Hi, > > I think I could also have an identifying attribute in the <pdpa:message>, > > and replace the expression with id("nameOfIDAttr"). Which is, I think, > > the recommended way as it is faster and less error-prone (I can assume > > Schema-aware entities). > > Then by all means do not use XPath. But if you use an ID, you don't need to > use an xpointer, just set the Reference URI to "#foo" where foo is the ID. > No extra transform needed, apart from c14n or something else like that.
I know the XPath, but not sure how this is works, so... The # is a URI fragment operator (URI-RFC), so this would make the XML something like this (<pdpa:message> contains the subtree to be signed): <pdpa:message xmlns:pdpa="http://ralphholz.de/PDP-A_1" pdpaId="pdpaId"> ... </pdpa:message> And I reference it by: sig.addDocument(BaseURI+"#pdpaId", transforms, Constants.ALGO_ID_DIGEST_SHA1); Do you mean that - would that select the subtree if both the attribute name and attribute value "pdpaId" occur only once in the document? I said "Schema-aware" above but actually I meant my parsers know the XML they work on, not that I have an XSD defined - would the XSD be needed or is it enough that the attribute is unique? Thanks, Ralph -- For contact details, please see www.ralphholz.de.
signature.asc
Description: This is a digitally signed message part.