santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Colm O hEigeartaigh <cohei...@apache.org>
Subject Re: xmlsec test
Date Tue, 03 Jan 2012 14:53:34 GMT
Hi Paul,

Could you create a test-case for this and I'll take a look?

Colm.

On Tue, Dec 27, 2011 at 9:01 PM, Paul <ppage4@yahoo.com> wrote:
>
> I have a question about signing xml and then using xpaths against the new
> signature tags in the xml. In one case a co-worker checked in some code that
> had a very subtle change - here is a simplified example:
>
> (xmlsec 1.4.5)
>
> ...
> Document doc = dbf.newDocumentBuilder().parse( new FileInputStream(
> fileName ) );
>
> DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(),
> doc.getDocumentElement());
>
> XMLSignature signature = fac.newXMLSignature(si, ki);
>
> signature.sign(dsc);
>
> if ( doTransform == true )
> {
>        OutputStream os = new FileOutputStream(outputFilename);
>        TransformerFactory tf = TransformerFactory.newInstance();
>        Transformer trans = tf.newTransformer();
>        trans.transform(new DOMSource(doc), new StreamResult(os));
>
>        doc = dbf.newDocumentBuilder().parse( new FileInputStream(
> outputFilename ) );
> }
> ...
>
> If I set the doTransform variable to true, then all of the code works as
> designed. On the other hand, if I set doTransform to false and just use the doc
> directly, then xpaths looking for "Signature" will fail. So, it seems that this
> last transformation step is required? Or another way of looking at it - you
> can't just have one Document object for operations both before signing and
> after signing - there has to be one transformation that takes place. I'm
> thinking about this in terms of server performance where there may be 50 - 100
> threads signing stuff at the same time.
>
> thanks,
> Paul.
>
>
>



-- 
Colm O hEigeartaigh

Talend Community Coder
http://coders.talend.com

Mime
View raw message