Details
-
New Feature
-
Status: Resolved
-
Major
-
Resolution: Fixed
-
None
-
None
-
Patch Available
-
Unknown
Description
The current xmlsecurity component supports enveloping and enveloped XML signatures. The attached patch enhances this component so that also detached XML signatures (see specification http://www.w3.org/TR/xmldsig-core/#def-SignatureDetached) can be used. The patch supports the case where the signature is a sibling of the signed element and the signed element is referred by a ID attribute value. Also several signatures within the same XML document (even nested signatures) are supported.
For this new functionality, the signer configuration has got two new parameters:
- xpathsToIdAttributes xpathes to attributes which are of type ID which define the elements to be signed (for each element to be signed a separate signature is created as a sibling of the element)
- schemaResourceUri defines a classpath to the XML schema, the XML schema is needed during the parsing to specify the ID attributes
and the verifier configuration has got one new parameter:
- schemaResourceUri defines a classpath to the XML schema, the XML schema is needed during the parsing to find the ID attributes
Because we allow several signatures within one XML document, the signatures can be nested. In order to produce the correct nested signatures, the signatures are created in a certain order; elements with deeper hierarchy level are signed first.