You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Simon Ruggier (Resolved) (JIRA)" <ji...@apache.org> on 2012/03/16 19:29:39 UTC

[jira] [Resolved] (SANTUARIO-303) TransformXPath is fundamentally broken

     [ https://issues.apache.org/jira/browse/SANTUARIO-303?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Simon Ruggier resolved SANTUARIO-303.
-------------------------------------

    Resolution: Invalid
    
> TransformXPath is fundamentally broken
> --------------------------------------
>
>                 Key: SANTUARIO-303
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-303
>             Project: Santuario
>          Issue Type: Bug
>          Components: Java
>    Affects Versions: Java 1.5.1
>            Reporter: Simon Ruggier
>            Assignee: Colm O hEigeartaigh
>
> I just attempted to use Santuario to perform a signature involving an XPath transform, only to find that the XPath transform isn't performed correctly or at all. I debugged into Santuario and found that it was because TransformXPath attaches an XPathNodeFilter to its XMLSignatureInput, which later performs a filtering operation that has little relation to the desired XPath transformation. I think the easy fix for this is to perform the XPath transform immediately within TransformXPath.enginePerformTransform, which would be simpler and more efficient than the current implementation, in addition to working correctly.
> I briefly tried to look for a workaround to this, but since the Transform class throws an exception if you try to register a transform that is already registered, it's not obvious to me how else I could work around this without just fixing it directly in Santuario.
> To give some context for this problem, here is roughly what I was doing:
> String baseURI = "";
> XMLSignature sig = new XMLSignature(
> 	doc,
> 	baseURI,
> 	XMLSignature.ALGO_ID_SIGNATURE_RSA_SHA1,
> 	Canonicalizer.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
> );
> Transforms transforms = new Transforms(doc);
> XPathContainer xpath = new XPathContainer(doc);
> String xpathString = String.format("//*[@Id='grandparentOfTextNodeToSign']/child::*/text()";
> xpath.setXPath(xpathString);
> transforms.addTransform(Transforms.TRANSFORM_XPATH, xpath.getElementPlusReturns());
> sig.addDocument("#grandparentOfTextNodeToSign", transforms);
> // Add ds:KeyInfo/ds:KeyName elements
> sig.getKeyInfo().addKeyName(username);
> sig.sign(signingKey);

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira