[xmlsec] Find out what is signed
Ulrich.Wimboeck at de.gi-de.com
Ulrich.Wimboeck at de.gi-de.com
Tue Feb 18 11:16:01 PST 2003
Hi,
in my application I have the following problem:
In order to sign a part of a document I add a Signature within the tree of
the element I want to sign.
To select the element I use an XPath expression. Usually this is no
problem.
But now: What if someone adds a signature to the document (of cause he
needs to have the secret key)
with the XPath expression as shown in the example. This XPath expression
does not refer to the
data I assume.
Is there way to get the node (nodelist) which is signed by the signature -
something like
xmlNodePtr getSignedNode(xmlNodePtr signatureNode) ; ?
Then it would be possible for me if the correct node is meant.
Thanx
Uli
<?xml version="1.0" encoding="UTF-8"?>
<Root>
<Data SomeAttribute="Value">
<Checksum>
<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
<SignedInfo>
<CanonicalizationMethod Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
<SignatureMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#hmac-sha1"/>
<Reference URI="">
<Transforms>
<Transform Algorithm="
http://www.w3.org/2002/06/xmldsig-filter2">
<XPath xmlns="http://www.w3.org/2002/06/xmldsig-filter2
" Filter="intersect">//ancestor-or-self::Data[attribute::SomeAttribute=
"ValueOfOtherDataElement"]</XPath>
</Transform>
<Transform Algorithm="
http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
<Transform Algorithm="
http://www.w3.org/2001/10/xml-exc-c14n#"/>
</Transforms>
<DigestMethod Algorithm="
http://www.w3.org/2000/09/xmldsig#sha1"/>
<DigestValue>pnyqjufX6FlbaUvSi1PXUpv+++c=</DigestValue>
</Reference>
</SignedInfo>
<SignatureValue>GquSfEU9DZraSLWyIEyr96QNvYY=</SignatureValue>
</Signature>
</Checksum>
</Data>
<Data SomeAttribute="ValueOfOtherDataElement"/>
</Root>
More information about the xmlsec
mailing list