No, since the schema is hold by a foreign service not maintained by me. Is it at least possible to define a custom namespace for the ID? Is the ID included during the calculation of the signature?
2015-06-25 10:52 GMT+02:00 Colm O hEigeartaigh <[email protected]>: > > This is how XML Signature references content that is signed in the same > document. Can you amend your schema with something like: > > <attribute name="Id" type="ID" use="optional"/> > > Colm. > > > On Thu, Jun 25, 2015 at 7:59 AM, etlam nahkcip < > [email protected]> wrote: > >> Hi, >> >> I am trying to sign a XML-Message with help of Apache Santuario. >> >> What I'd like to achieve is having an Enveloped Signature. >> >> This is working so far, what's an Issue though, is that Santuario is >> putting an ID field into the elements. >> This ID field is not assigned to a namespace, which in my usacese leads >> to an invalid XML, since it can't be verified with the given XSD. >> >> Even with the demo which is provided on >> https://github.com/coheigea/testcases/tree/master/apache/santuario/santuario-xml-signature >> >> I can't see that there is a namespace assigned to the ID. >> >> Example Output: >> >> <PurchaseOrder xmlns="urn:example:po"> >> <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"; >> Id="Gaedee093-cfca-400c-b436-89dc426c0418"> >> <dsig:SignedInfo> >> <dsig:CanonicalizationMethod >> Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"; /> >> <dsig:SignatureMethod Algorithm=" >> http://www.w3.org/2000/09/xmldsig#rsa-sha1"; /> >> <dsig:Reference URI="#G5ee3b986-92b3-4c05-a23d-268dd04c4d8a"> >> <dsig:Transforms> >> <dsig:Transform Algorithm=" >> http://www.w3.org/2001/10/xml-exc-c14n#"; /> >> </dsig:Transforms> >> <dsig:DigestMethod Algorithm=" >> http://www.w3.org/2000/09/xmldsig#sha1"; /> >> <dsig:DigestValue>DigestValue</dsig:DigestValue> >> </dsig:Reference> >> </dsig:SignedInfo> >> <dsig:SignatureValue>SignatureValue</dsig:SignatureValue> >> <dsig:KeyInfo Id="G18aed097-5cbc-48da-94ff-fdfca5a0b3b9"> >> <dsig:X509Data> >> <dsig:X509Certificate>CertValue</dsig:X509Certificate> >> </dsig:X509Data> >> </dsig:KeyInfo> >> </dsig:Signature> >> <Items> >> <Item Code="001-001-001" Quantity="1"> >> spade >> </Item> >> <Item Code="001-001-002" Quantity="1"> >> shovel >> </Item> >> </Items> >> <ShippingAddress> >> Dig PLC, 1 First Ave, Dublin 1, Ireland >> </ShippingAddress> >> <PaymentInfo Id="G5ee3b986-92b3-4c05-a23d-268dd04c4d8a"> >> <BillingAddress> >> Dig PLC, 1 First Ave, Dublin 1, Ireland >> </BillingAddress> >> <CreditCard Type="Amex"> >> <Name>Foo B Baz</Name> >> <Number>1234 567890 12345</Number> >> <Expires Month="1" Year="2005" /> >> </CreditCard> >> </PaymentInfo> >> </PurchaseOrder> >> >> Is there any way to exclude the ID or to assign it to a namespace? >> >> Best Regards >> > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
