Did you know that Manifest/Reference digests are not validated by default?
This is just a guess, and probably not exactly what you want because I don't think I fully understand the problem, but you could validate the first signature including the manifests and then disable it for subsequent signatures, see (XMLSignature.setFollowNestedManifests(false))... so effectively your file digest is only calculated and verified once.
--Sean jason marshall wrote:
I have a usage of XML Signatures that's probably at the intersection of several out-of-the-ordinary uses of the spec, and I'm wondering if there are any shortcuts I can take. I am using ds:Object/ds:Manifest References to refer to external files, for the purposes of providing a digest of files which accompany to the XML document. Sometimes these files are quite large. I am also using detached signatures, sometimes more than one to a single XML file. In this case the certs mean different things to different consumers of the same XML file. They might be added all at once, or accumulated over time. This results in a situation where one XML document posesses multiple digests for the same file. This presents a throughput problem when verifying signatures, as the digests in this case are the proverbial tall tent pole by a good margin. I haven't discovered any mechanism built into the XMLSec API which allows or encourages the sharing of digest calculations for the same resource. From my reading of the Java implementation, all of the fields and methods related to calculating the digest are safely hidden away from my grubby hands, and probably for good reason considering how fragile this could make the verification code. I'm wondering if there's some way to accomplish this without jeopardizing correctness, and especially without heavily subclassing the Reference or Manifest class to do so. Or am I out of luck? Thanks, Jason Marshall
