santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Scott Cantor" <canto...@osu.edu>
Subject RE: Can I set the BaseURI to empty?
Date Mon, 13 Aug 2007 17:02:14 GMT
> I create and sign a Document that does not have a URI: I intend to send it
> over the net as a Java-serialised object (because I use a P2P net for
> sending). So the XML does not really exist as a file anywhere and I would
> like to set the BaseURI to "" (empty). Signing with this works, but the
> verification gives me: WARNING: Verification failed for URI "".

You're confusing some terminology. A Base URI is not the URI of a document being signed, it's
used to resolve relative URIs during various stages of work, and is irrelevant if you're trying
to sign a complete document. Put another way, "" is sort of a degenerate absolute URI, so
a Base URI isn't involved.

> As I understand http://www.w3.org/TR/xmldsig-core/#sec-URI, the Reference
> URI is allowed be empty:
> 
> "If the URI attribute is omitted altogether, the receiving application is
> expected to know the identity of the object."

That's not the same thing as URI="". Omitting is not the same as setting to an empty string.

> Source:
> BaseURI = file.toURL().toString();
> XMLSignature sig = new XMLSignature(document, BaseURI,
> XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1);

That would mean you're signing the file itself. Possibly resulting in nothing signed if your
transforms end up producing no data for digest.
 
-- Scott



Mime
View raw message