I'm building an client for an API that has special requirements with regards to the XML messages that are excepted. Some of these requirements were not possible to configure with the current XMLSecurityProperties for the STAX interface.
The interface required that the document is schema valid and that means in this case that the elements are not allowed to have an "Id" attribute on the document, signature and key info elements.
The interface required that the Reference URI is empty when the entire message is signed.
The interface requires that when the transform "<Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />" is present, the digest transform is left empty to indicate the "default" transform.
I've implemented new XMLSecurityProperties to be able to configure these features. With defaults set to ensure current behaviour.
private boolean signatureGenerateIds = true;
private boolean signatureIncludeDigestTransform = true;
private String signatureDefaultCanonicalizationTransform;