[xmlsec] Can't get XPath to work

Aleksey Sanin aleksey at aleksey.com
Wed Jun 5 09:16:26 PDT 2002

Your have a couple mistakes:
    1) xmlSecSignedInfoAddReference() *does not* create the Transforms node,
    it only creates the Reference node (look at the XMLDSig spec for 
    2) you do not need to add <XPath></XPath> to the string XPath 
    xmlsec will take care of it.

There are few ways to achieve you goal. I suspect the simplest one would 
be something
like this (all return values checks skipped):

    referenceNode = xmlSecSignedInfoAddReference(signedInfoNode,
    cur = xmlSecReferenceAddTransform(referenceNode, xmlSecTransformXPath);
    ret = xmlSecTransformXPathAdd(cur, "ancestor-or-self::Data1", NULL);


Hans-Juergen.Heinrich at de.gi-de.com wrote:

>Although there was already a recommendation on how to use
>XPath, I can't get it to work in xmlsec.
>I have the following XML-file:
><?xml version="1.0" encoding="UTF-8"?>
>    Hello, World!
>    <Info>
>          <!-- Commentary -->
>          <Data1> Some data </Data1>
>          <Data2> More data </Data2>
>     </Info>
>I create a reference node like this (assuming I only want to sign
>the <Data1> node and its contents):
>   referenceNode = xmlSecSignedInfoAddReference(signedInfoNode,
>                         "my-reference",
>                         "<XPath> ancestor-or-self::Data1 </XPath>",
>                         NULL);
>This corresponds to the recommendation in one of the mails in the list.
>However, I always end up with:
>warning: failed to load external entity "<XPath> ancestor-or-self::Data1
>Error: signature failed
>Any idea what's wrong?
>Help appreciated
>Dr. Hans-Jürgen Heinrich
>System engineer, 4TE3
>Giesecke & Devrient GmbH, Truderinger Straße 15, D-81607 München
>Phone:  +49 89 4119-2625, FAX:     +49 89 4119-1629
>mailto:hans-juergen.heinrich at de.gi-de.com
>xmlsec mailing list
>xmlsec at aleksey.com

More information about the xmlsec mailing list