|
Hi, We’re trying to validate
XML digital signatures enveloped
in another transport documents, as depicted below <Transport> <Invoice> <NodeToBeSigned/> … <ds:Signature> <ds:Reference=”#NodeToBeSigned”…> </ds:Signature> </Invoice> </Transport> Normally, the construction of the whole
message is as follows, the data-to-be-signed (Invoice)
is created and then signed
(ds:Signature). The references (#NodeToBeSigned) of the signature are relative to the
Invoice. After that, the invoice
is slipped inside a transport document suitable for these purposes… When receiving the signature,
we must invert
the construction steps, thus considering
only the invoice (effectively detaching the invoice
from the transport document). In that process, we’re
getting some problems when studying
the following strategies Option A ) XMLObject.copy() over the invoice:
This option creates a document-fragment, so the XML processor fails, because it’s expecting a full Invoice element. To get
there, we’re considering to get the document
for the Invoice,
but we don’t know how
to do this (specially in the cases where the Invoice
schema is not known to XMLBeans
and should be treated as an AnyType. Option B) XMLObject.save()
(and alter that reparsing, less efficient), but when trying this
option, the signature gets broken because the namespaces from the parent
nodes (transport) are also included on
the invoice node. Using the
saveImplicitNamespaces() option works,
but this can fail because we
don’t know which of these namespaces are declared in the parent and which
ones are declared in the invoice and
in the ds:Signature. Any hints or guidelines
would be greatly appreciated, Thanks in advance, Best regards, Dave Garcia |
smime.p7s
Description: S/MIME cryptographic signature
