I am not sure I clear understand what kind of problem do you have. Will you mind to send me the file you have problems with?
Thanks, Aleksey Moultrie, Ferrell (ISSAtlanta) wrote: >Aleksey: > Ok, I've tried to use an XPath Transform to limit the data being verified. >Unfortunately, it doesn't appear to work. Here's what I see happening in the >code: > >xmlSecTransformXPathReadNode( ) [xpath.c:203] takes the input >xmlSecTransformPtr and upcasts it to a xmlSecXmlTransformPtr. It then stores >the parsed XPath string and the "here" node reference in the >xmlSecXmlTransform object it points to (at least there's checking of the >pointer assignment sanity here). > >The caller, xmlSecTransformRead, returns to its caller >xmlSecTransformNodeRead with the pointer to the object containing the XPath >transform information. The transform is further passed back to >xmlSecTransformsNodeRead which calls xmlSecTransformStateUpdate which >discovers that the transform type is xmlSecTransformTypeXml and call >xmlSecTransformCreateXml. This routine, because the file is already parsed >and both curFirstBinTransform and curC14NTransform in the state object are >NULL, does nothing and returns! > >This results in the XPath Transform information being parsed and saved but >otherwise ignored. The <Signature> block contains the following transform >which is parsed and ignored in the above case: > > <sig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"> > <sig:XPath>/ISSKeys/Contacts/Contact</sig:XPath> > </sig:Transform> > >The result is that adding an XPath transform like above, is ignored. This >works properly with the Apache Java tools so I believe that it's a legal way >to construct a reference. Eventually, I'd intended to change the XPath >reference to a here()-relative reference to solve my compound document >problem but this seemed like a quick/easy test -- unfortunately it's not >working. > >Is this a bug, or, have I missed something else? Since Apache properly >verifies this signature and the code in xmlSecTransformCreateXml seems to be >missing any knowledge of this transform, I'm guessing that it's a bug -- but >I'll appreciate your advice on how to proceed! > >Thanks! > Ferrell > >===================================== >Ferrell Moultrie ([EMAIL PROTECTED]) >Software Engineer > >Internet Security Systems, Inc. >6303 Barfield Road >Atlanta, Georgia 30328 >Phone: 404-236-2600 >Direct: 404-236-2849 >Fax: 404-236-2632 >http://www.iss.net > >Internet Security Systems -- The Power to Protect >===================================== >_______________________________________________ >xmlsec mailing list >[EMAIL PROTECTED] >http://www.aleksey.com/mailman/listinfo/xmlsec > > _______________________________________________ xmlsec mailing list [EMAIL PROTECTED] http://www.aleksey.com/mailman/listinfo/xmlsec