Re: XPath Transform filter - Sean Mullan - net.java.dev.jwsdp.users

17 messages in net.java.dev.jwsdp.usersRe: XPath Transform filter

From	Sent On	Attachments
Kesav Kumar Kolla	Jul 15, 2004 2:36 pm
Kesav Kumar Kolla	Jul 15, 2004 2:41 pm
Kesav Kumar Kolla	Jul 15, 2004 2:42 pm
Sean Mullan	Jul 15, 2004 2:52 pm
Kesav Kumar Kolla	Jul 15, 2004 3:55 pm
Kesav Kumar Kolla	Jul 15, 2004 8:15 pm
Kesav Kumar Kolla	Jul 15, 2004 8:36 pm
Sean Mullan	Jul 16, 2004 6:55 am
Kesav Kumar Kolla	Jul 16, 2004 8:01 am
Kesav Kumar Kolla	Jul 16, 2004 8:50 am
Mario Jukic (ZG/ETK)	Jul 19, 2004 12:42 am
Sean Mullan	Jul 19, 2004 6:08 am
Sean Mullan	Jul 19, 2004 11:10 am
Kesav Kumar Kolla	Jul 19, 2004 6:17 pm	.java
Sean Mullan	Jul 20, 2004 7:36 am
Kesav Kumar Kolla	Jul 21, 2004 9:10 am
Sean Mullan	Jul 21, 2004 3:03 pm

Subject:	Re: XPath Transform filter
From:	Sean Mullan (Sean...@Sun.COM)
Date:	Jul 20, 2004 7:36:31 am
List:	net.java.dev.jwsdp.users

Kesav,

I'm able to reproduce the problem. It is a bug. Let me get back to you to see if I can find a workaround.

--Sean

Kesav Kumar Kolla wrote:

I first thought XPath Filter2 transform is the right choice, when I tried I got the following error. I am attaching my whole source code for your reference. Could you please tell me whether I am doing wrong or is there any bug.

Exception in thread "main" javax.xml.crypto.dsig.XMLSignatureException: com.sun.org.apache.xml.security.transforms.TransformationException: Cannot fin d http://www.w3.org/2002/06/xmldsig-filter2 in XPath Original Exception was com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find http://www.w3.org/2002/06/xmldsig-filter2 in XP ath at org.jcp.xml.dsig.internal.dom.ApacheTransform.transform(ApacheTransform.java:94) at org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:335) at org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:232) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:298) at Test.main(Test.java:106) Caused by: com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find http://www.w3.org/2002/06/xmldsig-filter2 in XPath Original Exception was com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find http://www.w3.org/2002/06/xmldsig-filter2 in XP ath at com.sun.org.apache.xml.security.transforms.implementations.TransformXPath2Filter.enginePerformTransform(Unknown Source) at com.sun.org.apache.xml.security.transforms.Transform.performTransform(Unknown Source) at org.jcp.xml.dsig.internal.dom.ApacheTransform.transform(ApacheTransform.java:92) .. 4 more com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find http://www.w3.org/2002/06/xmldsig-filter2 in XPath Original Exception was com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find http://www.w3.org/2002/06/xmldsig-filter2 in XP ath at com.sun.org.apache.xml.security.transforms.implementations.TransformXPath2Filter.enginePerformTransform(Unknown Source) at com.sun.org.apache.xml.security.transforms.Transform.performTransform(Unknown Source) at org.jcp.xml.dsig.internal.dom.ApacheTransform.transform(ApacheTransform.java:92) at org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:335) at org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:232) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:298) at Test.main(Test.java:106) com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find http://www.w3.org/2002/06/xmldsig-filter2 in XPath at com.sun.org.apache.xml.security.transforms.implementations.TransformXPath2Filter.enginePerformTransform(Unknown Source) at com.sun.org.apache.xml.security.transforms.Transform.performTransform(Unknown Source) at org.jcp.xml.dsig.internal.dom.ApacheTransform.transform(ApacheTransform.java:92) at org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:335) at org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:232) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:298) at Test.main(Test.java:106) com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find http://www.w3.org/2002/06/xmldsig-filter2 in XPath Original Exception was com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find http://www.w3.org/2002/06/xmldsig-filter2 in XP ath at com.sun.org.apache.xml.security.transforms.implementations.TransformXPath2Filter.enginePerformTransform(Unknown Source) at com.sun.org.apache.xml.security.transforms.Transform.performTransform(Unknown Source) at org.jcp.xml.dsig.internal.dom.ApacheTransform.transform(ApacheTransform.java:92) at org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:335) at org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:232) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:298) at Test.main(Test.java:106) com.sun.org.apache.xml.security.transforms.TransformationException: Cannot find http://www.w3.org/2002/06/xmldsig-filter2 in XPath at com.sun.org.apache.xml.security.transforms.implementations.TransformXPath2Filter.enginePerformTransform(Unknown Source) at com.sun.org.apache.xml.security.transforms.Transform.performTransform(Unknown Source) at org.jcp.xml.dsig.internal.dom.ApacheTransform.transform(ApacheTransform.java:92) at org.jcp.xml.dsig.internal.dom.DOMReference.transform(DOMReference.java:335) at org.jcp.xml.dsig.internal.dom.DOMReference.digest(DOMReference.java:232) at org.jcp.xml.dsig.internal.dom.DOMXMLSignature.sign(DOMXMLSignature.java:298) at Test.main(Test.java:106)

Thanks for all your assistance.

-kesav

----- Original Message ----- *From:* Sean Mullan <mailto:Sean...@Sun.COM> *To:* use...@jwsdp.dev.java.net <mailto:use...@jwsdp.dev.java.net> *Sent:* Monday, July 19, 2004 11:10 AM *Subject:* Re: XPath Transform filter

Kesav,

You should be using the XPath Filter 2 Transform (instead of XPath Filter) for the expression you are evaluating. In your code below, you are specifying a URI of "", which when dereferenced returns a NodeSet of all nodes in the document (minus comment nodes). Each node in that NodeSet is then evaluated with the XPath expression "//book[2]" which evaluates to true for all of the nodes, thus all of the nodes are included in the digest calculation. If you want to use the XPath Transform, you need to use an expression that acts as a filter and evaluates to true or false depending on the node that is being evaluated; something like the following:

ancestor-or-self::book[author="kumar"]

However, evaluating every node of the document is inefficient, which is why you should use XPath Filter 2 Transform instead: http://www.w3.org/TR/xmldsig-filter2/

JSR 105 supports both XPath and XPath 2 Transforms. You should use an XPath Filter 2 intersect expression, like:

This takes the intersection of the subtree rooted by the 2nd book element and all nodes of the document.

or in pseudo-code:

XPathFilter2ParameterSpec spec = new XPathFilter2ParamterSpec (Collections.singletonList(new XPathType("//book[2]", XPathType.Filter.INTERSECT)); ArrayList refList = new ArrayList(); refList.add(fac.newTransform(Transform.ENVELOPED, null)); refList.add(fac.newTransform(Transform.XPATH2, spec)); Reference ref = fac.newReference("", fac.newDigestMethod(DigestMethod.SHA1, null), refList, null, null);

Try that and let me know if it works.

These are good questions and I hope to add some advanced examples in a future release.

Thanks, Sean

------------------------------------------------------------------------

	Start a set with this search
	Include this search in one of my sets
	Exclude this search from one of my sets