Hi,
I'm trying to write a piece of Java software handling
XML signature on its own.
I'm designing it to allow any type of DOM document to
be processed (be it in verification or signature).
As for signed element localization, I selected the
XPath 2 filtering method, which holds interesting
possibilities in flexibility.
This gets tricky when I ask a transformation to handle
XPath expressions with namespaces specifications (such
as "//wsse:Security" for instance).
I browsed for a while on the mail archives and noticed
Xalan does only care for namespace declaration on the
root node.
I also saw that we can use a workaround, when
providing a context node to the (Cached or not)
XPathAPI.selectxxx() method, thus providing the
necessary namespaces info.
But I cannot add such informations when proceeding to
a signature, because this is all computed by the
library alone when calling the XMLSignature.sign()
method.
This will fire the analysis of the transformations,
then start the parsing of the document to resolve the
XPath expression, which will fail because of no
namespace description associated with the specified
prefix (because it's not described in the root node).
The problem is the same if I'm trying to check a
signature which uses XPath expression with namespaces.
Since the sign and check processes are black boxes and
I cannot add a context node to them, they will fail.
I'm open to any suggestions, I don't see any coherent
way out of this...
I may have missed some details since I'm kinda new to
the XML Security topic but I'm willing to learn ;)
Regards,
Guillaume
versions of the libraries :
Xerces 2.6.2
Xalan 2.6.0
XML Security 1.2.1
__________________________________________________________________
Découvrez le nouveau Yahoo! Mail : 250 Mo d'espace de stockage pour vos mails !
Créez votre Yahoo! Mail sur http://fr.mail.yahoo.com/
