Sean, we try to keep up with the leading edge of the xml-sec (1.2.96). However, once upon a time it was necessary to return a node set AFAIK.
Regards, Werner Sean Mullan wrote: > What version of XMLSec are you using? > > Also, don't return an XPath node-set of all the nodes of the element's > subtree. By doing this, you will not take advantage of the optimizations > in the XMLSec library when canonicalizing subtrees and it could also be > the reason you need to invoke circumventBug2650 (Raul will probably know > for sure). Instead return an XMLSignatureInput(element) and let the > XMLSec library handle the rest. > > --Sean > > Werner Dittmann wrote: > >> Raul, >> >> in WSS4J we do Signatures. During the Id resolver we call the circumvent >> method. AFAIK we do not use XPath to select the nodes to sign, just id >> references. After locating the element to sign the resolver constructs >> a node set of all nodes to sign. This node set of course includes >> all nodes (elements, attributes, text, ...). >> >> However, when I disable the call of the circumvent method I >> get probelms in signature verification. Thus IMHO it is not so easy just >> to switch off the circumvent method. >> Thus if we don't use the circumvent method: is it possible that we do >> not get all required namespace attributes when build the node set? >> >> Regards, >> Werner >> >> Raul Benito wrote: >> >>> Don't use any xpath transformation. Select what you want to sign with: >>> >>> <Reference URI="#whatToSign">..</Reference> >>> <NodeToBeSigned id="whatToSign">..</NodeToBeSigned> >>> >>> In this way , the circumventBug2650 is not called(and other several >>> optimizations hit). And you can sign bigger documents. >>> >>> Using xpath transformation is always one order the magnitude slower. >>> >>> You can see some speed considerations form page 12, in this >>> presentation: >>> http://r-bg.com/images/SecuringXMLDocuments.pdf >>> >>> Regards, >>> >>> Raul >>> >>> On 9/21/05, John Lanier <[EMAIL PROTECTED]> wrote: >>> >>> >>>> Hi, >>>> >>>> The circumventBug2650 function in XMLUtils takes up a >>>> significant amount of memory in adding Attributes to >>>> each node. Is there any effort underway to rewrite >>>> this in a more memory-friendly way? >>>> >>>> I am unable to sign XML documents larger than about >>>> 10MB using the current (1.2.x) code base. (Pentium >>>> III, 500MB Java heap size). >>>> >>>> Any pointers from anybody who worked around this bug >>>> or managed to sign larger XML docs? >>>> >>>> Thanks >>>> ~john >>>> >>>> >>>> >>>> >>>> __________________________________ >>>> Yahoo! Mail - PC Magazine Editors' Choice 2005 >>>> http://mail.yahoo.com >>>> >>> >>> >>> >>> -- >>> http://r-bg.com >>> >> >> > >
