Hi, > You're confusing some terminology. A Base URI is not the URI of a document > being signed, it's used to resolve relative URIs during various stages of > work, and is irrelevant if you're trying to sign a complete document. Put > another way, "" is sort of a degenerate absolute URI, so a Base URI isn't > involved. > > > Source: > > BaseURI = file.toURL().toString(); > > XMLSignature sig = new XMLSignature(document, BaseURI, > > XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1); > > That would mean you're signing the file itself. Possibly resulting in > nothing signed if your transforms end up producing no data for digest.
I see. Or rather, I don't, as the API is quite poorly documented. I'll rephrase my question: How do I sign and verify Documents that I only have as Java objects, because they are retrieved via Java deserialisation? In particular, what is the BaseURI expected to be in such cases? I am guessing that I need a certain resolver for that, too? Sorry for all these questions and demand on your time, but XML Security needs more documentation, quite badly, I think. Thanks, Ralph -- For contact details, please see www.ralphholz.de.
signature.asc
Description: This is a digitally signed message part.
