0 Replies Latest reply: Nov 9, 2012 6:33 AM by 973484 RSS

    Problem signing XML when applying XPATH2 filer

    973484
      I have a problem when applying XPATH2 filter to a XML Signature, because it inserts the namespaces from the main XML node to all descendants. I'm doing this:

      1. XMLSignatureFactory fac = XMLSignatureFactory.getInstance(AppConstants.DOM);
      2. XPathType tipoFiltro = new XPathType("//mainNode", Filter.INTERSECT);
           3. ArrayList<XPathType> lista = new ArrayList<XPathType>();
           4. lista.add(tipoFiltro);
           5. XPathFilter2ParameterSpec listaXPath = new XPathFilter2ParameterSpec(lista);
           6. Transform filtro = fac.newTransform(Transform.XPATH2, listaXPath);
           7. Transform enveloped = fac.newTransform(Transform.ENVELOPED,(TransformParameterSpec) null);
           8. ArrayList<Transform> listaTransformadas = new ArrayList<Transform>();
           9. listaTransformadas.add(filtro); //If comented, no problem
           10. listaTransformadas.add(enveloped);
           
           11. ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), listaTransformadas,null,null);     
           12. SignedInfo si = fac.newSignedInfo(fac.newCanonicalizationMethod(CanonicalizationMethod.INCLUSIVE,(C14NMethodParameterSpec) null), fac.newSignatureMethod(SignatureMethod.RSA_SHA1, null), Collections.singletonList(ref));
           
           ... more code (KeyInfo,...)
           
           13. DOMSignContext dsc = new DOMSignContext(keyEntry.getPrivateKey(), doc.getDocumentElement());
           14. XMLSignature signature = fac.newXMLSignature(si, ki);
           15. signature.sign(dsc);
           
           If I do the same without XPATH2 filter (Line 9 commented), it doesn't insert the namespaces in any node (they're only in the main node). The objetive of applying this xpath2 filter is to exclude XSLT reference (<?xml-stylesheet type="text/xsl" href=".\xsl\myTemplate.xsl"?>) from the signature.
           
           How can I avoid this situation? Is there another method for signing XML documents that allows this? Is there another way to exclude XLST reference that doesn't insert namespaces in all nodes?