santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject Re: How to sign a sub-tree
Date Tue, 07 Aug 2007 14:00:30 GMT

thanks, that was exactly the pointer I needed! If you have a minute to have a 
look at this. My doc looks like this


I would like to sign the "message" payload in the Body. So I did

			String filter [][] = {{XPath2FilterContainer.INTERSECT, "//Body/message"}};
					XPath2FilterContainer.newInstances(document, filter));

and the usual Signature transforms (canonise it, sign it) and got:

<ds:SignedInfo xmlns:ds="">
<ds:Reference URI="" xmlns:ds="">
<ds:Transforms xmlns:ds="">
<ds:Transform Algorithm="" 
<dsig-xpath:XPath xmlns:dsig-xpath="" 

where I *hope* the XPath expression returns exactly the element I wanted, i.e. 
the intersection of the whole document (BaseURI, nothing else specified) with 
the Body/message portion.

I think I could also have an identifying attribute in the <pdpa:message>, and 
replace the expression with id("nameOfIDAttr"). Which is, I think, the 
recommended way as it is faster and less error-prone (I can assume 
Schema-aware entities).

Would this be the correct way? I am asking because it is kind of difficult to 
find out what's happening inside the black box, i.e. there is no output as to 
which elements are actually being signed.


For contact details, please see

View raw message