I have been able to sign and verify my XML signature when using Apache Santuario, but now I want to only apply the signature to fields where the attribute authenticate="true"
For example:
<Document>
<DoNotSign></DoNotSign>
<DoSign authenticate="true"></DoSign>
<Something>
<SomethingElse authenticate="true"></SomethingElse>
</Someting>
</Document>
Can anyone help me understand how to achieve it?
I add the reference URI like so:
xmlSignature.addDocument("#xpointer(//*[@authenticate='true'])", transforms, Constants.ALGO_ID_DIGEST_SHA1);
And just get an exception:
Original Exception was org.apache.xml.security.utils.resolver.ResourceResolverException:
Could not find a resolver for URI #xpointer(//*[@authenticate='true'])
I have tried adding the following:
transforms.addTransform(Transforms.TRANSFORM_XPOINTER);
xmlSignature.getSignedInfo().addResourceResolver(new ResolverXPointer());
This returns me an exception when adding the XPOINTER transform.
The ResolverXPointer seems to have no effect.
TransformationException: Unknown transformation.
No handler installed for URI http://www.w3.org/TR/2001/WD-xptr-20010108
The complete method is below:
final var transforms = new Transforms(document);
transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS);
transforms.addTransform(Transforms.TRANSFORM_XPOINTER);
xmlSignature.addDocument("#xpointer(//*[@authenticate='true'])", transforms, Constants.ALGO_ID_DIGEST_SHA1);
xmlSignature.addKeyInfo(signingCertificate);
xmlSignature.sign(signingKey);
To solve this issue I created a custom ResourceResolverSPI and added it
ResourceResolver.register(new XPathResourceResolver(), true);
That solved the issue, the custom resolver just uses XPath to create a Set for signing.