ugly but you can keep working on it. Till you ask the wsee masters what they mean with these clear lines.
