[xmlsec] XPointer problem

Matthias Jung matthias.jung at xtradyne.com
Tue Mar 11 02:43:18 PST 2003


thanks a lot for for fixing this problem so fast. I agree that handling such
expressions now is a good solution and that using XPath expressions is
better for interoperability reasons. That's exactly the reason why I am
testing our software even using XPointers :-)

Let's continue this interop discussion when there are more DSig implementations 
capable of handling xpointer expressions. Xss4j, the only one I had a look at, does
not support this feature.

Now that this problem is fixed, I found another (last) problem within my test 
suite. Please have a look at the digest values of the two references in the
attached signature file, which should not be equal as the references point to different
elements. It seems that xpointer expressions containing child sequences are
handled wrong, or something with my expressions is faulty.

I have checked this behaviour using libxml's testXPath executable. The result is:

  testXPath.exe --input sig_xpointer_absolute_path_templ.xml --xptr /1/2
  Object is a Node Set :
  Set contains 1 nodes:
  1  ELEMENT soap-env:Body

(looks good)

  testXPath.exe --input sig_xpointer_absolute_path_templ.xml --xptr xpointer(/1/2)
  Object is a Node Set :
  Set contains 1 nodes:
  1   /

(looks like an empty document)

I have no clue if this is a problem is caused by me, by xmlsec, or libxml.

Thanks a lot for any suggestions,


Aleksey Sanin wrote:

> Matthias,
> The fix for this problem is trivial (see attached file). I've checked 
> it in
> both XMLSEC_0_0_X_BRANCH and the tip. However, it'll require
> a minor change on your side as well. You need to remove one "xpointer"
> as follows:
> <Reference
> URI="#xmlns(soap-env=http://schemas.xmlsoap.org/soap/envelope/)xpointer(/soap-env:Envelope/soap-env:Body)">
> I am absolutelly not sure that this will be interoperable with other 
> XML DSig
> toolkits but it seems logical to me. For example, compare the reference
> URI above with this one:
> <Reference URI="#xpointer(/Envelope/Body)">
> Another way to achieve the same goal is to use empty URI ("") and an
> XPath transform that will look similar to the XPointer expression you are
> using now. I doubt that there will be any visible performance penalty.
> And IMHO, XPath transform is better solution because of possible interop
> issues I mentioned above.
> Thanks for reporting this problem! And you are not bothering me at all :)
> Aleksey
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sig_xpointer_child_sequence_xmlsec.xml
Type: text/xml
Size: 2572 bytes
Desc: not available
Url : http://www.aleksey.com/pipermail/xmlsec/attachments/20030311/7d2f65a0/sig_xpointer_child_sequence_xmlsec.xml

More information about the xmlsec mailing list