17 messages in net.java.dev.jwsdp.usersRe: XPath Transform filter| From | Sent On | Attachments |
|---|---|---|
| Kesav Kumar Kolla | Jul 15, 2004 2:36 pm | |
| Kesav Kumar Kolla | Jul 15, 2004 2:41 pm | |
| Kesav Kumar Kolla | Jul 15, 2004 2:42 pm | |
| Sean Mullan | Jul 15, 2004 2:52 pm | |
| Kesav Kumar Kolla | Jul 15, 2004 3:55 pm | |
| Kesav Kumar Kolla | Jul 15, 2004 8:15 pm | |
| Kesav Kumar Kolla | Jul 15, 2004 8:36 pm | |
| Sean Mullan | Jul 16, 2004 6:55 am | |
| Kesav Kumar Kolla | Jul 16, 2004 8:01 am | |
| Kesav Kumar Kolla | Jul 16, 2004 8:50 am | |
| Mario Jukic (ZG/ETK) | Jul 19, 2004 12:42 am | |
| Sean Mullan | Jul 19, 2004 6:08 am | |
| Sean Mullan | Jul 19, 2004 11:10 am | |
| Kesav Kumar Kolla | Jul 19, 2004 6:17 pm |  .java |
| Sean Mullan | Jul 20, 2004 7:36 am | |
| Kesav Kumar Kolla | Jul 21, 2004 9:10 am | |
| Sean Mullan | Jul 21, 2004 3:03 pm |
| Subject: | Re: XPath Transform filter | |
|---|---|---|
| From: | Kesav Kumar Kolla (kesa...@hotmail.com) | |
| Date: | Jul 19, 2004 6:17:29 pm | |
| List: | net.java.dev.jwsdp.users | |
| Attachments: | ||
I first thought XPath Filter2 transform is the right choice, when I tried I got
the following error. I am attaching my whole source code for your reference.
Could you please tell me whether I am doing wrong or is there any bug.
Exception in thread "main" javax.xml.crypto.dsig.XMLSignatureException:
com.sun.org.apache.xml.security.transforms.TransformationException: Cannot fin
d http://www.w3.org/2002/06/xmldsig-filter2 in XPath
Original Exception was
com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find
http://www.w3.org/2002/06/xmldsig-filter2 in XP
ath
at
org.jcp.xml.dsig.internal.dom.ApacheTransform.transform(ApacheTransform.java:94)
at
org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:335)
at
org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:232)
at
org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:298)
at Test.main(Test.java:106)
Caused by: com.sun.org.apache.xml.security.transforms.TransformationException:
Cannot find http://www.w3.org/2002/06/xmldsig-filter2 in XPath
Original Exception was
com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find
http://www.w3.org/2002/06/xmldsig-filter2 in XP
ath
at
com.sun.org.apache.xml.security.transforms.implementations.TransformXPath2Filter.enginePerformTransform(Unknown
Source)
at
com.sun.org.apache.xml.security.transforms.Transform.performTransform(Unknown
Source)
at
org.jcp.xml.dsig.internal.dom.ApacheTransform.transform(ApacheTransform.java:92)
... 4 more
com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find
http://www.w3.org/2002/06/xmldsig-filter2 in XPath
Original Exception was
com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find
http://www.w3.org/2002/06/xmldsig-filter2 in XP
ath
at
com.sun.org.apache.xml.security.transforms.implementations.TransformXPath2Filter.enginePerformTransform(Unknown
Source)
at
com.sun.org.apache.xml.security.transforms.Transform.performTransform(Unknown
Source)
at
org.jcp.xml.dsig.internal.dom.ApacheTransform.transform(ApacheTransform.java:92)
at
org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:335)
at
org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:232)
at
org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:298)
at Test.main(Test.java:106)
com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find
http://www.w3.org/2002/06/xmldsig-filter2 in XPath
at
com.sun.org.apache.xml.security.transforms.implementations.TransformXPath2Filter.enginePerformTransform(Unknown
Source)
at
com.sun.org.apache.xml.security.transforms.Transform.performTransform(Unknown
Source)
at
org.jcp.xml.dsig.internal.dom.ApacheTransform.transform(ApacheTransform.java:92)
at
org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:335)
at
org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:232)
at
org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:298)
at Test.main(Test.java:106)
com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find
http://www.w3.org/2002/06/xmldsig-filter2 in XPath
Original Exception was
com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find
http://www.w3.org/2002/06/xmldsig-filter2 in XP
ath
at
com.sun.org.apache.xml.security.transforms.implementations.TransformXPath2Filter.enginePerformTransform(Unknown
Source)
at
com.sun.org.apache.xml.security.transforms.Transform.performTransform(Unknown
Source)
at
org.jcp.xml.dsig.internal.dom.ApacheTransform.transform(ApacheTransform.java:92)
at
org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:335)
at
org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:232)
at
org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:298)
at Test.main(Test.java:106)
com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find
http://www.w3.org/2002/06/xmldsig-filter2 in XPath
at
com.sun.org.apache.xml.security.transforms.implementations.TransformXPath2Filter.enginePerformTransform(Unknown
Source)
at
com.sun.org.apache.xml.security.transforms.Transform.performTransform(Unknown
Source)
at
org.jcp.xml.dsig.internal.dom.ApacheTransform.transform(ApacheTransform.java:92)
at
org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:335)
at
org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:232)
at
org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:298)
at Test.main(Test.java:106)
Thanks for all your assistance.
-kesav ----- Original Message ----- From: Sean Mullan To: use...@jwsdp.dev.java.net Sent: Monday, July 19, 2004 11:10 AM Subject: Re: XPath Transform filter
Kesav,
You should be using the XPath Filter 2 Transform (instead of XPath Filter) for the expression you are evaluating. In your code below, you are specifying a URI of "", which when dereferenced returns a NodeSet of all nodes in the document (minus comment nodes). Each node in that NodeSet is then evaluated with the XPath expression "//book[2]" which evaluates to true for all of the nodes, thus all of the nodes are included in the digest calculation. If you want to use the XPath Transform, you need to use an expression that acts as a filter and evaluates to true or false depending on the node that is being evaluated; something like the following:
ancestor-or-self::book[author="kumar"]
However, evaluating every node of the document is inefficient, which is why you should use XPath Filter 2 Transform instead: http://www.w3.org/TR/xmldsig-filter2/
JSR 105 supports both XPath and XPath 2 Transforms. You should use an XPath Filter 2 intersect expression, like:
<Reference URI=""> <Transforms> <Transform Algorithm="http://www.w3.org/2002/06/xmldsig-filter2"> <XPath Filter="intersect">//book[2]</XPath> </Transform> </Transforms> </Reference>
This takes the intersection of the subtree rooted by the 2nd book element and all nodes of the document.
or in pseudo-code:
XPathFilter2ParameterSpec spec = new XPathFilter2ParamterSpec
(Collections.singletonList(new XPathType("//book[2]",
XPathType.Filter.INTERSECT));
ArrayList refList = new ArrayList();
refList.add(fac.newTransform(Transform.ENVELOPED, null));
refList.add(fac.newTransform(Transform.XPATH2, spec));
Reference ref = fac.newReference("",
fac.newDigestMethod(DigestMethod.SHA1, null), refList, null, null);
Try that and let me know if it works.
These are good questions and I hope to add some advanced examples in a future release.
Thanks, Sean