In your code put the correct REFERENCE URI:
sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
REFERENCE URI is different from BASE URI.
It's REFERENCE URI that you had to set empty for correct XPATH
calculations used by the XPATH Filter 2 transforms.
With a empty reference uri and XPATH specified in transforms you can
generate correctly the signature. If you don't specify any XPATH filter
2 transforms, with the previous statement you will sign the whole document.
Base URI is a parameter which doesn't appear in the generated XML signed
file, is used only as a local reference by the library during his
internal signature operations.
You can find good exmples of signatures in the samples supplied with
apache xmlsec libraries.
Bye
Daniele
[EMAIL PROTECTED] ha scritto:
> Hi,
>
>> You're confusing some terminology. A Base URI is not the URI of a document
>> being signed, it's used to resolve relative URIs during various stages of
>> work, and is irrelevant if you're trying to sign a complete document. Put
>> another way, "" is sort of a degenerate absolute URI, so a Base URI isn't
>> involved.
>>
>>> Source:
>>> BaseURI = file.toURL().toString();
>>> XMLSignature sig = new XMLSignature(document, BaseURI,
>>> XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);
>> That would mean you're signing the file itself. Possibly resulting in
>> nothing signed if your transforms end up producing no data for digest.
>
> I see. Or rather, I don't, as the API is quite poorly documented.
>
> I'll rephrase my question: How do I sign and verify Documents that I only
> have
> as Java objects, because they are retrieved via Java deserialisation? In
> particular, what is the BaseURI expected to be in such cases?
>
> I am guessing that I need a certain resolver for that, too?
>
> Sorry for all these questions and demand on your time, but XML Security needs
> more documentation, quite badly, I think.
>
> Thanks,
> Ralph
>
--
-------------------------------------------
Daniele Gagliardi
Engiweb Security - Gruppo Engineering
Corso Stati Uniti 23/I
35127 Padova, Italia
Tel. ++39 0498692507
Fax. ++39 0498692566
http://www.engiweb.com
e-mail: [EMAIL PROTECTED]
-------------------------------------------
