[maven-release-plugin] copy for tag xmlsec-2.0.8
git-svn-id: https://svn.apache.org/repos/asf/santuario/xml-security-java/tags/xmlsec-2.0.8@1772195 13f79535-47bb-0310-9956-ffa450edef68
diff --git a/.settings/org.eclipse.jdt.core.prefs b/.settings/org.eclipse.jdt.core.prefs
index a698e59..8f8841e 100644
--- a/.settings/org.eclipse.jdt.core.prefs
+++ b/.settings/org.eclipse.jdt.core.prefs
@@ -1,12 +1,5 @@
+#Tue Jul 31 16:08:08 IST 2012
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
-org.eclipse.jdt.core.compiler.codegen.methodParameters=do not generate
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.8
-org.eclipse.jdt.core.compiler.codegen.unusedLocal=preserve
-org.eclipse.jdt.core.compiler.compliance=1.8
-org.eclipse.jdt.core.compiler.debug.lineNumber=generate
-org.eclipse.jdt.core.compiler.debug.localVariable=generate
-org.eclipse.jdt.core.compiler.debug.sourceFile=generate
-org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
-org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
-org.eclipse.jdt.core.compiler.source=1.8
+org.eclipse.jdt.core.compiler.source=1.6
+org.eclipse.jdt.core.compiler.compliance=1.6
diff --git a/etc/santuario-pmd-ruleset.xml b/etc/santuario-pmd-ruleset.xml
index 43553ee..595b859 100644
--- a/etc/santuario-pmd-ruleset.xml
+++ b/etc/santuario-pmd-ruleset.xml
@@ -26,7 +26,6 @@
<rule ref="rulesets/java/basic.xml">
<exclude name="AvoidUsingHardCodedIP" />
- <exclude name="SimplifiedTernary" />
</rule>
<rule ref="rulesets/java/unusedcode.xml"/>
<rule ref="rulesets/java/imports.xml"/>
diff --git a/pom.xml b/pom.xml
index 5dcf012..d29fa0e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -22,7 +22,7 @@
<artifactId>xmlsec</artifactId>
<packaging>bundle</packaging>
<name>Apache XML Security for Java</name>
- <version>2.1.0-SNAPSHOT</version>
+ <version>2.0.8</version>
<description>
Apache XML Security for Java supports XML-Signature Syntax and Processing,
W3C Recommendation 12 February 2002, and XML Encryption Syntax and
@@ -57,12 +57,12 @@
</licenses>
<scm>
<connection>
- scm:svn:http://svn.apache.org/repos/asf/santuario/xml-security-java/trunk/
+ scm:svn:http://svn.apache.org/repos/asf/santuario/xml-security-java/tags/xmlsec-2.0.8
</connection>
<developerConnection>
- scm:svn:https://svn.apache.org/repos/asf/santuario/xml-security-java/trunk/
+ scm:svn:https://svn.apache.org/repos/asf/santuario/xml-security-java/tags/xmlsec-2.0.8
</developerConnection>
- <url>http://svn.apache.org/repos/asf/santuario/xml-security-java/trunk/</url>
+ <url>http://svn.apache.org/repos/asf/santuario/xml-security-java/tags/xmlsec-2.0.8</url>
</scm>
<organization>
<name>The Apache Software Foundation</name>
@@ -111,7 +111,7 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-pmd-plugin</artifactId>
- <version>3.7</version>
+ <version>3.5</version>
<configuration>
<rulesets>
<ruleset>${basedir}/etc/santuario-pmd-ruleset.xml</ruleset>
@@ -166,7 +166,7 @@
<plugin>
<groupId>org.apache.felix</groupId>
<artifactId>maven-bundle-plugin</artifactId>
- <version>3.0.1</version>
+ <version>2.5.4</version>
<extensions>true</extensions>
<configuration>
<instructions>
@@ -198,7 +198,7 @@
<plugin>
<groupId>org.jvnet.jaxb2.maven2</groupId>
<artifactId>maven-jaxb2-plugin</artifactId>
- <version>0.13.1</version>
+ <version>0.12.3</version>
<executions>
<execution>
<id>bindings</id>
@@ -274,6 +274,54 @@
<artifactId>maven-javadoc-plugin</artifactId>
<version>2.10.3</version>
</plugin>
+ <plugin>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>animal-sniffer-maven-plugin</artifactId>
+ <version>1.14</version>
+ <configuration>
+ <signature>
+ <groupId>org.codehaus.mojo.signature</groupId>
+ <artifactId>java16</artifactId>
+ <version>1.0</version>
+ </signature>
+ </configuration>
+ <executions>
+ <execution>
+ <id>check-java-compatibility</id>
+ <phase>process-classes</phase>
+ <goals>
+ <goal>check</goal>
+ </goals>
+ </execution>
+ </executions>
+ </plugin>
+ <plugin>
+ <groupId>org.apache.maven.plugins</groupId>
+ <artifactId>maven-enforcer-plugin</artifactId>
+ <executions>
+ <execution>
+ <id>enforce-bytecode-version</id>
+ <goals>
+ <goal>enforce</goal>
+ </goals>
+ <configuration>
+ <rules>
+ <enforceBytecodeVersion>
+ <maxJdkVersion>${targetJdk}</maxJdkVersion>
+ </enforceBytecodeVersion>
+ </rules>
+ <fail>true</fail>
+ </configuration>
+ </execution>
+ </executions>
+ <dependencies>
+ <dependency>
+ <groupId>org.codehaus.mojo</groupId>
+ <artifactId>extra-enforcer-rules</artifactId>
+ <version>1.0-beta-3</version>
+ </dependency>
+ </dependencies>
+ </plugin>
</plugins>
@@ -423,7 +471,7 @@
<properties>
<xml.apis.version>1.4.01</xml.apis.version>
- <oldxmlsec.version>2.0.7</oldxmlsec.version>
+ <oldxmlsec.version>1.5.8</oldxmlsec.version>
<slf4j.version>1.7.21</slf4j.version>
<xalan.version>2.7.2</xalan.version>
<xerces.version>2.11.0</xerces.version>
@@ -433,10 +481,10 @@
<xmlunit.version>1.6</xmlunit.version>
<commons.codec.version>1.10</commons.codec.version>
<woodstox.core.asl.version>4.4.1</woodstox.core.asl.version>
- <jetty.version>9.3.9.v20160517</jetty.version>
+ <jetty.version>8.1.22.v20160922</jetty.version>
<xmlsec.jaxb.context.class />
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
- <targetJdk>1.8</targetJdk>
+ <targetJdk>1.6</targetJdk>
<clirr.version>2.7</clirr.version>
<!-- Allow Clirr severity to be overriden by the command-line option -DminSeverity=level -->
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/anonymousReferenceSignature.firstReference.txt b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/anonymousReferenceSignature.firstReference.txt
new file mode 100644
index 0000000..1147780
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/anonymousReferenceSignature.firstReference.txt
@@ -0,0 +1,3 @@
+<Anonymous xmlns="http://anonymous.com">
+ This XML file is referenced via an anonymous Reference in the XML signature.
+</Anonymous>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/manifestReference.firstReference.txt b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/manifestReference.firstReference.txt
new file mode 100644
index 0000000..4b63b6f
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/manifestReference.firstReference.txt
@@ -0,0 +1 @@
+<dsig:Manifest xmlns="http://iaik.at#Envelope" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="manifest"><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>KQuoZseibY3bIurUFbyYhLCm9nY=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="../samples/sampleXMLData.xml"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></dsig:DigestMethod><dsig:DigestValue>oUqpQ+ekAvoeCRjlMc1EXzrFJJA=</dsig:DigestValue></dsig:Reference></dsig:Manifest>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/manifestReference.manifest.firstReference.txt b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/manifestReference.manifest.firstReference.txt
new file mode 100644
index 0000000..da8a841
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/manifestReference.manifest.firstReference.txt
@@ -0,0 +1,5 @@
+<Envelope xmlns="http://iaik.at#Envelope">
+ <DataItem Id="DataItem">
+ Some Data from IAIK
+ </DataItem>
+</Envelope>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/manifestReference.manifest.secondReference.txt b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/manifestReference.manifest.secondReference.txt
new file mode 100644
index 0000000..c45f0c5
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/manifestReference.manifest.secondReference.txt
@@ -0,0 +1,3 @@
+<Sample xmlns="http://iaik.at#Sample"><DataItem Id="DataItem">
+ Some Data from IAIK
+ </DataItem></Sample>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.fifthReference.txt b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.fifthReference.txt
new file mode 100644
index 0000000..e0545fd
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.fifthReference.txt
@@ -0,0 +1 @@
+<dsig:Object xmlns="http://iaik.at#Envelope" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="objectId">A text from IAIK</dsig:Object>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.fourthReference.txt b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.fourthReference.txt
new file mode 100644
index 0000000..7ed4c72
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.fourthReference.txt
@@ -0,0 +1,3 @@
+<DataItem xmlns="http://iaik.at#Sample" Id="DataItem">
+ Some Data from IAIK
+ </DataItem>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.seventhReference.txt b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.seventhReference.txt
new file mode 100644
index 0000000..da8a841
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.seventhReference.txt
@@ -0,0 +1,5 @@
+<Envelope xmlns="http://iaik.at#Envelope">
+ <DataItem Id="DataItem">
+ Some Data from IAIK
+ </DataItem>
+</Envelope>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.sixthReference.txt b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.sixthReference.txt
new file mode 100644
index 0000000..e0545fd
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.sixthReference.txt
@@ -0,0 +1 @@
+<dsig:Object xmlns="http://iaik.at#Envelope" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="objectId">A text from IAIK</dsig:Object>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.thirdReference.txt b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.thirdReference.txt
new file mode 100644
index 0000000..230aff6
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/digestInputs/signatureTypesSignature.thirdReference.txt
@@ -0,0 +1,3 @@
+<DataItem xmlns="http://iaik.at#Envelope" Id="DataItem">
+ Some Data from IAIK
+ </DataItem>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/samples/anonymousReferenceContent.xml b/samples/data/at/iaik/ixsil/coreFeatures/samples/anonymousReferenceContent.xml
new file mode 100644
index 0000000..707f2af
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/samples/anonymousReferenceContent.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<Anonymous xmlns="http://anonymous.com">
+ This XML file is referenced via an anonymous Reference in the XML signature.
+</Anonymous>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/samples/sampleTextData.txt b/samples/data/at/iaik/ixsil/coreFeatures/samples/sampleTextData.txt
new file mode 100644
index 0000000..f0074fe
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/samples/sampleTextData.txt
@@ -0,0 +1 @@
+Some text from IAIK in a file.
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/samples/sampleXMLData.xml b/samples/data/at/iaik/ixsil/coreFeatures/samples/sampleXMLData.xml
new file mode 100644
index 0000000..a109ddb
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/samples/sampleXMLData.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<!DOCTYPE Sample
+ [
+ <!ELEMENT Sample (DataItem) >
+ <!ELEMENT DataItem (#PCDATA) >
+ <!ATTLIST DataItem Id ID #IMPLIED>
+ ]
+>
+
+<Sample xmlns="http://iaik.at#Sample">
+ <DataItem Id="DataItem">
+ Some Data from IAIK
+ </DataItem>
+</Sample>
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/signatures/anonymousReferenceSignature.xml b/samples/data/at/iaik/ixsil/coreFeatures/signatures/anonymousReferenceSignature.xml
new file mode 100644
index 0000000..394d636
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/signatures/anonymousReferenceSignature.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>7Hfp3yTdKKBv0d7M0ozNxCu7V98=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>mU+8/j7vFJGXG6Xw/VgVRIcRQNl5LtoHV6lHNPqrHXF6SZNQxze6lXvIv/MINnAk
+oZvVWz4sMYoddP6wXaeQJwDPjzO1EQNe2Un73J/njmzZDfIJqSah1SG+zSteMR6m
+J68nKznbRTdxnOknBo+rZirXiAsPgudRR6NUyXn+D8A=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>sDa5yzUv4IJmBY60GZCnkQSAhpG7tgxepi6sj3DlCzxjTtO5MNrjI9sK3WhimpNi
+NDmagzNEjxP3+x1huxL19GoIxZgr5O7E/F2IInSASVZTQsvWZlNauhRs0KZAszIS
+FchvrihILLoUf4tzaOSe6jgMEq6IkO0dWVpcFpAjXTc=</dsig:Modulus><dsig:Exponent>Aw==</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Signature>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/signatures/manifestSignature.xml b/samples/data/at/iaik/ixsil/coreFeatures/signatures/manifestSignature.xml
new file mode 100644
index 0000000..b16ae11
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/signatures/manifestSignature.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE Envelope [
+ <!ATTLIST DataItem Id ID #IMPLIED>
+ ]>
+<Envelope xmlns="http://iaik.at#Envelope">
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>1kF5aUeRTi9Jul2Qz3DmbZ0Od7I=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>M2bF8w1IQvdEedQ6SB9w8zaWc+KDNigoysBviNpifB6htymPhoW+1NBboygfkmAy
+8GSsOhmQ7gbpHoljjm2QPmZmo8BIt7ZGy7izhww1WZiIQxmqczIEaiPeBcsgsxDW
+SfOh7Ev9YXFfLF4UxJ59dfTR3ZTb9CVzGf6CSG4xXJk=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>sDa5yzUv4IJmBY60GZCnkQSAhpG7tgxepi6sj3DlCzxjTtO5MNrjI9sK3WhimpNi
+NDmagzNEjxP3+x1huxL19GoIxZgr5O7E/F2IInSASVZTQsvWZlNauhRs0KZAszIS
+FchvrihILLoUf4tzaOSe6jgMEq6IkO0dWVpcFpAjXTc=</dsig:Modulus><dsig:Exponent>Aw==</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo><dsig:Object><dsig:Manifest Id="manifest"><dsig:Reference URI="../samples/sampleXMLData.xml"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>UXcq2OOH+aMla4fb5UOnYuaY9uQ=</dsig:DigestValue></dsig:Reference></dsig:Manifest></dsig:Object></dsig:Signature><DataItem Id="DataItem">
+ Some Data from IAIK
+ </DataItem>
+</Envelope>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/coreFeatures/signatures/signatureTypesSignature.xml b/samples/data/at/iaik/ixsil/coreFeatures/signatures/signatureTypesSignature.xml
new file mode 100644
index 0000000..8dd15a5
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/coreFeatures/signatures/signatureTypesSignature.xml
@@ -0,0 +1,13 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE Envelope [
+ <!ATTLIST DataItem Id ID #IMPLIED>
+ ]>
+<Envelope xmlns="http://iaik.at#Envelope">
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="http://www.w3.org/TR/2000/REC-xml-20001006"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>N2sjZsKr2W1kw6UP7mcWwrz7T5I=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="../samples/sampleTextData.txt"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>VyGBEakUjlOuKT4WBI+tDm0tYe0=</dsig:DigestValue></dsig:Reference><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath xmlns:iaik="http://iaik.at#Envelope">ancestor-or-self::iaik:DataItem</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>9yMFLtkwiTVLvQaCOzE6+o4HrQE=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="../samples/sampleXMLData.xml"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath xmlns:iaik="http://iaik.at#Sample">ancestor-or-self::iaik:DataItem</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>RdeNc+MfZeY8uqSLq8AtQ6DBygs=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#objectId"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>3x8tHtIyVobZMQ7ZoBIHyiFU7Fk=</dsig:DigestValue></dsig:Reference><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">ancestor-or-self::dsig:Object</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>3x8tHtIyVobZMQ7ZoBIHyiFU7Fk=</dsig:DigestValue></dsig:Reference><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>KQuoZseibY3bIurUFbyYhLCm9nY=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>gCAp0wt+ZIG3+GmZA7KKXfCA5d5Qbi7GY5BhMpxVA2BxmVe9M4vmC2h+hcBzCRmH
+wjAuaIkPYxPCaiD/SSa4i27ufMNJbbxMi8AGWPRRtgfOG+/KQZrrvUQtpnxS3c16
+81ClcivlTA1wKVM7xKJOn8li/8IldJNm1ZgN8JQS8sk=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>sDa5yzUv4IJmBY60GZCnkQSAhpG7tgxepi6sj3DlCzxjTtO5MNrjI9sK3WhimpNi
+NDmagzNEjxP3+x1huxL19GoIxZgr5O7E/F2IInSASVZTQsvWZlNauhRs0KZAszIS
+FchvrihILLoUf4tzaOSe6jgMEq6IkO0dWVpcFpAjXTc=</dsig:Modulus><dsig:Exponent>Aw==</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo><dsig:Object Id="objectId">A text from IAIK</dsig:Object></dsig:Signature><DataItem Id="DataItem">
+ Some Data from IAIK
+ </DataItem>
+</Envelope>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/readme.txt b/samples/data/at/iaik/ixsil/readme.txt
new file mode 100644
index 0000000..dc4fea5
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/readme.txt
@@ -0,0 +1,201 @@
+**************************************************************
+This file contains a description of sample sigantures produced
+with the IAIK Signature Library (IXSIL).
+
+Author: Gregor Karlinger
+Date: 15. 11. 2001
+IXSIL Build: 1010
+**************************************************************
+
+signatureAlgorithms/dSASignature.xml
+------------------------------------
+
+ Simple signature using DSA as signature algorithm.
+ DSA public key is encoded as KeyValue.
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/dSASignature.firstReference.txt".
+
+signatureAlgorithms/rSASignature.xml
+------------------------------------
+
+ Simple signature using RSA as signature algorithm.
+ RSA public key is encoded as KeyValue.
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/rSASignature.firstReference.txt".
+
+signatureAlgorithms/hMACSignature.xml
+-------------------------------------
+
+ Simple signature using HMAC as authentication algorithm.
+ The secret key is "secret".getBytes("ASCII").
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/hMACSignature.firstReference.txt".
+
+signatureAlgorithms/hMACShortSignature.xml
+------------------------------------------
+
+ Simple signature using HMAC as authentication algorithm.
+ HMAC output length is limited to 40 bits.
+ The secret key is "secret".getBytes("ASCII").
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/hMACShortSignature.firstReference.txt".
+
+coreFeatures/signatureTypesSignature.xml
+----------------------------------------
+
+ Signature containing several References to demonstrate
+ IXSIL's ability to work with enveloping, enveloped and
+ detached signatures.
+
+ * The first Reference refers to an external source
+ (http) - detached signature.
+
+ * The second Reference refers to an external source
+ (file system) - detached signature. The external file
+ is "../samples/sampleTextData.txt"
+
+ * The third Reference refers to XML data that is a
+ sibling of the XML Signature, but within the same
+ document - detached signature
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/signatureTypesSignature.thirdReference.txt".
+
+ * The fourth Reference refers to an external XML file
+ and uses an XPath transform to select parts of the
+ document for signing - detached signature. The external
+ file is "../samples/sampleXMLData.xml"
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/signatureTypesSignature.fourthReference.txt".
+
+ * The fifth Reference refers to data in an Object of the
+ signature via an ID reference - enveloping signature.
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/signatureTypesSignature.fifthReference.txt".
+
+ * The sixth Reference refers to data in an Object of the
+ signature via an empty URI (URI="") and using an XPath
+ transform to select the data for signing - enveloping
+ signature.
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/signatureTypesSignature.sixthReference.txt".
+
+ * The seventh Reference refers to the signature document
+ itself (URI="") and uses an enveloped signature
+ transform - enveloped signature
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/signatureTypesSignature.seventhReference.txt".
+
+coreFeatures/manifestSignature.xml
+----------------------------------
+
+ Signature containing a Reference to a Manifest element that
+ is stored in an Object container within the Signature.
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/manifestSignature.firstReference.txt".
+
+ * The first Reference in the Manifest refers to the whole
+ signature document and uses an enveloped signature trans-
+ form to cut out the Signature element.
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/manifestSignature.manifest.firstReference.txt".
+
+ * The second Reference in the Manifest refers an external
+ resource (file system). The external file is
+ "../samples/sampleXMLData.xml".
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/manifestSignature.manifest.secondReference.txt".
+
+coreFeatures/anonymousReferenceSignature.xml
+--------------------------------------------
+
+ Signature containing an anonymous Reference, i.e. the URI
+ attribute of the Reference is missing. In such a case, the
+ application must provide the hint where to find the corres-
+ ponding data. In this case, the data can be found in file
+ "../samples/anonymousReferenceContent.xml".
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/anonymousReferenceSignature.firstReference.txt".
+
+transforms/base64DecodeSignature.xml
+------------------------------------
+
+ Signature containing a Reference to a base64 encoded file.
+ The Reference contains a Base64 transform, i.e. the file
+ will be decoded prior to digest computation. The encoded
+ file is "../samples/sampleBase64EncodedData.txt".
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/base64Signature.firstReference.txt".
+
+transforms/c14nSignature.xml
+----------------------------
+
+ Signature containing two References to an XML file. The
+ XML file is "../samples/sampleXMLData.xml".
+
+ * The first Reference contains a canonical XML transform,
+ that is, comments in the XML file will be removed at
+ transformation.
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/c14nSignature.firstReference.txt".
+
+ * The second Reference contains a canonical XML transform
+ with comments, that is, comments in the XML file will be
+ preserved at transformation.
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/c14nSignature.secondReference.txt".
+
+transforms/envelopedSignatureSignature.xml
+------------------------------------------
+
+ Signature containing a single Reference to the signature
+ file itself (URI=""). The Reference contains an enveloped
+ signature transform to cut out the Signature structure
+ from the XML.
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/envelopedSignatureSignature.firstReference.txt".
+
+transforms/xPathSignature.xml
+-----------------------------
+
+ Signature containing three internal References to demonstrate
+ document subset selection.
+
+ * The first Reference contains a reference-only URI ("#objectId").
+ This means that the XML element with its ID attribute set to the
+ value "objectId" is selected; comments will be suppressed.
+ Finally a canonical XML transfrom will be performed prior to
+ digest computation.
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/xPathSignature.firstReference.txt".
+
+ * The second Reference also contains a reference-only URI
+ ("#xpointer(id('objectId'))"). This also means that the XML
+ element with its ID attribute set to the value "objectId"
+ is selected; but contrary to the first Reference, this time
+ comments are preserved. Finally a canonical XML transfrom
+ (preserving comments option chosen) will be performed prior to
+ digest computation.
+
+ The input used for the digest computation can be found in file
+ "../digestInputs/xPathSignature.secondReference.txt".
+
+
+
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/signatureAlgorithms/digestInputs/dSASignature.firstReference.txt b/samples/data/at/iaik/ixsil/signatureAlgorithms/digestInputs/dSASignature.firstReference.txt
new file mode 100644
index 0000000..5089f32
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/signatureAlgorithms/digestInputs/dSASignature.firstReference.txt
@@ -0,0 +1 @@
+<dsig:Object xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="object">Some text from IAIK</dsig:Object>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/signatureAlgorithms/digestInputs/hMACShortSignature.firstReference.txt b/samples/data/at/iaik/ixsil/signatureAlgorithms/digestInputs/hMACShortSignature.firstReference.txt
new file mode 100644
index 0000000..5089f32
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/signatureAlgorithms/digestInputs/hMACShortSignature.firstReference.txt
@@ -0,0 +1 @@
+<dsig:Object xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="object">Some text from IAIK</dsig:Object>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/signatureAlgorithms/digestInputs/hMACSignature.firstReference.txt b/samples/data/at/iaik/ixsil/signatureAlgorithms/digestInputs/hMACSignature.firstReference.txt
new file mode 100644
index 0000000..5089f32
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/signatureAlgorithms/digestInputs/hMACSignature.firstReference.txt
@@ -0,0 +1 @@
+<dsig:Object xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="object">Some text from IAIK</dsig:Object>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/signatureAlgorithms/digestInputs/rSASignature.firstReference.txt b/samples/data/at/iaik/ixsil/signatureAlgorithms/digestInputs/rSASignature.firstReference.txt
new file mode 100644
index 0000000..5089f32
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/signatureAlgorithms/digestInputs/rSASignature.firstReference.txt
@@ -0,0 +1 @@
+<dsig:Object xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="object">Some text from IAIK</dsig:Object>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/signatureAlgorithms/signatures/dSASignature.xml b/samples/data/at/iaik/ixsil/signatureAlgorithms/signatures/dSASignature.xml
new file mode 100644
index 0000000..9e554c9
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/signatureAlgorithms/signatures/dSASignature.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/><dsig:Reference URI="#object"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>3RGQeH5eHK+jJ2GxGYPhwnzbBBc=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>WrfXueeZRTbdpxe3Sam+YDQWvxzragcMRH0SdiL+1zFCPQXn3NdaEA==</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:DSAKeyValue><dsig:P>gn3UnKIFaYTpg3GxNA1dcYOShbJayqOC16w4bpRAhD8KRnqodajByjtwumqXBxL2
+sZntPuxTE/OUCme71p84cilhqwI9F6EzPFIjXZ+30Q6V46Ve+bBPx8kgxXLaesPV
+DyQNu45U2p67cCERxTWC5TWFLp9ZOXmzMlDIhoOWGRc=</dsig:P><dsig:Q>+lB52vo/OrHoCm31vRbyJNj41xs=</dsig:Q><dsig:G>T731LjME8FHBfKVck4G1wX1MIFB2hTRQz9n8crLhsrFvoBBIuP8X56kK4eAYBT40
+2dVh33FMyNySsVG132ZZcGteV8MZotZYO30y0unh8WY+qqxGDc1OZ3A29/m+Cy4W
+oF1pXVuBE6kDyzhjVhq9NkpdbBVmF/oQoyCZ4dI0dxM=</dsig:G><dsig:Y>MBVHib7T0JW8iPaZT++R/2zuoc5SbalCbTHjJDMLe/GWMKzGS8s+FEJldQmZC1R+
+r6jIfAY+wjl3k+UTxRTCjqtM34wEBNvvgVHt95AOgBy/Mam9XKqx/dYLlK0jCk7T
+o/rfWtjhG2BbsJdI6r+68SM0OEBqL5bbYRxRGeWj/P0=</dsig:Y></dsig:DSAKeyValue></dsig:KeyValue></dsig:KeyInfo><dsig:Object Id="object">Some text from IAIK</dsig:Object></dsig:Signature>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/signatureAlgorithms/signatures/hMACShortSignature.xml b/samples/data/at/iaik/ixsil/signatureAlgorithms/signatures/hMACShortSignature.xml
new file mode 100644
index 0000000..b1e0ba4
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/signatureAlgorithms/signatures/hMACShortSignature.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"><dsig:HMACOutputLength>40</dsig:HMACOutputLength></dsig:SignatureMethod><dsig:Reference URI="#object"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>3RGQeH5eHK+jJ2GxGYPhwnzbBBc=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>Cx+HU+8=</dsig:SignatureValue><dsig:Object Id="object">Some text from IAIK</dsig:Object></dsig:Signature>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/signatureAlgorithms/signatures/hMACSignature.xml b/samples/data/at/iaik/ixsil/signatureAlgorithms/signatures/hMACSignature.xml
new file mode 100644
index 0000000..89f6bfc
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/signatureAlgorithms/signatures/hMACSignature.xml
@@ -0,0 +1,2 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"><dsig:HMACOutputLength>160</dsig:HMACOutputLength></dsig:SignatureMethod><dsig:Reference URI="#object"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>3RGQeH5eHK+jJ2GxGYPhwnzbBBc=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>r7UpaFBMK5q7i0H3toGvAeFJLs0=</dsig:SignatureValue><dsig:Object Id="object">Some text from IAIK</dsig:Object></dsig:Signature>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/signatureAlgorithms/signatures/rSASignature.xml b/samples/data/at/iaik/ixsil/signatureAlgorithms/signatures/rSASignature.xml
new file mode 100644
index 0000000..28c384a
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/signatureAlgorithms/signatures/rSASignature.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="#object"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>3RGQeH5eHK+jJ2GxGYPhwnzbBBc=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>JbrOi+nMW2K3YyckOpGrmm3UaEfWALq1tuN5WJO018g+Rwteu5wt+Veni3xjZTw8
+755M8vGm7QSxnKTMnTHpH+fgMFPXpP3AcnB8CQgu31GV4L+hpslcqnOeMSQj/Wbd
+BX8TfB1Mcl8eP9P9SgomDRSB+gWTaDnsHL6qdK8lUmE=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>sDa5yzUv4IJmBY60GZCnkQSAhpG7tgxepi6sj3DlCzxjTtO5MNrjI9sK3WhimpNi
+NDmagzNEjxP3+x1huxL19GoIxZgr5O7E/F2IInSASVZTQsvWZlNauhRs0KZAszIS
+FchvrihILLoUf4tzaOSe6jgMEq6IkO0dWVpcFpAjXTc=</dsig:Modulus><dsig:Exponent>Aw==</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo><dsig:Object Id="object">Some text from IAIK</dsig:Object></dsig:Signature>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/digestInputs/base64Signature.firstReference.txt b/samples/data/at/iaik/ixsil/transforms/digestInputs/base64Signature.firstReference.txt
new file mode 100644
index 0000000..196c4d4
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/digestInputs/base64Signature.firstReference.txt
@@ -0,0 +1,341 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<html>
+<head>
+<title>Associating Style Sheets with XML documents</title>
+<link rel="stylesheet" type="text/css" href="http://www.w3.org/StyleSheets/TR/W3C-REC">
+<style type="text/css">code { font-family: monospace }</style>
+</head>
+<body>
+<div class="head">
+<a href="http://www.w3.org/"><img src="http://www.w3.org/Icons/WWW/w3c_home" alt="W3C" height="48" width="72"></a>
+<h1>Associating Style Sheets with XML documents<br>Version 1.0</h1>
+<h2>W3C Recommendation 29 June 1999</h2>
+<dl>
+<dt>This version:</dt>
+<dd>
+<a href="http://www.w3.org/1999/06/REC-xml-stylesheet-19990629">http://www.w3.org/1999/06/REC-xml-stylesheet-19990629</a>
+<br>
+</dd>
+<dt>Latest version:</dt>
+<dd>
+<a href="http://www.w3.org/TR/xml-stylesheet">http://www.w3.org/TR/xml-stylesheet</a>
+<br>
+</dd>
+<dt>Previous version:</dt>
+<dd>
+<a href="http://www.w3.org/TR/1999/xml-stylesheet-19990428">http://www.w3.org/TR/1999/xml-stylesheet-19990428</a>
+<br>
+</dd>
+<dt>Editor:</dt>
+<dd>
+
+James Clark
+<a href="mailto:jjc@jclark.com"><jjc@jclark.com></a>
+<br>
+</dd>
+</dl>
+<p class="copyright">
+<a href="http://www.w3.org/Consortium/Legal/ipr-notice.html#Copyright">
+ Copyright</a> © 1999 <a href="http://www.w3.org">W3C</a>
+ (<a href="http://www.lcs.mit.edu">MIT</a>,
+ <a href="http://www.inria.fr/">INRIA</a>,
+ <a href="http://www.keio.ac.jp/">Keio</a> ), All Rights Reserved. W3C
+ <a href="http://www.w3.org/Consortium/Legal/ipr-notice.html#Legal Disclaimer">liability,</a><a href="http://www.w3.org/Consortium/Legal/ipr-notice.html#W3C Trademarks">trademark</a>,
+ <a href="http://www.w3.org/Consortium/Legal/copyright-documents.html">document use </a>and
+ <a href="http://www.w3.org/Consortium/Legal/copyright-software.html">software licensing </a>rules apply.
+ </p>
+<hr title="Separator for header">
+</div>
+<h2>
+<a name="abstract">Abstract</a>
+</h2>
+
+<p>This document allows a style sheet to be associated with an XML
+document by including one or more processing instructions with a
+target of <code>xml-stylesheet</code> in the document's prolog.</p>
+
+<h2>
+<a name="status">Status of this document</a>
+</h2>
+
+<p>This document has been reviewed by W3C Members and other interested
+parties and has been endorsed by the Director as a W3C <a href="http://www.w3.org/Consortium/Process/#RecsW3C">Recommendation</a>. It
+is a stable document and may be used as reference material or cited as
+a normative reference from other documents. W3C's role in making the
+Recommendation is to draw attention to the specification and to
+promote its widespread deployment. This enhances the functionality and
+interoperability of the Web.</p>
+
+<p>The list of known errors in this specifications is available at
+<a href="http://www.w3.org/1999/06/REC-xml-stylesheet-19990629/errata">http://www.w3.org/TR/1999/xml-stylesheet-19990629/errata</a>.</p>
+
+<p>Comments on this specification may be sent to <<a href="mailto:www-xml-stylesheet-comments@w3.org">www-xml-stylesheet-comments@w3.org</a>>. The archive of public
+comments is available at <a href="http://www.w3.org/Archives/Public/www-xml-stylesheet-comments">http://w3.org/Archives/Public/www-xml-stylesheet-comments</a>.</p>
+
+<p>A list of current W3C Recommendations and other technical documents
+can be found at <a href="http://www.w3.org/TR">http://www.w3.org/TR</a>.</p>
+
+<p>The Working Group expects additional mechanisms for linking style
+sheets to XML document to be defined in a future specification.</p>
+
+<p>The use of XML processing instructions in this specification should
+not be taken as a precedent. The W3C does not anticipate recommending
+the use of processing instructions in any future specification. The
+<a href="#rationale">Rationale</a> explains why they were used in
+this specification.</p>
+
+<p>This document was produced as part of the <a href="http://www.w3.org/XML/Activity">W3C XML Activity</a>.</p>
+
+
+<h2>
+<a name="contents">Table of contents</a>
+</h2>1 <a href="#The xml-stylesheet processing instruction">The xml-stylesheet processing instruction</a>
+<br>
+<h3>Appendices</h3>A <a href="#References">References</a>
+<br>B <a href="#rationale">Rationale</a>
+<br>
+<hr>
+
+<h2>
+<a name="The xml-stylesheet processing instruction"></a>1 The <code>xml-stylesheet</code> processing instruction</h2>
+
+<p>Style Sheets can be associated with an XML<a href="#XML">[XML10]</a>
+document by using a processing instruction whose target is
+<code>xml-stylesheet</code>. This processing instruction follows the
+behaviour of the HTML 4.0 <code><LINK
+REL="stylesheet"></code><a href="#HTML">[HTML40]</a>.</p>
+
+<p>The <code>xml-stylesheet</code> processing instruction is parsed in
+the same way as a start-tag, with the exception that entities other
+than predefined entities must not be referenced.</p>
+
+<p>The following grammar is given using the same notation as the
+grammar in the XML Recommendation<a href="#XML">[XML10]</a>. Symbols in the
+grammar that are not defined here are defined in the XML
+Recommendation.</p>
+
+<h5>xml-stylesheet processing instruction</h5>
+<table class="scrap">
+<tbody>
+<tr valign="baseline">
+<td>
+<a name="NT-StyleSheetPI"></a>[1] </td>
+<td>StyleSheetPI</td>
+<td> ::= </td>
+<td>'<?xml-stylesheet' (<a href="http://www.w3.org/TR/REC-xml#NT-S">S</a> <a href="#NT-PseudoAtt">PseudoAtt</a>)* <a href="http://www.w3.org/TR/REC-xml#NT-S">S</a>? '?>'</td>
+<td>
+</td>
+</tr>
+<tr valign="baseline">
+<td>
+<a name="NT-PseudoAtt"></a>[2] </td>
+<td>PseudoAtt</td>
+<td> ::= </td>
+<td>
+<a href="http://www.w3.org/TR/REC-xml#NT-Name">Name</a> <a href="http://www.w3.org/TR/REC-xml#NT-S">S</a>? '=' <a href="http://www.w3.org/TR/REC-xml#NT-S">S</a>? <a href="#NT-PseudoAttValue">PseudoAttValue</a>
+</td>
+<td>
+</td>
+</tr>
+<tr valign="baseline">
+<td>
+<a name="NT-PseudoAttValue"></a>[3] </td>
+<td>PseudoAttValue</td>
+<td> ::= </td>
+<td>('"' ([^"<&] | <a href="http://www.w3.org/TR/REC-xml#NT-CharRef">CharRef</a> | <a href="#NT-PredefEntityRef">PredefEntityRef</a>)* '"'</td>
+<td>
+</td>
+</tr>
+<tr valign="baseline">
+<td>
+</td>
+<td>
+</td>
+<td>
+</td>
+<td>| "'" ([^'<&] | <a href="http://www.w3.org/TR/REC-xml#NT-CharRef">CharRef</a> | <a href="#NT-PredefEntityRef">PredefEntityRef</a>)* "'")</td>
+<td>
+</td>
+</tr>
+<tr valign="baseline">
+<td>
+</td>
+<td>
+</td>
+<td>
+</td>
+<td>- (<a href="http://www.w3.org/TR/REC-xml#NT-Char">Char</a>* '?>' <a href="http://www.w3.org/TR/REC-xml#NT-Char">Char</a>*)</td>
+<td>
+</td>
+</tr>
+<tr valign="baseline">
+<td>
+<a name="NT-PredefEntityRef"></a>[4] </td>
+<td>PredefEntityRef</td>
+<td> ::= </td>
+<td>'&amp;' | '&lt;' | '&gt;' | '&quot;' | '&apos;'</td>
+<td>
+</td>
+</tr>
+</tbody>
+</table>
+
+<p>In <a href="#NT-PseudoAttValue">PseudoAttValue</a>, a <a href="http://www.w3.org/TR/REC-xml#NT-CharRef">CharRef</a> or a <a href="#NT-PredefEntityRef">PredefEntityRef</a> is interpreted in the
+same manner as in a normal XML attribute value. The actual value of
+the pseudo-attribute is the value after each reference is replaced by
+the character it references. This replacement is not performed
+automatically by an XML processor.</p>
+
+<p>The <code>xml-stylesheet</code> processing instruction is allowed
+only in the prolog of an XML document. The syntax of XML constrains
+where processing instructions are allowed in the prolog; the
+<code>xml-stylesheet</code> processing instruction is allowed anywhere
+in the prolog that meets these constraints.</p>
+
+<blockquote>
+<b>NOTE: </b>If the <code>xml-stylesheet</code> processing instruction
+occurs in the external DTD subset or in a parameter entity, it is
+possible that it may not be processed by a non-validating XML
+processor (see <a href="#XML">[XML10]</a>).</blockquote>
+
+<p>The following pseudo attributes are defined</p>
+
+<pre>href CDATA #REQUIRED
+type CDATA #REQUIRED
+title CDATA #IMPLIED
+media CDATA #IMPLIED
+charset CDATA #IMPLIED
+alternate (yes|no) "no"</pre>
+
+<p>The semantics of the pseudo-attributes are exactly as with
+<code><LINK REL="stylesheet"></code> in HTML 4.0, with the
+exception of the <code>alternate</code> pseudo-attribute. If
+<code>alternate="yes"</code> is specified, then the processing
+instruction has the semantics of <code><LINK REL="alternate
+stylesheet"></code> instead of <code><LINK
+REL="stylesheet"></code>.</p>
+
+<blockquote>
+<b>NOTE: </b>Since the value of the <code>href</code> attribute is a URI
+reference, it may be a relative URI and it may contain a fragment
+identifier. In particular the URI reference may contain only a
+fragment identifier. Such a URI reference is a reference to a part of
+the document containing the <code>xml-stylesheet</code> processing
+instruction (see <a href="#RFC2396">[RFC2396]</a>). The consequence is that the
+<code>xml-stylesheet</code> processing instruction allows style sheets
+to be embedded in the same document as the <code>xml-stylesheet</code>
+processing instruction.</blockquote>
+
+<p>In some cases, style sheets may be linked with an XML document by
+means external to the document. For example, earlier versions of HTTP
+<a href="#RFC2068">[RFC2068]</a> (section 19.6.2.4) allowed style sheets to be
+associated with XML documents by means of the <code>Link</code>
+header. Any links to style sheets that are specified externally to the
+document are considered to occur before the links specified by the
+<code>xml-stylesheet</code> processing instructions. This is the same
+as in HTML 4.0 (see <a href="http://www.w3.org/TR/REC-html40/present/styles.html#h-14.6">section
+14.6</a>).</p>
+
+<p>Here are some examples from HTML 4.0 with the corresponding
+processing instruction:</p>
+
+<pre><LINK href="mystyle.css" rel="style sheet" type="text/css">
+<?xml-stylesheet href="mystyle.css" type="text/css"?>
+
+<LINK href="mystyle.css" title="Compact" rel="stylesheet"
+type="text/css">
+<?xml-stylesheet href="mystyle.css" title="Compact" type="text/css"?>
+
+<LINK href="mystyle.css" title="Medium" rel="alternate stylesheet"
+type="text/css">
+<?xml-stylesheet alternate="yes" href="mystyle.css" title="Medium"
+type="text/css"?></pre>
+
+<p>Multiple <code>xml-stylesheet</code> processing instructions are
+also allowed with exactly the same semantics as with <code>LINK
+REL="stylesheet"</code>. For example,</p>
+
+<pre><LINK rel="alternate stylesheet" title="compact" href="small-base.css"
+type="text/css">
+<LINK rel="alternate stylesheet" title="compact" href="small-extras.css"
+type="text/css">
+<LINK rel="alternate stylesheet" title="big print" href="bigprint.css"
+type="text/css">
+<LINK rel="stylesheet" href="common.css" type="text/css"></pre>
+
+<p>would be equivalent to:</p>
+
+<pre><?xml-stylesheet alternate="yes" title="compact" href="small-base.css"
+type="text/css"?>
+<?xml-stylesheet alternate="yes" title="compact" href="small-extras.css"
+type="text/css"?>
+<?xml-stylesheet alternate="yes" title="big print" href="bigprint.css"
+type="text/css"?>
+<?xml-stylesheet href="common.css" type="text/css"?></pre>
+
+
+
+<hr title="Separator from footer">
+
+<h2>
+<a name="References"></a>A References</h2>
+
+<dl>
+
+<dt>
+<a name="HTML">HTML40</a>
+</dt>
+<dd>World Wide Web
+Consortium. <i>HTML 4.0 Specification.</i> W3C Recommendation. See
+<a href="http://www.w3.org/TR/REC-html40">http://www.w3.org/TR/REC-html40</a>
+</dd>
+
+<dt>
+<a name="RFC2068">RFC2068</a>
+</dt>
+<dd>R. Fielding, J. Gettys, J. Mogul,
+H. Frystyk Nielsen, and T. Berners-Lee. <i>Hypertext Transfer
+Protocol -- HTTP/1.1.</i>. IETF RFC 2068. See <a href="http://www.ietf.org/rfc/rfc2068.txt">http://www.ietf.org/rfc/rfc2068.txt</a>.</dd>
+
+<dt>
+<a name="RFC2396">RFC2396</a>
+</dt>
+<dd>T. Berners-Lee, R. Fielding, and
+L. Masinter. <i>Uniform Resource Identifiers (URI): Generic
+Syntax</i>. IETF RFC 2396. See <a href="http://www.ietf.org/rfc/rfc2396.txt">http://www.ietf.org/rfc/rfc2396.txt</a>.</dd>
+
+<dt>
+<a name="XML">XML10</a>
+</dt>
+<dd>World Wide Web Consortium. <i>Extensible
+Markup Language (XML) 1.0.</i> W3C Recommendation. See <a href="http://www.w3.org/TR/1998/REC-xml-19980210">http://www.w3.org/TR/1998/REC-xml-19980210</a>
+</dd>
+
+</dl>
+
+
+
+
+<h2>
+<a name="rationale"></a>B Rationale</h2>
+
+<p>There was an urgent requirement for a specification for style sheet
+linking that could be completed in time for the next release from
+major browser vendors. Only by choosing a simple mechanism closely
+based on a proven existing mechanism could the specification be
+completed in time to meet this requirement.</p>
+
+<p>Use of a processing instruction avoids polluting the main document
+structure with application specific processing information.</p>
+
+<p>The mechanism chosen for this version of the specification is not a
+constraint on the additional mechanisms planned for future versions.
+There is no expectation that these will use processing instructions;
+indeed they may not include the linking information in the source
+document.</p>
+
+
+
+
+</body>
+</html>
diff --git a/samples/data/at/iaik/ixsil/transforms/digestInputs/c14NSignature.firstReference.txt b/samples/data/at/iaik/ixsil/transforms/digestInputs/c14NSignature.firstReference.txt
new file mode 100644
index 0000000..227159f
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/digestInputs/c14NSignature.firstReference.txt
@@ -0,0 +1,4 @@
+<?xml-stylesheet href="doc.xsl"
+ type="text/xsl" ?>
+<doc>Hello, world!</doc>
+<?pi-without-data?>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/digestInputs/c14NSignature.secondReference.txt b/samples/data/at/iaik/ixsil/transforms/digestInputs/c14NSignature.secondReference.txt
new file mode 100644
index 0000000..a0b0c46
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/digestInputs/c14NSignature.secondReference.txt
@@ -0,0 +1,6 @@
+<?xml-stylesheet href="doc.xsl"
+ type="text/xsl" ?>
+<doc>Hello, world!<!-- Comment 1 --></doc>
+<?pi-without-data?>
+<!-- Comment 2 -->
+<!-- Comment 3 -->
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/digestInputs/envelopedSignatureSignature.firstReference.txt b/samples/data/at/iaik/ixsil/transforms/digestInputs/envelopedSignatureSignature.firstReference.txt
new file mode 100644
index 0000000..3bde443
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/digestInputs/envelopedSignatureSignature.firstReference.txt
@@ -0,0 +1,5 @@
+<Envelope xmlns="http://iaik.at#Envelope">
+ <DataItem>
+ Some Data from IAIK
+ </DataItem>
+</Envelope>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/digestInputs/xPathSignature.firstReference.txt b/samples/data/at/iaik/ixsil/transforms/digestInputs/xPathSignature.firstReference.txt
new file mode 100644
index 0000000..d660df4
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/digestInputs/xPathSignature.firstReference.txt
@@ -0,0 +1 @@
+<dsig:Object xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="objectId">A text from IAIK</dsig:Object>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/digestInputs/xPathSignature.secondReference.txt b/samples/data/at/iaik/ixsil/transforms/digestInputs/xPathSignature.secondReference.txt
new file mode 100644
index 0000000..3592529
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/digestInputs/xPathSignature.secondReference.txt
@@ -0,0 +1 @@
+<dsig:Object xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="objectId"><!--A comment from IAIK-->A text from IAIK</dsig:Object>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/digestInputs/xPathSignature.thirdReference.txt b/samples/data/at/iaik/ixsil/transforms/digestInputs/xPathSignature.thirdReference.txt
new file mode 100644
index 0000000..d660df4
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/digestInputs/xPathSignature.thirdReference.txt
@@ -0,0 +1 @@
+<dsig:Object xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="objectId">A text from IAIK</dsig:Object>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/samples/sampleBase64EncodedData.txt b/samples/data/at/iaik/ixsil/transforms/samples/sampleBase64EncodedData.txt
new file mode 100644
index 0000000..1efa071
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/samples/sampleBase64EncodedData.txt
Binary files differ
diff --git a/samples/data/at/iaik/ixsil/transforms/samples/sampleXMLData.xml b/samples/data/at/iaik/ixsil/transforms/samples/sampleXMLData.xml
new file mode 100644
index 0000000..c2126d8
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/samples/sampleXMLData.xml
@@ -0,0 +1,12 @@
+<?xml version="1.0"?>
+
+<?xml-stylesheet href="doc.xsl"
+ type="text/xsl" ?>
+
+<doc>Hello, world!<!-- Comment 1 --></doc>
+
+<?pi-without-data ?>
+
+<!-- Comment 2 -->
+
+<!-- Comment 3 -->
diff --git a/samples/data/at/iaik/ixsil/transforms/signatures/base64DecodeSignature.xml b/samples/data/at/iaik/ixsil/transforms/signatures/base64DecodeSignature.xml
new file mode 100644
index 0000000..c53e989
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/signatures/base64DecodeSignature.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="../samples/sampleBase64EncodedData.txt"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>CFDfVk22iawglDdrEIygmWhpPrj0DyWnxLhPBSgHXp6i31oVbicHAOvThv7TyVKd
+eE6K2b5AKOErBwVncngMBmpwtJIoKOgUhgNe4DskfeSdk44OJkT63h0EJxJhUHqz
+NtBe7QrmynpbFnOedDDZwMA9/I8RU0Eq/jikz9nqNdU=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>sDa5yzUv4IJmBY60GZCnkQSAhpG7tgxepi6sj3DlCzxjTtO5MNrjI9sK3WhimpNi
+NDmagzNEjxP3+x1huxL19GoIxZgr5O7E/F2IInSASVZTQsvWZlNauhRs0KZAszIS
+FchvrihILLoUf4tzaOSe6jgMEq6IkO0dWVpcFpAjXTc=</dsig:Modulus><dsig:Exponent>Aw==</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Signature>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/signatures/c14nSignature.xml b/samples/data/at/iaik/ixsil/transforms/signatures/c14nSignature.xml
new file mode 100644
index 0000000..8d0c0cb
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/signatures/c14nSignature.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="../samples/sampleXMLData.xml"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>R8S/QfGgzSmfIg0qpQthdjJQGuk=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="../samples/sampleXMLData.xml"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>IGE++R3JwgZ17hxfT3VoGmvNBjU=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>cmn28RkAxN5587v+EPof2okKiUkJivh0wKNHK9FuhbA+xUBWsucUFXrNCrug57s4
+xQFsQtXjVKPn+LGehnhvxZqd0MEK0GLndRk2dKogbtX/tc55BsyT1jRDGpeIxqNR
+OnwTleWlp9tMenLPPsa3vMrzXXUqup2A/J7/mZaNnUY=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>sDa5yzUv4IJmBY60GZCnkQSAhpG7tgxepi6sj3DlCzxjTtO5MNrjI9sK3WhimpNi
+NDmagzNEjxP3+x1huxL19GoIxZgr5O7E/F2IInSASVZTQsvWZlNauhRs0KZAszIS
+FchvrihILLoUf4tzaOSe6jgMEq6IkO0dWVpcFpAjXTc=</dsig:Modulus><dsig:Exponent>Aw==</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Signature>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/signatures/envelopedSignatureSignature.xml b/samples/data/at/iaik/ixsil/transforms/signatures/envelopedSignatureSignature.xml
new file mode 100644
index 0000000..aa24b06
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/signatures/envelopedSignatureSignature.xml
@@ -0,0 +1,10 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Envelope xmlns="http://iaik.at#Envelope">
+ <dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>cWFVogsTJUrmoCbGrFoP2mE+F5U=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>l82qilvUhkstzFG8tjTY/DAlWmhMTPz6fhnaIM6qetH9/qagjtrceEwGnc8Q7G20
+laxPg+tjXa9qSHB9wUmOgu5axN3oNsncZxukCi7pmmujflMsXfJKl7jTXweYyKU5
+5tJgeJM3Mnjm4QiAE1X9Ftne4UKFFg4348RUWnlZWBE=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>sDa5yzUv4IJmBY60GZCnkQSAhpG7tgxepi6sj3DlCzxjTtO5MNrjI9sK3WhimpNi
+NDmagzNEjxP3+x1huxL19GoIxZgr5O7E/F2IInSASVZTQsvWZlNauhRs0KZAszIS
+FchvrihILLoUf4tzaOSe6jgMEq6IkO0dWVpcFpAjXTc=</dsig:Modulus><dsig:Exponent>Aw==</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo></dsig:Signature><DataItem>
+ Some Data from IAIK
+ </DataItem>
+</Envelope>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml b/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml
new file mode 100644
index 0000000..c3c28b4
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference URI="#objectId"><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Xg7huUaHvGjhk11T6cBa5jKiCAM=</dsig:DigestValue></dsig:Reference><dsig:Reference URI="#xpointer(id('objectId'))"><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>a1YkQDH/XGdccOaiyxOrP6AQBeM=</dsig:DigestValue></dsig:Reference><dsig:Reference URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116"><dsig:XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">ancestor-or-self::dsig:Object</dsig:XPath></dsig:Transform></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/><dsig:DigestValue>Xg7huUaHvGjhk11T6cBa5jKiCAM=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>dRM9axVQYPMd0vfzkbstaG8taNTtJA9sF9ze3/xW6AeW9KCguIjHpmG2kAuDJheZ
+RXRO9et+whWzrX8daHchUu6RDbkkL5tOBcMnyKJiPD03NRxut7AWtkFKLhhxzRds
++EA7X0uNf59UIanLlMiGh3+ROzctwyO0z8vbKqjGxYU=</dsig:SignatureValue><dsig:KeyInfo><dsig:KeyValue><dsig:RSAKeyValue><dsig:Modulus>sDa5yzUv4IJmBY60GZCnkQSAhpG7tgxepi6sj3DlCzxjTtO5MNrjI9sK3WhimpNi
+NDmagzNEjxP3+x1huxL19GoIxZgr5O7E/F2IInSASVZTQsvWZlNauhRs0KZAszIS
+FchvrihILLoUf4tzaOSe6jgMEq6IkO0dWVpcFpAjXTc=</dsig:Modulus><dsig:Exponent>Aw==</dsig:Exponent></dsig:RSAKeyValue></dsig:KeyValue></dsig:KeyInfo><dsig:Object Id="objectId"><!--A comment from IAIK-->A text from IAIK</dsig:Object></dsig:Signature>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml.0.input b/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml.0.input
new file mode 100644
index 0000000..d660df4
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml.0.input
@@ -0,0 +1 @@
+<dsig:Object xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="objectId">A text from IAIK</dsig:Object>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml.1.input b/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml.1.input
new file mode 100644
index 0000000..3592529
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml.1.input
@@ -0,0 +1 @@
+<dsig:Object xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="objectId"><!--A comment from IAIK-->A text from IAIK</dsig:Object>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml.2.input b/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml.2.input
new file mode 100644
index 0000000..d660df4
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml.2.input
@@ -0,0 +1 @@
+<dsig:Object xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="objectId">A text from IAIK</dsig:Object>
\ No newline at end of file
diff --git a/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml.3.input b/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml.3.input
new file mode 100644
index 0000000..5cde06d
--- /dev/null
+++ b/samples/data/at/iaik/ixsil/transforms/signatures/xPathSignature.xml.3.input
@@ -0,0 +1 @@
+<dsig:Object xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">A text from IAIK</dsig:Object>
\ No newline at end of file
diff --git a/samples/data/com/pothole/xmldsig/xml-stylesheet.txt b/samples/data/com/pothole/xmldsig/xml-stylesheet.txt
new file mode 100644
index 0000000..1efa071
--- /dev/null
+++ b/samples/data/com/pothole/xmldsig/xml-stylesheet.txt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/Readme.txt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/Readme.txt
new file mode 100644
index 0000000..6f06b13
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/Readme.txt
@@ -0,0 +1,37 @@
+Example Signatures[1]
+
+[1] http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html
+
+This is an exercise over some key information types, interop
+of which is required for certain standardisation processes.
+
+. signature-keyname.xml
+. signature-retrievalmethod-rawx509crt.xml
+. signature-x509-crt-crl.xml
+. signature-x509-crt.xml
+. signature-x509-is.xml
+. signature-x509-ski.xml
+. signature-x509-sn.xml
+. certs/*.crt
+
+To resolve the key associated with the KeyName in `signature-keyname.xml'
+you must perform a cunning transformation from the name `Xxx' to the
+certificate that resides in the directory `certs/' that has a subject name
+containing the common name `Xxx'. The transformation from this key name to
+the filename under which the certificate is stored `certs/xxx.crt' is a
+trade secret encryption process, the circumvention of which may expose
+you to civil and criminal prosecution under the DMCA and other applicable
+laws.
+
+To resolve the key associated with the X509Data in `signature-x509-is.xml',
+`signature-x509-ski.xml' and `signature-x509-sn.xml' you need to resolve
+the identified certificate from those in the `certs' directory.
+
+In `signature-x509-crt-crl.xml' an X.509 CRL is present which has revoked
+the X.509 certificate used for signing. So verification should be
+qualified.
+
+Merlin Hughes <merlin@baltimore.ie>
+Baltimore Technologies, Ltd.
+
+Tuesday, May 15, 2001
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/badb.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/badb.crt
new file mode 100644
index 0000000..e51df2d
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/badb.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/balor.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/balor.crt
new file mode 100644
index 0000000..05cccd9
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/balor.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/bres.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/bres.crt
new file mode 100644
index 0000000..e386885
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/bres.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/lugh.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/lugh.crt
new file mode 100644
index 0000000..bb955d9
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/lugh.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/macha.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/macha.crt
new file mode 100644
index 0000000..bc57061
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/macha.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/morigu.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/morigu.crt
new file mode 100644
index 0000000..a2b2757
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/morigu.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/nemain.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/nemain.crt
new file mode 100644
index 0000000..1360597
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/nemain.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/nocertifiacte.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/nocertifiacte.crt
new file mode 100644
index 0000000..6f06b13
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/certs/nocertifiacte.crt
@@ -0,0 +1,37 @@
+Example Signatures[1]
+
+[1] http://www.w3.org/Signature/Drafts/xmldsig-core/Overview.html
+
+This is an exercise over some key information types, interop
+of which is required for certain standardisation processes.
+
+. signature-keyname.xml
+. signature-retrievalmethod-rawx509crt.xml
+. signature-x509-crt-crl.xml
+. signature-x509-crt.xml
+. signature-x509-is.xml
+. signature-x509-ski.xml
+. signature-x509-sn.xml
+. certs/*.crt
+
+To resolve the key associated with the KeyName in `signature-keyname.xml'
+you must perform a cunning transformation from the name `Xxx' to the
+certificate that resides in the directory `certs/' that has a subject name
+containing the common name `Xxx'. The transformation from this key name to
+the filename under which the certificate is stored `certs/xxx.crt' is a
+trade secret encryption process, the circumvention of which may expose
+you to civil and criminal prosecution under the DMCA and other applicable
+laws.
+
+To resolve the key associated with the X509Data in `signature-x509-is.xml',
+`signature-x509-ski.xml' and `signature-x509-sn.xml' you need to resolve
+the identified certificate from those in the `certs' directory.
+
+In `signature-x509-crt-crl.xml' an X.509 CRL is present which has revoked
+the X.509 certificate used for signing. So verification should be
+qualified.
+
+Merlin Hughes <merlin@baltimore.ie>
+Baltimore Technologies, Ltd.
+
+Tuesday, May 15, 2001
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-keyname.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-keyname.xml
new file mode 100644
index 0000000..76f7731
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-keyname.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ KTe1H5Hjp8hwahNFoUqHDuPJNNqhS1U3BBBH5/gByItNIwV18nMiLq4KunzFnOqD
+ xzTuO0/T+wsoYC1xOEuCDxyIujNCaJfLh+rCi5THulnc8KSHHEoPQ+7fA1VjmO31
+ 2iw1iENOi7m//wzKlIHuxZCJ5nvolT21PV6nSE4DHlA=
+ </SignatureValue>
+ <KeyInfo>
+ <KeyName>Lugh</KeyName>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-retrievalmethod-rawx509crt.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-retrievalmethod-rawx509crt.xml
new file mode 100644
index 0000000..633c170
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-retrievalmethod-rawx509crt.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ FnwsSCWT6REW/8QnOjv0BK+r3Ly/4aB++pNnZp9pnz8f7+j33eKSj1soyQLq5zmN
+ FwyeeQhnlTbR1kfve014ub9uHVC9A1cfmGZxQF1DC+enHt+AAPJaa278/ocgpMb5
+ Gibl4w7e3HAdBn/RJCrFJH77wY2oU5Ob0zIQtECVNJk=
+ </SignatureValue>
+ <KeyInfo>
+ <RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#rawX509Certificate" URI="certs/balor.crt" />
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-crt-crl.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-crt-crl.xml
new file mode 100644
index 0000000..4487751
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-crt-crl.xml
@@ -0,0 +1,49 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ DrNVqKOilPswEwCilZ3EkjFyQof5BJAbAdi2I8qZuJAsL7d180nWe/xPAURHC6IR
+ t2xJkNgCxrgdpy9//2UzaeE65URi2THgbPW1fhrp6dVeJyhiq9YfJ0Ofn7oeADkt
+ kd3jZipUUG7UGQ0oz3bMaZ6OaGYLkygnUXWh5EHpg4A=
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>
+ MIICwTCCAiqgAwIBAgIGAOZ75aCZMA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMRQwEgYDVQQDEwtYL1NlY3Vy
+ ZSBDQTAeFw0wMTA1MTUxMDA1MjRaFw0wMjA1MTUxMDA0MzdaMGcxCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ0wCwYDVQQDEwRCcmVzMIGf
+ MA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDAQtREqcPJkeGXcCORs/SwcHLh9ySw
+ tQNTUvTQm54hBLbTLhJQ20NJf46Z4YSNoaI7IT4x8fiv+JZLNrQc2ISGZBibMVZ4
+ 4ZvSWYls7d9QurRltvQ2oCqDhUMSXcGY3HJmeEzITIfdh6bIuSQ0sDAXNygVhGr/
+ vVaUOyxr1AoutQIDAQABo3EwbzAOBgNVHQ8BAf8EBAMCB4AwEQYDVR0OBAoECIz2
+ q1W6c2KTMDUGA1UdEgQuMCyGKmh0dHA6Ly93d3cuYmFsdGltb3JlLmNvbS9wcm9k
+ dWN0cy94c2VjdXJlLzATBgNVHSMEDDAKgAiF7B8Kj38a0TANBgkqhkiG9w0BAQUF
+ AAOBgQAzFhnxji5+UdJ6tbfRKTfhQG0JWrWiQRy0N3lrAXQnpQBFjOjtRPRiR5ST
+ vRQbRNrGljegIpoFFK12Uj9BxP6x+uZUqzKDfFqWEN0s9Y9YQdkl+DN9jZZwgK6N
+ KYGqh43HIoPKGb1UQ93tTGW+F4ygNxHluvO1Ovtku8aPBn4idQ==
+ </X509Certificate>
+ </X509Data>
+ <X509Data>
+ <X509CRL>
+ MIIBdjCB4AIBATANBgkqhkiG9w0BAQUFADBuMQswCQYDVQQGEwJJRTEPMA0GA1UE
+ CBMGRHVibGluMSUwIwYDVQQKExxCYWx0aW1vcmUgVGVjaG5vbG9naWVzLCBMdGQu
+ MREwDwYDVQQLEwhYL1NlY3VyZTEUMBIGA1UEAxMLWC9TZWN1cmUgQ0EXDTAxMDUx
+ NTEwNDUwMFoXDTAxMDkyMDEwNDUwMFowGTAXAgYA5nvloJkXDTAxMDUxNTEwNDUw
+ MFqgIzAhMAoGA1UdFAQDAgEAMBMGA1UdIwQMMAqACIXsHwqPfxrRMA0GCSqGSIb3
+ DQEBBQUAA4GBADVPiyJ4Q+Kr3B/GGmh/KbVtSPv5x1zffGxp1XwV5cVOmksVrKNx
+ rCw86K0ZLxVgy1rIql8+i1b9u3Ozuo6VhU0el/NF2Tto2jAyy0j+PPK2Xv1/ATQx
+ J2PK+Ty9vkm+7jjurfeJVvAC8D+WFBAh/JWIzmMXA8cMBfTFBRPhZQao
+ </X509CRL>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-crt.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-crt.xml
new file mode 100644
index 0000000..c811820
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-crt.xml
@@ -0,0 +1,37 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ ZrROxIcOSBvt5z2krEhQGSVIo4oAwTJwGAoFiWucvvEtY9k0L2R5RVHBnHCzk5GT
+ kHGaT8SUqtnDeiH6W/2FNfciiV/w1pxURvNcyW8cYCn1B5XF68vILXUaptWf0DKw
+ DvCFS+uLh0ACuEUfpe1Dx1fwB85lpK2iQcpx9dPaC4M=
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>
+ MIICwzCCAiygAwIBAgIGAOZ75QhHMA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMRQwEgYDVQQDEwtYL1NlY3Vy
+ ZSBDQTAeFw0wMTA1MTUxMDA0NDVaFw0wMjA1MTUxMDA0MzdaMGkxCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ8wDQYDVQQDEwZNb3JpZ3Uw
+ gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALT4FJkxu+bB5lOwYa+irIb7sJU7
+ 9sRQbYYnfw35D7NQkig+Lvi2LXXoA6ABull2bF+gu+sgRzezzOs6VsTL8z57TIz2
+ 48HaMInFjOiqSANmzQKlXv1PjXSxSyHRi/3xc8gMfmCxeSPCZ5VpUiQoJ5ZpWcDz
+ /LKvb0l9X0YBzMZlAgMBAAGjcTBvMA4GA1UdDwEB/wQEAwIHgDARBgNVHQ4ECgQI
+ hbis35lIcu8wNQYDVR0SBC4wLIYqaHR0cDovL3d3dy5iYWx0aW1vcmUuY29tL3By
+ b2R1Y3RzL3hzZWN1cmUvMBMGA1UdIwQMMAqACIXsHwqPfxrRMA0GCSqGSIb3DQEB
+ BQUAA4GBAGSBdPou5CWAiyS5/f46m00mIIqO3xl6ZXOc/DRblF4gWnesd2F5v/s6
+ lAbqK8+wJM6GxvpOkSp6O1q6hZRyzF86QPlXCfhKAXkgzHXtb6PfT2m9t0iawnjy
+ P+oyYofnFU5FFVOCujSrmFx3FCU+Wg6RT3v1jRoM3YfMYZYEzfTT
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-is.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-is.xml
new file mode 100644
index 0000000..895811e
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-is.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ pjlt4UQxI954TIicsctTxRk4qC4tF/h2Y0kmivXvyUU8EPoaCH8bIrcFWz7I7C3P
+ 7NZi341itjSWA9cFnSBKboBPvKxPMMmYShsVMFBDyB2jiF1T3Qc4C/E0BJpR/Ntn
+ uBUNBPNxC0TUjuS7fIYku3NpVVbIv1OP0OqWNi0KDN0=
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509IssuerSerial>
+ <X509IssuerName>
+ CN=X/Secure CA,OU=X/Secure,O=Baltimore Technologies\, Ltd.,ST=Dublin,C=IE
+ </X509IssuerName>
+ <X509SerialNumber>989921098912</X509SerialNumber>
+ </X509IssuerSerial>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-ski.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-ski.xml
new file mode 100644
index 0000000..4a21f4d
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-ski.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ odQDs0dMckjo3hrQVZfx73SBDAR75bKaa/voefbB2f+uKvLMQDF1CeB8wA7vmlDV
+ oJJe3/18vvawSjWgIowN/KR7EZwkcvtw9hnb1QYEddX+CueeCfdEvp553nIPtibg
+ z+77wAbVq1VCOEspx3gn9DZcLJeGHkaeeTQNplYkn84=
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509SKI>
+ iIg+zElCPZ0=
+ </X509SKI>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-sn.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-sn.xml
new file mode 100644
index 0000000..f2a3d38
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/signature-x509-sn.xml
@@ -0,0 +1,23 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ L5EGwmlRmiKHu0SuMEhEwAzFK3uNWidqgpc+ZJws8pyD/uTZKdS93GMXlyMup4Dj
+ +E8+AFNj8zJ2JtQUBCkyTOS6XjMvSU4Q4/tlm6srjROtIvqpnwfUF0zEw5YswmlF
+ TpZY92EUQEiAErDt9LL9ZOy3fTAbyxs0WCzQEGoODE8=
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509SubjectName>
+ CN=Badb,OU=X/Secure,O=Baltimore Technologies\, Ltd.,ST=Dublin,C=IE
+ </X509SubjectName>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloped-dsa.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloped-dsa.xml
new file mode 100644
index 0000000..e5c63c8
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloped-dsa.xml
@@ -0,0 +1,66 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Envelope xmlns="urn:envelope">
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>K8M/lPbKnuMDsO0Uzuj75lQtzQI=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ DpEylhQoiUKBoKWmYfajXO7LZxiDYgVtUtCNyTgwZgoChzorA2nhkQ==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ rFto8uPQM6y34FLPmDh40BLJ1rVrC8VeRquuhPZ6jYNFkQuwxnu/wCvIAMhukPBL
+ FET8bJf/b2ef+oqxZajEb+88zlZoyG8g/wMfDBHTxz+CnowLahnCCTYBp5kt7G8q
+ UobJuvjylwj1st7V9Lsu03iXMXtbiriUjFa5gURasN8=
+ </P>
+ <Q>
+ kEjAFpCe4lcUOdwphpzf+tBaUds=
+ </Q>
+ <G>
+ oe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOWtKXeNK9FS7dWStreDxo2
+ SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTELh98mEocsLXkNh24HcH4
+ BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqw=
+ </G>
+ <Y>
+ pA5NnZvcd574WRXuOA7ZfC/7Lqt4cB0MRLWtHubtJoVOao9ib5ry4rTk0r6ddnOv
+ AIGKktutzK3ymvKleS3DOrwZQgJ+/BDWDW8kO9R66o6rdjiSobBi/0c2V1+dkqOg
+ jFmKz395mvCOZGhC7fqAVhHat2EjGPMfgSZyABa7+1k=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ <X509Data>
+ <X509Certificate>
+ MIIDbTCCAyygAwIBAgIGAOCdrKxkMAkGByqGSM44BAMwezELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjElMCMGA1UEChMcQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cywgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxITAfBgNVBAMTGFgvU2VjdXJlIDEw
+ MjQtYml0IERTQSBDQTAeFw0wMDA3MjcxNzEzMzNaFw0wMTA3MjcxNzEzMjZaMHwx
+ CzAJBgNVBAYTAklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9y
+ ZSBUZWNobm9sb2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMSIwIAYDVQQD
+ ExlYL1NlY3VyZSAxMDI0LWJpdCBEU0EgY3J0MIIBuDCCASwGByqGSM44BAEwggEf
+ AoGBAKxbaPLj0DOst+BSz5g4eNASyda1awvFXkarroT2eo2DRZELsMZ7v8AryADI
+ bpDwSxRE/GyX/29nn/qKsWWoxG/vPM5WaMhvIP8DHwwR08c/gp6MC2oZwgk2AaeZ
+ LexvKlKGybr48pcI9bLe1fS7LtN4lzF7W4q4lIxWuYFEWrDfAhUAkEjAFpCe4lcU
+ Odwphpzf+tBaUdsCgYEAoe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOW
+ tKXeNK9FS7dWStreDxo2SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTE
+ Lh98mEocsLXkNh24HcH4BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqwD
+ gYUAAoGBAKQOTZ2b3Hee+FkV7jgO2Xwv+y6reHAdDES1rR7m7SaFTmqPYm+a8uK0
+ 5NK+nXZzrwCBipLbrcyt8prypXktwzq8GUICfvwQ1g1vJDvUeuqOq3Y4kqGwYv9H
+ NldfnZKjoIxZis9/eZrwjmRoQu36gFYR2rdhIxjzH4EmcgAWu/tZozswOTAPBgNV
+ HQ8BAf8EBQMDAIAAMBEGA1UdDgQKBAiA4IML4dndEDATBgNVHSMEDDAKgAiHoMnY
+ nDxZUDAJBgcqhkjOOAQDAzAAMC0CFQCEXa1E2ueJ8WMX5nP1lCcBWhxC2wIUGUCB
+ b6M6Oj3NQAJbnZsdY63rKa0=
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ </Signature>
+</Envelope>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-b64-dsa.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-b64-dsa.xml
new file mode 100644
index 0000000..e9bf94d
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-b64-dsa.xml
@@ -0,0 +1,65 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="#object">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>N6pjx3OY2VRHMmLhoAV8HmMu2nc=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ W+lrPJcfT0Uyj/AXyu9X2XLsTvBo6Rs8GNZUNUT4/+wx3HYuv/BovQ==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ rFto8uPQM6y34FLPmDh40BLJ1rVrC8VeRquuhPZ6jYNFkQuwxnu/wCvIAMhukPBL
+ FET8bJf/b2ef+oqxZajEb+88zlZoyG8g/wMfDBHTxz+CnowLahnCCTYBp5kt7G8q
+ UobJuvjylwj1st7V9Lsu03iXMXtbiriUjFa5gURasN8=
+ </P>
+ <Q>
+ kEjAFpCe4lcUOdwphpzf+tBaUds=
+ </Q>
+ <G>
+ oe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOWtKXeNK9FS7dWStreDxo2
+ SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTELh98mEocsLXkNh24HcH4
+ BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqw=
+ </G>
+ <Y>
+ pA5NnZvcd574WRXuOA7ZfC/7Lqt4cB0MRLWtHubtJoVOao9ib5ry4rTk0r6ddnOv
+ AIGKktutzK3ymvKleS3DOrwZQgJ+/BDWDW8kO9R66o6rdjiSobBi/0c2V1+dkqOg
+ jFmKz395mvCOZGhC7fqAVhHat2EjGPMfgSZyABa7+1k=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ <X509Data>
+ <X509Certificate>
+ MIIDbTCCAyygAwIBAgIGAOCdrKxkMAkGByqGSM44BAMwezELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjElMCMGA1UEChMcQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cywgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxITAfBgNVBAMTGFgvU2VjdXJlIDEw
+ MjQtYml0IERTQSBDQTAeFw0wMDA3MjcxNzEzMzNaFw0wMTA3MjcxNzEzMjZaMHwx
+ CzAJBgNVBAYTAklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9y
+ ZSBUZWNobm9sb2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMSIwIAYDVQQD
+ ExlYL1NlY3VyZSAxMDI0LWJpdCBEU0EgY3J0MIIBuDCCASwGByqGSM44BAEwggEf
+ AoGBAKxbaPLj0DOst+BSz5g4eNASyda1awvFXkarroT2eo2DRZELsMZ7v8AryADI
+ bpDwSxRE/GyX/29nn/qKsWWoxG/vPM5WaMhvIP8DHwwR08c/gp6MC2oZwgk2AaeZ
+ LexvKlKGybr48pcI9bLe1fS7LtN4lzF7W4q4lIxWuYFEWrDfAhUAkEjAFpCe4lcU
+ Odwphpzf+tBaUdsCgYEAoe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOW
+ tKXeNK9FS7dWStreDxo2SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTE
+ Lh98mEocsLXkNh24HcH4BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqwD
+ gYUAAoGBAKQOTZ2b3Hee+FkV7jgO2Xwv+y6reHAdDES1rR7m7SaFTmqPYm+a8uK0
+ 5NK+nXZzrwCBipLbrcyt8prypXktwzq8GUICfvwQ1g1vJDvUeuqOq3Y4kqGwYv9H
+ NldfnZKjoIxZis9/eZrwjmRoQu36gFYR2rdhIxjzH4EmcgAWu/tZozswOTAPBgNV
+ HQ8BAf8EBQMDAIAAMBEGA1UdDgQKBAiA4IML4dndEDATBgNVHSMEDDAKgAiHoMnY
+ nDxZUDAJBgcqhkjOOAQDAzAAMC0CFQCEXa1E2ueJ8WMX5nP1lCcBWhxC2wIUGUCB
+ b6M6Oj3NQAJbnZsdY63rKa0=
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ <Object Id="object">c29tZSB0ZXh0</Object>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-dsa.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-dsa.xml
new file mode 100644
index 0000000..b23cc0b
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-dsa.xml
@@ -0,0 +1,62 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ SVsFIWuARkAaD9HZXhNASHShx38UZiDS3IsIb2DS1eBUdD4V70E6MA==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ rFto8uPQM6y34FLPmDh40BLJ1rVrC8VeRquuhPZ6jYNFkQuwxnu/wCvIAMhukPBL
+ FET8bJf/b2ef+oqxZajEb+88zlZoyG8g/wMfDBHTxz+CnowLahnCCTYBp5kt7G8q
+ UobJuvjylwj1st7V9Lsu03iXMXtbiriUjFa5gURasN8=
+ </P>
+ <Q>
+ kEjAFpCe4lcUOdwphpzf+tBaUds=
+ </Q>
+ <G>
+ oe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOWtKXeNK9FS7dWStreDxo2
+ SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTELh98mEocsLXkNh24HcH4
+ BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqw=
+ </G>
+ <Y>
+ pA5NnZvcd574WRXuOA7ZfC/7Lqt4cB0MRLWtHubtJoVOao9ib5ry4rTk0r6ddnOv
+ AIGKktutzK3ymvKleS3DOrwZQgJ+/BDWDW8kO9R66o6rdjiSobBi/0c2V1+dkqOg
+ jFmKz395mvCOZGhC7fqAVhHat2EjGPMfgSZyABa7+1k=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ <X509Data>
+ <X509Certificate>
+ MIIDbTCCAyygAwIBAgIGAOCdrKxkMAkGByqGSM44BAMwezELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjElMCMGA1UEChMcQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cywgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxITAfBgNVBAMTGFgvU2VjdXJlIDEw
+ MjQtYml0IERTQSBDQTAeFw0wMDA3MjcxNzEzMzNaFw0wMTA3MjcxNzEzMjZaMHwx
+ CzAJBgNVBAYTAklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9y
+ ZSBUZWNobm9sb2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMSIwIAYDVQQD
+ ExlYL1NlY3VyZSAxMDI0LWJpdCBEU0EgY3J0MIIBuDCCASwGByqGSM44BAEwggEf
+ AoGBAKxbaPLj0DOst+BSz5g4eNASyda1awvFXkarroT2eo2DRZELsMZ7v8AryADI
+ bpDwSxRE/GyX/29nn/qKsWWoxG/vPM5WaMhvIP8DHwwR08c/gp6MC2oZwgk2AaeZ
+ LexvKlKGybr48pcI9bLe1fS7LtN4lzF7W4q4lIxWuYFEWrDfAhUAkEjAFpCe4lcU
+ Odwphpzf+tBaUdsCgYEAoe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOW
+ tKXeNK9FS7dWStreDxo2SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTE
+ Lh98mEocsLXkNh24HcH4BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqwD
+ gYUAAoGBAKQOTZ2b3Hee+FkV7jgO2Xwv+y6reHAdDES1rR7m7SaFTmqPYm+a8uK0
+ 5NK+nXZzrwCBipLbrcyt8prypXktwzq8GUICfvwQ1g1vJDvUeuqOq3Y4kqGwYv9H
+ NldfnZKjoIxZis9/eZrwjmRoQu36gFYR2rdhIxjzH4EmcgAWu/tZozswOTAPBgNV
+ HQ8BAf8EBQMDAIAAMBEGA1UdDgQKBAiA4IML4dndEDATBgNVHSMEDDAKgAiHoMnY
+ nDxZUDAJBgcqhkjOOAQDAzAAMC0CFQCEXa1E2ueJ8WMX5nP1lCcBWhxC2wIUGUCB
+ b6M6Oj3NQAJbnZsdY63rKa0=
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-hmac-sha1-40.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-hmac-sha1-40.xml
new file mode 100644
index 0000000..4904d79
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-hmac-sha1-40.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ <HMACOutputLength>40</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ HHiqvCU=
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-hmac-sha1.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-hmac-sha1.xml
new file mode 100644
index 0000000..c0c8343
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-hmac-sha1.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ JElPttIT4Am7Q+MNoMyv+WDfAZw=
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-rsa.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-rsa.xml
new file mode 100644
index 0000000..143192c
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-enveloping-rsa.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ TTx2opM6OcMi6zlasWEhP992di482KhTo80pgheFySZcpvorB47i8FkgDjftdxbn
+ 2xlrZh0rp0v2dVVxWtLFjUpvN/Z+fkG/AXiT3kAhzRBqmYYYZxIuCtQM57yoBrIh
+ /nSy3HWs5wDqroFAx9q52qMMbKNbnwHG6Y/K1ZiVnNg=
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <RSAKeyValue>
+ <Modulus>
+ qe5VYmNxjeUSQDEI5lkHNDXxfXpXj95Ni7tcQ9DHDSgUJ1m2dNwKublDVQZDmmlf
+ HJ2n/us+EZTZNUST4GqublhgzcCCvYq9dbU8oqiEz0ktTIWCPy36UvQcaRwufpiV
+ RFaTDNPqjkjWPrM2cnpfyoI7ydbVCBRfI9zISQiR0Mk=
+ </Modulus>
+ <Exponent>
+ AQAB
+ </Exponent>
+ </RSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-external-b64-dsa.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-external-b64-dsa.xml
new file mode 100644
index 0000000..79765c2
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-external-b64-dsa.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://xmldsig.pothole.com/xml-stylesheet.txt">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ gU0blQcXJFHR5MhUIb2Clq7bcT+NfxOG5yLFUd3Y85QNfTaR5vu+6Q==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ rFto8uPQM6y34FLPmDh40BLJ1rVrC8VeRquuhPZ6jYNFkQuwxnu/wCvIAMhukPBL
+ FET8bJf/b2ef+oqxZajEb+88zlZoyG8g/wMfDBHTxz+CnowLahnCCTYBp5kt7G8q
+ UobJuvjylwj1st7V9Lsu03iXMXtbiriUjFa5gURasN8=
+ </P>
+ <Q>
+ kEjAFpCe4lcUOdwphpzf+tBaUds=
+ </Q>
+ <G>
+ oe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOWtKXeNK9FS7dWStreDxo2
+ SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTELh98mEocsLXkNh24HcH4
+ BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqw=
+ </G>
+ <Y>
+ pA5NnZvcd574WRXuOA7ZfC/7Lqt4cB0MRLWtHubtJoVOao9ib5ry4rTk0r6ddnOv
+ AIGKktutzK3ymvKleS3DOrwZQgJ+/BDWDW8kO9R66o6rdjiSobBi/0c2V1+dkqOg
+ jFmKz395mvCOZGhC7fqAVhHat2EjGPMfgSZyABa7+1k=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ <X509Data>
+ <X509Certificate>
+ MIIDbTCCAyygAwIBAgIGAOCdrKxkMAkGByqGSM44BAMwezELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjElMCMGA1UEChMcQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cywgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxITAfBgNVBAMTGFgvU2VjdXJlIDEw
+ MjQtYml0IERTQSBDQTAeFw0wMDA3MjcxNzEzMzNaFw0wMTA3MjcxNzEzMjZaMHwx
+ CzAJBgNVBAYTAklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9y
+ ZSBUZWNobm9sb2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMSIwIAYDVQQD
+ ExlYL1NlY3VyZSAxMDI0LWJpdCBEU0EgY3J0MIIBuDCCASwGByqGSM44BAEwggEf
+ AoGBAKxbaPLj0DOst+BSz5g4eNASyda1awvFXkarroT2eo2DRZELsMZ7v8AryADI
+ bpDwSxRE/GyX/29nn/qKsWWoxG/vPM5WaMhvIP8DHwwR08c/gp6MC2oZwgk2AaeZ
+ LexvKlKGybr48pcI9bLe1fS7LtN4lzF7W4q4lIxWuYFEWrDfAhUAkEjAFpCe4lcU
+ Odwphpzf+tBaUdsCgYEAoe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOW
+ tKXeNK9FS7dWStreDxo2SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTE
+ Lh98mEocsLXkNh24HcH4BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqwD
+ gYUAAoGBAKQOTZ2b3Hee+FkV7jgO2Xwv+y6reHAdDES1rR7m7SaFTmqPYm+a8uK0
+ 5NK+nXZzrwCBipLbrcyt8prypXktwzq8GUICfvwQ1g1vJDvUeuqOq3Y4kqGwYv9H
+ NldfnZKjoIxZis9/eZrwjmRoQu36gFYR2rdhIxjzH4EmcgAWu/tZozswOTAPBgNV
+ HQ8BAf8EBQMDAIAAMBEGA1UdDgQKBAiA4IML4dndEDATBgNVHSMEDDAKgAiHoMnY
+ nDxZUDAJBgcqhkjOOAQDAzAAMC0CFQCEXa1E2ueJ8WMX5nP1lCcBWhxC2wIUGUCB
+ b6M6Oj3NQAJbnZsdY63rKa0=
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-external-dsa.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-external-dsa.xml
new file mode 100644
index 0000000..5ff86df
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/signature-external-dsa.xml
@@ -0,0 +1,61 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ Fj9OwSxpJppDnihohduxEUqu9/p6TR9PpgNGapaiBHGcY2QUDBaOEw==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ rFto8uPQM6y34FLPmDh40BLJ1rVrC8VeRquuhPZ6jYNFkQuwxnu/wCvIAMhukPBL
+ FET8bJf/b2ef+oqxZajEb+88zlZoyG8g/wMfDBHTxz+CnowLahnCCTYBp5kt7G8q
+ UobJuvjylwj1st7V9Lsu03iXMXtbiriUjFa5gURasN8=
+ </P>
+ <Q>
+ kEjAFpCe4lcUOdwphpzf+tBaUds=
+ </Q>
+ <G>
+ oe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOWtKXeNK9FS7dWStreDxo2
+ SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTELh98mEocsLXkNh24HcH4
+ BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqw=
+ </G>
+ <Y>
+ pA5NnZvcd574WRXuOA7ZfC/7Lqt4cB0MRLWtHubtJoVOao9ib5ry4rTk0r6ddnOv
+ AIGKktutzK3ymvKleS3DOrwZQgJ+/BDWDW8kO9R66o6rdjiSobBi/0c2V1+dkqOg
+ jFmKz395mvCOZGhC7fqAVhHat2EjGPMfgSZyABa7+1k=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ <X509Data>
+ <X509Certificate>
+ MIIDbTCCAyygAwIBAgIGAOCdrKxkMAkGByqGSM44BAMwezELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjElMCMGA1UEChMcQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cywgTHRkLjERMA8GA1UECxMIWC9TZWN1cmUxITAfBgNVBAMTGFgvU2VjdXJlIDEw
+ MjQtYml0IERTQSBDQTAeFw0wMDA3MjcxNzEzMzNaFw0wMTA3MjcxNzEzMjZaMHwx
+ CzAJBgNVBAYTAklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9y
+ ZSBUZWNobm9sb2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMSIwIAYDVQQD
+ ExlYL1NlY3VyZSAxMDI0LWJpdCBEU0EgY3J0MIIBuDCCASwGByqGSM44BAEwggEf
+ AoGBAKxbaPLj0DOst+BSz5g4eNASyda1awvFXkarroT2eo2DRZELsMZ7v8AryADI
+ bpDwSxRE/GyX/29nn/qKsWWoxG/vPM5WaMhvIP8DHwwR08c/gp6MC2oZwgk2AaeZ
+ LexvKlKGybr48pcI9bLe1fS7LtN4lzF7W4q4lIxWuYFEWrDfAhUAkEjAFpCe4lcU
+ Odwphpzf+tBaUdsCgYEAoe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOW
+ tKXeNK9FS7dWStreDxo2SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTE
+ Lh98mEocsLXkNh24HcH4BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqwD
+ gYUAAoGBAKQOTZ2b3Hee+FkV7jgO2Xwv+y6reHAdDES1rR7m7SaFTmqPYm+a8uK0
+ 5NK+nXZzrwCBipLbrcyt8prypXktwzq8GUICfvwQ1g1vJDvUeuqOq3Y4kqGwYv9H
+ NldfnZKjoIxZis9/eZrwjmRoQu36gFYR2rdhIxjzH4EmcgAWu/tZozswOTAPBgNV
+ HQ8BAf8EBQMDAIAAMBEGA1UdDgQKBAiA4IML4dndEDATBgNVHSMEDDAKgAiHoMnY
+ nDxZUDAJBgcqhkjOOAQDAzAAMC0CFQCEXa1E2ueJ8WMX5nP1lCcBWhxC2wIUGUCB
+ b6M6Oj3NQAJbnZsdY63rKa0=
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-sixteen/bad-signature.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-sixteen/bad-signature.xml
new file mode 100644
index 0000000..127ab5e
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-sixteen/bad-signature.xml
@@ -0,0 +1,249 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE Envelope [
+ <!ENTITY dsig "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY c14n "http://www.w3.org/TR/2001/REC-xml-c14n-20010315">
+ <!ENTITY xpath "http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <!ENTITY xslt "http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <!ATTLIST Notaries Id ID #IMPLIED>
+]>
+<!-- Preamble -->
+<Envelope xmlns:foo="http://www.usps.gov/foo" xmlns="http://www.usps.gov/">
+ <DearSir>foo</DearSir>
+ <Body>bar</Body>
+ <YoursSincerely>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="signature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ <Reference URI="http://xmldsig.pothole.com/xml-stylesheet.txt">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-1">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+ self::text()
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zyjp8GJOX69990Kkqw8ioPXGExk=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ ancestor-or-self::dsig:SignedInfo
+ and
+ count(ancestor-or-self::dsig:Reference |
+ here()/ancestor::dsig:Reference[1]) >
+ count(ancestor-or-self::dsig:Reference)
+ or
+ count(ancestor-or-self::node() |
+ id('notaries')) =
+ count(ancestor-or-self::node())
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>DkRNHKuQgDiTy9XAAMGbyydg3BI=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-2">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zyjp8GJOX69990Kkqw8ioPXGExk=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>X9dMPL0KeDZXh9GE3vLcOtPsYjI=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties" URI="#signature-properties-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7tHLZrC0kqOhPCiYu/WusgG4tBo=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zbVZy3ycg7CyFcPzNs0C6bA3qio=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zbVZy3ycg7CyFcPzNs0C6bA3qio=</DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(/)">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zbVZy3ycg7CyFcPzNs0C6bA3qio=</DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(/)">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>ar0/7EQyRfUZmrPPcTQFdVCt2PY=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-3">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>0aW4L0GoFzYUo4gyZSfoyZBhpuc=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-3">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>0aW4L0GoFzYUo4gyZSfoyZBhpuc=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#xpointer(id('object-3'))">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>0aW4L0GoFzYUo4gyZSfoyZBhpuc=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#xpointer(id('object-3'))">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>1puYWb36Z5TIDmEIVd/JLR3iD8Y=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Reference" URI="#reference-2">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>MMtXLCswiEDurKMgg2r+vBPlk8Q=</DigestValue>
+ </Reference>
+ <Reference Id="reference-1" Type="http://www.w3.org/2000/09/xmldsig#Reference" URI="#manifest-reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7eI/P8mppgkqXqW0+at2UGj06qs=</DigestValue>
+ </Reference>
+ <Reference Id="reference-2" Type="http://www.w3.org/2000/09/xmldsig#Reference" URI="#reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>l/bqIouk6Gs8eEjG0Tad0MJJgWw=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ SiMb9su56spmMlNjrWWKdkgj1hDhveaWCx5Bwpj5AuJ6T3Zy68NJ/A==
+ </SignatureValue>
+ <KeyInfo>
+ <RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#X509Data" URI="#object-4">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ ancestor-or-self::dsig:X509Data
+ </XPath>
+ </Transform>
+ </Transforms>
+ </RetrievalMethod>
+ </KeyInfo>
+ <Object Id="object-1" MimeType="text/plain">I am the bad text.</Object>
+ <Object Encoding="http://www.w3.org/2000/09/xmldsig#base64" Id="object-2" MimeType="text/plain">aBADSIGN</Object>
+ <Object Id="object-3">
+ <NonCommentandus xmlns=""><!-- BAD Commentandum --></NonCommentandus>
+ </Object>
+ <Object>
+ <Manifest Id="manifest-1">
+ <Reference Id="manifest-reference-1" URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Reference" URI="#reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>l/bqIouk6Gs8eEjG0Tad0MJJgWw=</DigestValue>
+ </Reference>
+ <Reference URI="#notaries">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/TR/xhtml1/strict" exclude-result-prefixes="foo" version="1.0">
+ <xsl:output encoding="UTF-8" indent="no" method="xml" />
+ <xsl:template match="/">
+ <html>
+ <head>
+ <title>Notaries</title>
+ </head>
+ <body>
+ <table>
+ <xsl:for-each select="Notaries/Notary">
+ <tr>
+ <th>
+ <xsl:value-of select="@name" />
+ </th>
+ </tr>
+ </xsl:for-each>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>c7wq5XKos6RqNVJyFy7/fl6+sAs=</DigestValue>
+ </Reference>
+ </Manifest>
+ </Object>
+ <Object>
+ <SignatureProperties Id="signature-properties-1">
+ <SignatureProperty Target="#signature">
+ <SignerAddress xmlns="urn:demo"><IP>192.168.21.138</IP></SignerAddress>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+ <Object Id="object-4">
+ <X509Data>
+ <X509SubjectName>
+ CN=Merlin Hughes,O=Baltimore Technologies\, Ltd.,ST=Dublin,C=IE
+ </X509SubjectName>
+ <X509IssuerSerial>
+ <X509IssuerName>
+ CN=Test DSA CA,O=Baltimore Technologies\, Ltd.,ST=Dublin,C=IE
+ </X509IssuerName>
+ <X509SerialNumber>970849936</X509SerialNumber>
+ </X509IssuerSerial>
+ <X509Certificate>
+ MIIDNzCCAvWgAwIBAgIEOd3+kDAJBgcqhkjOOAQDMFsxCzAJBgNVBAYTAklFMQ8w
+ DQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9yZSBUZWNobm9sb2dpZXMs
+ IEx0ZC4xFDASBgNVBAMTC1Rlc3QgRFNBIENBMB4XDTAwMTAwNjE2MzIxNVoXDTAx
+ MTAwNjE2MzIxNFowXTELMAkGA1UEBhMCSUUxDzANBgNVBAgTBkR1YmxpbjElMCMG
+ A1UEChMcQmFsdGltb3JlIFRlY2hub2xvZ2llcywgTHRkLjEWMBQGA1UEAxMNTWVy
+ bGluIEh1Z2hlczCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQDaJjfDTrawMHf8MiUt
+ Y54b37hSmYNnR3KpGT10uU1Dqppcju06uN0iGbqf947DjkBC25hKnqykK31xBw0E
+ CPbYq/KC98kghdf2xJCu6B8aqJ95K9jdVflJ3WP7PQxJn+fmM23zy6HYLXVICpfq
+ etdNj/VHCShZE3bdJiE6VobSFQIVAPQecqS2PaTDprcQnkwx4MHTRXhrAoGAMuGA
+ lqeB1ax+vyO2+Osubjhl7pHxLu47RIH+/M52DjESA9KMSrwzsYx8yNR2WooByrE0
+ t6fu0VncK7UK8olO4t7wpv2z4AFQPRVCKFwo0qgn5aKIkICGMlrRy81avb27wGcW
+ othx3iPPMtFXtoDqK0JItaI9R8zc1msFhM1GKMYDgYQAAoGActA8YGxrtngg/zKV
+ vqEOefnwmViFztcnPBYPlJsvh6yKI4iDm68fnp4Mi3RrJ6bZAygFrUIQLxLjV+OJ
+ tgJAEto0xAs+Mehuq1DkSFEpP3oDzCTOsrOiS1DwQe4oIb7zVk/9l7aPtJMHW0LV
+ lMdwZNFNNJoqMcT2ZfCPrfvYvQ2jRzBFMB4GA1UdEQQXMBWBE21lcmxpbkBiYWx0
+ aW1vcmUuaWUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdIwQMMAqACEJZQG0KwRbPMAkG
+ ByqGSM44BAMDMQAwLgIVAK4skWEFYgrggaJA8vYAwSjg12+KAhUAwHTo7wd4tENw
+ 9LAKPklQ/74fH18=
+ </X509Certificate>
+ </X509Data>
+ </Object>
+ </Signature>
+ </YoursSincerely>
+ <PostScript>bar</PostScript>
+ <Notaries xmlns="" Id="notaries">
+ <Notary name="Great, A. T." />
+ <Notary name="Hun, A. T." />
+ </Notaries>
+ <!-- Commentary -->
+</Envelope>
+<!-- Postamble -->
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-sixteen/signature.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-sixteen/signature.xml
new file mode 100644
index 0000000..a7f277d
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-sixteen/signature.xml
@@ -0,0 +1,249 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE Envelope [
+ <!ENTITY dsig "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY c14n "http://www.w3.org/TR/2001/REC-xml-c14n-20010315">
+ <!ENTITY xpath "http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <!ENTITY xslt "http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <!ATTLIST Notaries Id ID #IMPLIED>
+]>
+<!-- Preamble -->
+<Envelope xmlns:foo="http://www.usps.gov/foo" xmlns="http://www.usps.gov/">
+ <DearSir>foo</DearSir>
+ <Body>bar</Body>
+ <YoursSincerely>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="signature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ <Reference URI="http://xmldsig.pothole.com/xml-stylesheet.txt">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-1">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+ self::text()
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zyjp8GJOX69990Kkqw8ioPXGExk=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ ancestor-or-self::dsig:SignedInfo
+ and
+ count(ancestor-or-self::dsig:Reference |
+ here()/ancestor::dsig:Reference[1]) >
+ count(ancestor-or-self::dsig:Reference)
+ or
+ count(ancestor-or-self::node() |
+ id('notaries')) =
+ count(ancestor-or-self::node())
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>DkRNHKuQgDiTy9XAAMGbyydg3BI=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-2">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zyjp8GJOX69990Kkqw8ioPXGExk=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>X9dMPL0KeDZXh9GE3vLcOtPsYjI=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties" URI="#signature-properties-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7tHLZrC0kqOhPCiYu/WusgG4tBo=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zbVZy3ycg7CyFcPzNs0C6bA3qio=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zbVZy3ycg7CyFcPzNs0C6bA3qio=</DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(/)">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zbVZy3ycg7CyFcPzNs0C6bA3qio=</DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(/)">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>ar0/7EQyRfUZmrPPcTQFdVCt2PY=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-3">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>0aW4L0GoFzYUo4gyZSfoyZBhpuc=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-3">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>0aW4L0GoFzYUo4gyZSfoyZBhpuc=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#xpointer(id('object-3'))">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>0aW4L0GoFzYUo4gyZSfoyZBhpuc=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#xpointer(id('object-3'))">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>1puYWb36Z5TIDmEIVd/JLR3iD8Y=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Reference" URI="#reference-2">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>MMtXLCswiEDurKMgg2r+vBPlk8Q=</DigestValue>
+ </Reference>
+ <Reference Id="reference-1" Type="http://www.w3.org/2000/09/xmldsig#Reference" URI="#manifest-reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7eI/P8mppgkqXqW0+at2UGj06qs=</DigestValue>
+ </Reference>
+ <Reference Id="reference-2" Type="http://www.w3.org/2000/09/xmldsig#Reference" URI="#reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>l/bqIouk6Gs8eEjG0Tad0MJJgWw=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ SiMb9su56spmMlNjrWWKdkgj1hDhveaWCx5Bwpj5AuJ6T3Zy68NJ/A==
+ </SignatureValue>
+ <KeyInfo>
+ <RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#X509Data" URI="#object-4">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ ancestor-or-self::dsig:X509Data
+ </XPath>
+ </Transform>
+ </Transforms>
+ </RetrievalMethod>
+ </KeyInfo>
+ <Object Id="object-1" MimeType="text/plain">I am the text.</Object>
+ <Object Encoding="http://www.w3.org/2000/09/xmldsig#base64" Id="object-2" MimeType="text/plain">SSBhbSB0aGUgdGV4dC4=</Object>
+ <Object Id="object-3">
+ <NonCommentandus xmlns=""><!-- Commentandum --></NonCommentandus>
+ </Object>
+ <Object>
+ <Manifest Id="manifest-1">
+ <Reference Id="manifest-reference-1" URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Reference" URI="#reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>l/bqIouk6Gs8eEjG0Tad0MJJgWw=</DigestValue>
+ </Reference>
+ <Reference URI="#notaries">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/TR/xhtml1/strict" exclude-result-prefixes="foo" version="1.0">
+ <xsl:output encoding="UTF-8" indent="no" method="xml" />
+ <xsl:template match="/">
+ <html>
+ <head>
+ <title>Notaries</title>
+ </head>
+ <body>
+ <table>
+ <xsl:for-each select="Notaries/Notary">
+ <tr>
+ <th>
+ <xsl:value-of select="@name" />
+ </th>
+ </tr>
+ </xsl:for-each>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>c7wq5XKos6RqNVJyFy7/fl6+sAs=</DigestValue>
+ </Reference>
+ </Manifest>
+ </Object>
+ <Object>
+ <SignatureProperties Id="signature-properties-1">
+ <SignatureProperty Target="#signature">
+ <SignerAddress xmlns="urn:demo"><IP>192.168.21.138</IP></SignerAddress>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+ <Object Id="object-4">
+ <X509Data>
+ <X509SubjectName>
+ CN=Merlin Hughes,O=Baltimore Technologies\, Ltd.,ST=Dublin,C=IE
+ </X509SubjectName>
+ <X509IssuerSerial>
+ <X509IssuerName>
+ CN=Test DSA CA,O=Baltimore Technologies\, Ltd.,ST=Dublin,C=IE
+ </X509IssuerName>
+ <X509SerialNumber>970849936</X509SerialNumber>
+ </X509IssuerSerial>
+ <X509Certificate>
+ MIIDNzCCAvWgAwIBAgIEOd3+kDAJBgcqhkjOOAQDMFsxCzAJBgNVBAYTAklFMQ8w
+ DQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9yZSBUZWNobm9sb2dpZXMs
+ IEx0ZC4xFDASBgNVBAMTC1Rlc3QgRFNBIENBMB4XDTAwMTAwNjE2MzIxNVoXDTAx
+ MTAwNjE2MzIxNFowXTELMAkGA1UEBhMCSUUxDzANBgNVBAgTBkR1YmxpbjElMCMG
+ A1UEChMcQmFsdGltb3JlIFRlY2hub2xvZ2llcywgTHRkLjEWMBQGA1UEAxMNTWVy
+ bGluIEh1Z2hlczCCAbYwggErBgcqhkjOOAQBMIIBHgKBgQDaJjfDTrawMHf8MiUt
+ Y54b37hSmYNnR3KpGT10uU1Dqppcju06uN0iGbqf947DjkBC25hKnqykK31xBw0E
+ CPbYq/KC98kghdf2xJCu6B8aqJ95K9jdVflJ3WP7PQxJn+fmM23zy6HYLXVICpfq
+ etdNj/VHCShZE3bdJiE6VobSFQIVAPQecqS2PaTDprcQnkwx4MHTRXhrAoGAMuGA
+ lqeB1ax+vyO2+Osubjhl7pHxLu47RIH+/M52DjESA9KMSrwzsYx8yNR2WooByrE0
+ t6fu0VncK7UK8olO4t7wpv2z4AFQPRVCKFwo0qgn5aKIkICGMlrRy81avb27wGcW
+ othx3iPPMtFXtoDqK0JItaI9R8zc1msFhM1GKMYDgYQAAoGActA8YGxrtngg/zKV
+ vqEOefnwmViFztcnPBYPlJsvh6yKI4iDm68fnp4Mi3RrJ6bZAygFrUIQLxLjV+OJ
+ tgJAEto0xAs+Mehuq1DkSFEpP3oDzCTOsrOiS1DwQe4oIb7zVk/9l7aPtJMHW0LV
+ lMdwZNFNNJoqMcT2ZfCPrfvYvQ2jRzBFMB4GA1UdEQQXMBWBE21lcmxpbkBiYWx0
+ aW1vcmUuaWUwDgYDVR0PAQH/BAQDAgeAMBMGA1UdIwQMMAqACEJZQG0KwRbPMAkG
+ ByqGSM44BAMDMQAwLgIVAK4skWEFYgrggaJA8vYAwSjg12+KAhUAwHTo7wd4tENw
+ 9LAKPklQ/74fH18=
+ </X509Certificate>
+ </X509Data>
+ </Object>
+ </Signature>
+ </YoursSincerely>
+ <PostScript>bar</PostScript>
+ <Notaries xmlns="" Id="notaries">
+ <Notary name="Great, A. T." />
+ <Notary name="Hun, A. T." />
+ </Notaries>
+ <!-- Commentary -->
+</Envelope>
+<!-- Postamble -->
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/badb.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/badb.crt
new file mode 100644
index 0000000..2d0dec6
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/badb.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/balor.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/balor.crt
new file mode 100644
index 0000000..806d59d
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/balor.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/bres.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/bres.crt
new file mode 100644
index 0000000..c0953f4
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/bres.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/ca.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/ca.crt
new file mode 100644
index 0000000..00861d0
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/ca.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/crl b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/crl
new file mode 100644
index 0000000..a84e7ef
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/crl
@@ -0,0 +1,11 @@
+-----BEGIN CRL-----
+MIIBJDCB5AIBATAJBgcqhkjOOAQDMHYxCzAJBgNVBAYTAklFMQ8wDQYDVQQIEwZE
+dWJsaW4xJDAiBgNVBAoTG0JhbHRpbW9yZSBUZWNobm9sb2dpZXMgTHRkLjERMA8G
+A1UECxMIWC9TZWN1cmUxHTAbBgNVBAMTFEFub3RoZXIgVHJhbnNpZW50IENBFw0w
+MjA0MDQwMjE2NThaFw0xMTA0MDIwMjE2NThaMBkwFwIGAOz5Id5/Fw0wMjA0MDQw
+MjE2NThaoCMwITATBgNVHSMEDDAKgAiKHFYwWjISfTAKBgNVHRQEAwIBADAJBgcq
+hkjOOAQDAzAAMC0CFCEIm38fvGzSJHms284hUs9dNB8nAhUAjEtZr0TGgc6sVRVk
+krEgltdo7Jw=
+-----END CRL-----
+
+
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/lugh.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/lugh.crt
new file mode 100644
index 0000000..2109edf
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/lugh.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/macha.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/macha.crt
new file mode 100644
index 0000000..484ddc2
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/macha.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/morigu.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/morigu.crt
new file mode 100644
index 0000000..ef0d415
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/morigu.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/mullan.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/mullan.crt
new file mode 100644
index 0000000..00729ba
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/mullan.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/nemain.crt b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/nemain.crt
new file mode 100644
index 0000000..f4b62ae
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/nemain.crt
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/xmldsig.jks b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/xmldsig.jks
new file mode 100644
index 0000000..9702fce
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/certs/xmldsig.jks
Binary files differ
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloped-dsa.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloped-dsa.xml
new file mode 100644
index 0000000..f5ff1f5
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloped-dsa.xml
@@ -0,0 +1,43 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Envelope xmlns="http://example.org/envelope">
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>fdy6S2NLpnT4fMdokUHSHsmpcvo=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ Z4pBb+o+XOKWME7CpLyXuNqyIYdXOcGvthfUf+ZDLL5immPx+3tK8Q==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ 3eOeAvqnEyFpW+uTSgrdj7YLjaTkpyHecKFIoLu8QZNkGTQI1ciITBH0lqfIkdCH
+ Si8fiUC3DTq3J9FsJef4YVtDF7JpUvHTOQqtq7Zgx6KC8Wxkz6rQCxOr7F0ApOYi
+ 89zLRoe4MkDGe6ux0+WtyOTQoVIGNTDDUFXrUQNbLrE=
+ </P>
+ <Q>
+ hDLcFK0GO/Hz1arxOOvsgM/VLyU=
+ </Q>
+ <G>
+ nnx7hbdWozGbtnFgnbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43z
+ Kt7dlEaQL7b5+JTZt3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM
+ 8d2rhd2Ui0xHbk0D451nhLxVWulviOSPhzKKvXrbySA=
+ </G>
+ <Y>
+ cfYpihpAQeepbNFS4MAbQRhdXpDi5wLrwxE5hIvoYqo1L8BQVu8fY1TFAPtoae1i
+ Bg/GIJyP3iLfyuBJaDvJJLP30wBH9i/s5J3656PevpOVdTfi777Fi9Gj6y/ib2Vv
+ +OZfJkkp4L50+p5TUhPmQLJtREsgtl+tnIOyJT++G9U=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ </Signature>
+</Envelope>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa.xml
new file mode 100644
index 0000000..4e924b0
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-b64-dsa.xml
@@ -0,0 +1,42 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="#object">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>N6pjx3OY2VRHMmLhoAV8HmMu2nc=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ KgAeq8e0yUNfFz+mFlZ3QgyQNMciV+Z3BoDQDvQNker7pazEnJmOIA==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ 3eOeAvqnEyFpW+uTSgrdj7YLjaTkpyHecKFIoLu8QZNkGTQI1ciITBH0lqfIkdCH
+ Si8fiUC3DTq3J9FsJef4YVtDF7JpUvHTOQqtq7Zgx6KC8Wxkz6rQCxOr7F0ApOYi
+ 89zLRoe4MkDGe6ux0+WtyOTQoVIGNTDDUFXrUQNbLrE=
+ </P>
+ <Q>
+ hDLcFK0GO/Hz1arxOOvsgM/VLyU=
+ </Q>
+ <G>
+ nnx7hbdWozGbtnFgnbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43z
+ Kt7dlEaQL7b5+JTZt3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM
+ 8d2rhd2Ui0xHbk0D451nhLxVWulviOSPhzKKvXrbySA=
+ </G>
+ <Y>
+ cfYpihpAQeepbNFS4MAbQRhdXpDi5wLrwxE5hIvoYqo1L8BQVu8fY1TFAPtoae1i
+ Bg/GIJyP3iLfyuBJaDvJJLP30wBH9i/s5J3656PevpOVdTfi777Fi9Gj6y/ib2Vv
+ +OZfJkkp4L50+p5TUhPmQLJtREsgtl+tnIOyJT++G9U=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <Object Id="object">c29tZSB0ZXh0</Object>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-dsa.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-dsa.xml
new file mode 100644
index 0000000..488ac26
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-dsa.xml
@@ -0,0 +1,39 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ PfD92lkxKgc2OKvF4p0ba6cJj6d1eqIDx5Q1hvVYTviotje23Snunw==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ 3eOeAvqnEyFpW+uTSgrdj7YLjaTkpyHecKFIoLu8QZNkGTQI1ciITBH0lqfIkdCH
+ Si8fiUC3DTq3J9FsJef4YVtDF7JpUvHTOQqtq7Zgx6KC8Wxkz6rQCxOr7F0ApOYi
+ 89zLRoe4MkDGe6ux0+WtyOTQoVIGNTDDUFXrUQNbLrE=
+ </P>
+ <Q>
+ hDLcFK0GO/Hz1arxOOvsgM/VLyU=
+ </Q>
+ <G>
+ nnx7hbdWozGbtnFgnbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43z
+ Kt7dlEaQL7b5+JTZt3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM
+ 8d2rhd2Ui0xHbk0D451nhLxVWulviOSPhzKKvXrbySA=
+ </G>
+ <Y>
+ cfYpihpAQeepbNFS4MAbQRhdXpDi5wLrwxE5hIvoYqo1L8BQVu8fY1TFAPtoae1i
+ Bg/GIJyP3iLfyuBJaDvJJLP30wBH9i/s5J3656PevpOVdTfi777Fi9Gj6y/ib2Vv
+ +OZfJkkp4L50+p5TUhPmQLJtREsgtl+tnIOyJT++G9U=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40.xml
new file mode 100644
index 0000000..4904d79
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1-40.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1">
+ <HMACOutputLength>40</HMACOutputLength>
+ </SignatureMethod>
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ HHiqvCU=
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1.xml
new file mode 100644
index 0000000..c0c8343
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-hmac-sha1.xml
@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ JElPttIT4Am7Q+MNoMyv+WDfAZw=
+ </SignatureValue>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-rsa.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-rsa.xml
new file mode 100644
index 0000000..1580d83
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-enveloping-rsa.xml
@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="#object">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ ov3HOoPN0w71N3DdGNhN+dSzQm6NJFUB5qGKRp9Q986nVzMb8wCIVxCQu+x3vMtq
+ p4/R3KEcPtEJSaoR+thGq++GPIh2mZXyWJs3xHy9P4xmoTVwli7/l7s8ebDSmnbZ
+ 7xZU4Iy1BSMZSxGKnRG+Z/0GJIfTz8jhH6wCe3l03L4=
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <RSAKeyValue>
+ <Modulus>
+ q07hpxA5DGFfvJFZueFl/LI85XxQxrvqgVugL25V090A9MrlLBg5PmAsxFTe+G6a
+ xvWJQwYOVHj/nuiCnNLa9a7uAtPFiTtW+v5H3wlLaY3ws4atRBNOQlYkIBp38sTf
+ QBkk4i8PEU1GQ2M0CLIJq4/2Akfv1wxzSQ9+8oWkArc=
+ </Modulus>
+ <Exponent>
+ AQAB
+ </Exponent>
+ </RSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+ <Object Id="object">some text</Object>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-external-b64-dsa.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-external-b64-dsa.xml
new file mode 100644
index 0000000..1fb5663
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-external-b64-dsa.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/Signature/2002/04/xml-stylesheet.b64">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ IhOlAjMFaZtkEju5R5bi528h1HpDa4A21sudZynhJRRLjZuQIHZ3eQ==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ 3eOeAvqnEyFpW+uTSgrdj7YLjaTkpyHecKFIoLu8QZNkGTQI1ciITBH0lqfIkdCH
+ Si8fiUC3DTq3J9FsJef4YVtDF7JpUvHTOQqtq7Zgx6KC8Wxkz6rQCxOr7F0ApOYi
+ 89zLRoe4MkDGe6ux0+WtyOTQoVIGNTDDUFXrUQNbLrE=
+ </P>
+ <Q>
+ hDLcFK0GO/Hz1arxOOvsgM/VLyU=
+ </Q>
+ <G>
+ nnx7hbdWozGbtnFgnbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43z
+ Kt7dlEaQL7b5+JTZt3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM
+ 8d2rhd2Ui0xHbk0D451nhLxVWulviOSPhzKKvXrbySA=
+ </G>
+ <Y>
+ cfYpihpAQeepbNFS4MAbQRhdXpDi5wLrwxE5hIvoYqo1L8BQVu8fY1TFAPtoae1i
+ Bg/GIJyP3iLfyuBJaDvJJLP30wBH9i/s5J3656PevpOVdTfi777Fi9Gj6y/ib2Vv
+ +OZfJkkp4L50+p5TUhPmQLJtREsgtl+tnIOyJT++G9U=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-external-dsa.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-external-dsa.xml
new file mode 100644
index 0000000..34d3e6a
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-external-dsa.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ LaL1/t/XodYvDJDgSEbq47GX8ltnlx3FFURdi7o+UFVi+zLf0WyWaQ==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyValue>
+ <DSAKeyValue>
+ <P>
+ 3eOeAvqnEyFpW+uTSgrdj7YLjaTkpyHecKFIoLu8QZNkGTQI1ciITBH0lqfIkdCH
+ Si8fiUC3DTq3J9FsJef4YVtDF7JpUvHTOQqtq7Zgx6KC8Wxkz6rQCxOr7F0ApOYi
+ 89zLRoe4MkDGe6ux0+WtyOTQoVIGNTDDUFXrUQNbLrE=
+ </P>
+ <Q>
+ hDLcFK0GO/Hz1arxOOvsgM/VLyU=
+ </Q>
+ <G>
+ nnx7hbdWozGbtnFgnbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43z
+ Kt7dlEaQL7b5+JTZt3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM
+ 8d2rhd2Ui0xHbk0D451nhLxVWulviOSPhzKKvXrbySA=
+ </G>
+ <Y>
+ cfYpihpAQeepbNFS4MAbQRhdXpDi5wLrwxE5hIvoYqo1L8BQVu8fY1TFAPtoae1i
+ Bg/GIJyP3iLfyuBJaDvJJLP30wBH9i/s5J3656PevpOVdTfi777Fi9Gj6y/ib2Vv
+ +OZfJkkp4L50+p5TUhPmQLJtREsgtl+tnIOyJT++G9U=
+ </Y>
+ </DSAKeyValue>
+ </KeyValue>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-keyname.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-keyname.xml
new file mode 100644
index 0000000..a7c60a3
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-keyname.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ JkJ3GplEU0iDbqSv7ZOXhvv3zeM1KmP+CLphhoc+NPYqpGYQiW6O6w==
+ </SignatureValue>
+ <KeyInfo>
+ <KeyName>Lugh</KeyName>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt.xml
new file mode 100644
index 0000000..2e861d9
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-retrievalmethod-rawx509crt.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ SNB5FI193RFXoG2j8Z9bXWgW7BMPICqNob4Hjh08oou4tkhGxz4+pg==
+ </SignatureValue>
+ <KeyInfo>
+ <RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#rawX509Certificate" URI="certs/balor.crt" />
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-crt-crl.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-crt-crl.xml
new file mode 100644
index 0000000..fe01797
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-crt-crl.xml
@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ WF6EaX66f8CdGE6NafmzdLpb/1OVYX4kBNsqgGIqHR5JZAu4HpbVQQ==
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>
+ MIIDTjCCAw6gAwIBAgIGAOz5Id5/MAkGByqGSM44BAMwdjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEdMBsGA1UEAxMUQW5vdGhlciBUcmFu
+ c2llbnQgQ0EwHhcNMDIwNDAzMDAwMDI4WhcNMTIwNDAyMjI1OTQ2WjBmMQswCQYD
+ VQQGEwJJRTEPMA0GA1UECBMGRHVibGluMSQwIgYDVQQKExtCYWx0aW1vcmUgVGVj
+ aG5vbG9naWVzIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ0wCwYDVQQDEwRCcmVz
+ MIIBtjCCASsGByqGSM44BAEwggEeAoGBAISKsEonjNGgHs/uh+9YKgnwZ8Bt3T7u
+ yQBJW9dxpMF0cPUXz4dFbSFY4QyW8igCLswpOa+eHHEYsWvE0Nr1lcKHUPXq7u41
+ JJwHNq1RAFeZiU6wa+1FL3v1/T1rAgzepV7xS4iafz4vxdHMlfwgKfoyKfq6JU1z
+ oVM/ahI5xWDDAhUAmEv6eIJrB4KN0fPRABPx3NHYclkCgYAlhuYZ/AzPta7+bE5C
+ QasmSVzc8uM/e+LN7ABlEXwQRk6QfZBcX8TbePNE8ZFng4Uft/QzAOUxALET7kKA
+ ek4Jeytpzc0XYCYyuGJATm4F9ZY1pAJ5yQmUmwvDYdlaZJ4ldGzO/R57Evngn/G4
+ tqjjoi0sx3jq7czvDwdGHnky0AOBhAACgYBgvDFxw1U6Ou2G6P/+347Jfk2wPB1/
+ atr4p3JUVLuT0ExZG6np+rKiXmcBbYKbAhMY37zVkroR9bwo+NgaJGubQ4ex5Y1X
+ N2Q5gIHNhNfKr8G4LPVqWGxf/lFPDYxX3ezqBJPpJCJTREX7s6Hp/VTV2SpQlySv
+ +GRcFKJFPlhD9aM6MDgwDgYDVR0PAQH/BAQDAgeAMBEGA1UdDgQKBAiC+5gx0MHL
+ hTATBgNVHSMEDDAKgAiKHFYwWjISfTAJBgcqhkjOOAQDAy8AMCwCFDTcM5i61uqq
+ /aveERhOJ6NG/LubAhREVDtAeNbTEywXr4O7KvEEvFLUjg==
+ </X509Certificate>
+ <X509CRL>
+ MIIBJDCB5AIBATAJBgcqhkjOOAQDMHYxCzAJBgNVBAYTAklFMQ8wDQYDVQQIEwZE
+ dWJsaW4xJDAiBgNVBAoTG0JhbHRpbW9yZSBUZWNobm9sb2dpZXMgTHRkLjERMA8G
+ A1UECxMIWC9TZWN1cmUxHTAbBgNVBAMTFEFub3RoZXIgVHJhbnNpZW50IENBFw0w
+ MjA0MDQwMjE2NThaFw0xMTA0MDIwMjE2NThaMBkwFwIGAOz5Id5/Fw0wMjA0MDQw
+ MjE2NThaoCMwITATBgNVHSMEDDAKgAiKHFYwWjISfTAKBgNVHRQEAwIBADAJBgcq
+ hkjOOAQDAzAAMC0CFCEIm38fvGzSJHms284hUs9dNB8nAhUAjEtZr0TGgc6sVRVk
+ krEgltdo7Jw=
+ </X509CRL>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-crt.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-crt.xml
new file mode 100644
index 0000000..2048fd2
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-crt.xml
@@ -0,0 +1,38 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ GCQVmBq+1H7e9IjvKfe+egLM1Jlp3L1JCGkl9SlJ0eaDh2MKYUUnHA==
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509Certificate>
+ MIIDUDCCAxCgAwIBAgIGAOz5IVHTMAkGByqGSM44BAMwdjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEdMBsGA1UEAxMUQW5vdGhlciBUcmFu
+ c2llbnQgQ0EwHhcNMDIwNDAyMjM1OTUyWhcNMTIwNDAyMjI1OTQ2WjBoMQswCQYD
+ VQQGEwJJRTEPMA0GA1UECBMGRHVibGluMSQwIgYDVQQKExtCYWx0aW1vcmUgVGVj
+ aG5vbG9naWVzIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ8wDQYDVQQDEwZNb3Jp
+ Z3UwggG2MIIBKwYHKoZIzjgEATCCAR4CgYEAhIqwSieM0aAez+6H71gqCfBnwG3d
+ Pu7JAElb13GkwXRw9RfPh0VtIVjhDJbyKAIuzCk5r54ccRixa8TQ2vWVwodQ9eru
+ 7jUknAc2rVEAV5mJTrBr7UUve/X9PWsCDN6lXvFLiJp/Pi/F0cyV/CAp+jIp+rol
+ TXOhUz9qEjnFYMMCFQCYS/p4gmsHgo3R89EAE/Hc0dhyWQKBgCWG5hn8DM+1rv5s
+ TkJBqyZJXNzy4z974s3sAGURfBBGTpB9kFxfxNt480TxkWeDhR+39DMA5TEAsRPu
+ QoB6Tgl7K2nNzRdgJjK4YkBObgX1ljWkAnnJCZSbC8Nh2VpkniV0bM79HnsS+eCf
+ 8bi2qOOiLSzHeOrtzO8PB0YeeTLQA4GEAAKBgH1NBJ9Az5TwY4tDE0dPYVHHABt+
+ yLspnT3k9G6YWUMFhZ/+3RuqEPjnKrPfUoXTTJGIACgPU3/PkqwrPVD0JMdpOcnZ
+ LHiJ/P7QRQeMwDRoBrs7genB1bDd4pSJrEUcjrkA5uRrIj2Z5fL+UuLiLGPO2rM7
+ BNQRIq3QFPdX++NuozowODAOBgNVHQ8BAf8EBAMCB4AwEQYDVR0OBAoECIK7Ljjh
+ +EsfMBMGA1UdIwQMMAqACIocVjBaMhJ9MAkGByqGSM44BAMDLwAwLAIUEJJCOHw8
+ ppxoRyz3s+Vmb4NKIfMCFDgJoZn9zh/3WoYNBURODwLvyBOy
+ </X509Certificate>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-is.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-is.xml
new file mode 100644
index 0000000..b7a01f8
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-is.xml
@@ -0,0 +1,24 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ bmKMy/w1DO9dHA6E7Dt0B8IFkYAj1/UD3TqcdqIcfkMT7evE8+NBgg==
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509IssuerSerial>
+ <X509IssuerName>
+ CN=Another Transient CA,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509IssuerName>
+ <X509SerialNumber>1017792003066</X509SerialNumber>
+ </X509IssuerSerial>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-ski.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-ski.xml
new file mode 100644
index 0000000..c71bfce
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-ski.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ F9nEU1Us48iKTml8n7E4wt7HtFJ5gaLIgox0J9WbujGndW0oQJbeGg==
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509SKI>
+ hf10xKfSnIg=
+ </X509SKI>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-sn.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-sn.xml
new file mode 100644
index 0000000..d5b0808
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature-x509-sn.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ MUOjiqG0dbjvR6+qYYPL85nKSt2FeZGQBQkYudv48KyJhJLG1Bp+bA==
+ </SignatureValue>
+ <KeyInfo>
+ <X509Data>
+ <X509SubjectName>
+ CN=Badb,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509SubjectName>
+ </X509Data>
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature.tmpl b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature.tmpl
new file mode 100644
index 0000000..d10d36f
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature.tmpl
@@ -0,0 +1,265 @@
+<?xml version="1.0"?>
+<!DOCTYPE envelope [
+ <!ENTITY dsig "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY c14n "http://www.w3.org/TR/2001/REC-xml-c14n-20010315">
+ <!ENTITY xpath "http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <!ENTITY xslt "http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <!ATTLIST Notaries Id ID #IMPLIED>
+]>
+<!-- Preamble -->
+<Envelope xmlns="http://example.org/usps" xmlns:foo="http://example.org/foo">
+ <DearSir>foo</DearSir>
+ <Body>bar</Body>
+ <YoursSincerely>
+ <Signature Id="signature" xmlns="&dsig;">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="" />
+ <SignatureMethod Algorithm="" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="http://www.w3.org/Signature/2002/04/xml-stylesheet.b64">
+ <Transforms>
+ <Transform Algorithm="&dsig;base64" />
+ </Transforms>
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="#object-1" Type="&dsig;Object">
+ <Transforms>
+ <Transform Algorithm="&xpath;">
+ <XPath>
+ self::text()
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="" Type="&dsig;Object">
+ <Transforms>
+ <Transform Algorithm="&xpath;">
+ <XPath xmlns:dsig="&dsig;">
+ ancestor-or-self::dsig:SignedInfo
+ and
+ count(ancestor-or-self::dsig:Reference |
+ here()/ancestor::dsig:Reference[1]) >
+ count(ancestor-or-self::dsig:Reference)
+ or
+ count(ancestor-or-self::node() |
+ id('notaries')) =
+ count(ancestor-or-self::node())
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="#object-2" Type="&dsig;Object">
+ <Transforms>
+ <Transform Algorithm="&dsig;base64" />
+ </Transforms>
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="#manifest-1" Type="&dsig;Manifest">
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="#signature-properties-1" Type="&dsig;SignatureProperties">
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="&dsig;enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="&dsig;enveloped-signature" />
+ <Transform Algorithm="&c14n;#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(/)">
+ <Transforms>
+ <Transform Algorithm="&dsig;enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(/)">
+ <Transforms>
+ <Transform Algorithm="&dsig;enveloped-signature" />
+ <Transform Algorithm="&c14n;#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="#object-3" Type="&dsig;Object">
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="#object-3" Type="&dsig;Object">
+ <Transforms>
+ <Transform Algorithm="&c14n;#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(id('object-3'))" Type="&dsig;Object">
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(id('object-3'))" Type="&dsig;Object">
+ <Transforms>
+ <Transform Algorithm="&c14n;#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="#reference-2">
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference Id="reference-1" URI="#manifest-reference-1">
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference Id="reference-2" URI="#reference-1">
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>aaaa</SignatureValue>
+ <KeyInfo>
+ <RetrievalMethod URI="#object-4" Type="&dsig;X509Data">
+ <Transforms>
+ <Transform Algorithm="&xpath;">
+ <XPath xmlns:dsig="&dsig;">
+ ancestor-or-self::dsig:X509Data
+ </XPath>
+ </Transform>
+ </Transforms>
+ </RetrievalMethod>
+ </KeyInfo>
+ <Object Id="object-1" MimeType="text/plain">I am the text.</Object>
+ <Object Id="object-2" MimeType="text/plain" Encoding="&dsig;base64">SSBhbSB0aGUgdGV4dC4=</Object>
+ <Object Id="object-3"><NonCommentandus xmlns=""><!-- Commentandum --></NonCommentandus></Object>
+ <Object>
+ <Manifest Id="manifest-1">
+ <Reference Id="manifest-reference-1" URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="#reference-1">
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ <Reference URI="#notaries">
+ <Transforms>
+ <Transform Algorithm="&xslt;">
+ <xsl:stylesheet version="1.0" xmlns="http://www.w3.org/TR/xhtml1/strict" xmlns:xsl="http://www.w3.org/1999/XSL/Transform" exclude-result-prefixes="foo">
+ <xsl:output method="xml" indent="no" encoding="UTF-8"/>
+ <xsl:template match="/">
+ <html>
+ <head>
+ <title>Notaries</title>
+ </head>
+ <body>
+ <table>
+ <xsl:for-each select="Notaries/Notary">
+ <tr>
+ <th>
+ <xsl:value-of select="@name"/>
+ </th>
+ </tr>
+ </xsl:for-each>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </Transform>
+ <Transform Algorithm="&c14n;" />
+ </Transforms>
+ <DigestMethod Algorithm="" />
+ <DigestValue>aaaa</DigestValue>
+ </Reference>
+ </Manifest>
+ </Object>
+ <Object>
+ <SignatureProperties Id="signature-properties-1">
+ <SignatureProperty Target="#signature">
+ <SignerAddress xmlns="urn:demo"><IP>192.168.21.138</IP></SignerAddress>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+ <Object Id="object-4">
+ <X509Data>
+ <X509SubjectName>
+ CN=Merlin Hughes,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509SubjectName>
+ <X509IssuerSerial>
+ <X509IssuerName>
+ CN=Transient CA,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509IssuerName>
+ <X509SerialNumber>1017788370348</X509SerialNumber>
+ </X509IssuerSerial>
+ <X509Certificate>
+ MIIDUDCCAxCgAwIBAgIGAOz46g2sMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDQwMjIyNTkzMFoXDTEyMDQwMjIxNTkyNVowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTWVybGluIEh1Z2hl
+ czCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQDd454C+qcTIWlb65NKCt2PtguNpOSn
+ Id5woUigu7xBk2QZNAjVyIhMEfSWp8iR0IdKLx+JQLcNOrcn0Wwl5/hhW0MXsmlS
+ 8dM5Cq2rtmDHooLxbGTPqtALE6vsXQCk5iLz3MtGh7gyQMZ7q7HT5a3I5NChUgY1
+ MMNQVetRA1susQIVAIQy3BStBjvx89Wq8Tjr7IDP1S8lAoGBAJ58e4W3VqMxm7Zx
+ YJ2xZ6KX0Ze10WnKZDyURn+T9iFIFbKRFElKDeotXwwXwYON8yre3ZRGkC+2+fiU
+ 2bdzIWTT6LMbIMVbk+07P4OZOxJ6XWL9GuYcOQcNvX42xh34DPHdq4XdlItMR25N
+ A+OdZ4S8VVrpb4jkj4cyir1628kgA4GEAAKBgHH2KYoaQEHnqWzRUuDAG0EYXV6Q
+ 4ucC68MROYSL6GKqNS/AUFbvH2NUxQD7aGntYgYPxiCcj94i38rgSWg7ySSz99MA
+ R/Yv7OSd+uej3r6TlXU34u++xYvRo+sv4m9lb/jmXyZJKeC+dPqeU1IT5kCybURL
+ ILZfrZyDsiU/vhvVozowODAOBgNVHQ8BAf8EBAMCB4AwEQYDVR0OBAoECIatY7SE
+ lXEOMBMGA1UdIwQMMAqACIOGPkB2MuKTMAkGByqGSM44BAMDLwAwLAIUSvT02iQj
+ Q5da4Wpe0Bvs7GuCcVsCFCEcQpbjUfnxXFXNWiFyQ49ZrWqn
+ </X509Certificate>
+ <X509Certificate>
+ MIIDSzCCAwugAwIBAgIGAOz46fwJMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDQwMjIyNTkyNVoXDTEyMDQwMjIxNTkyNVowbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MIIBtzCCASwGByqGSM44BAEwggEfAoGBAN3jngL6pxMhaVvrk0oK3Y+2C42k5Kch
+ 3nChSKC7vEGTZBk0CNXIiEwR9JanyJHQh0ovH4lAtw06tyfRbCXn+GFbQxeyaVLx
+ 0zkKrau2YMeigvFsZM+q0AsTq+xdAKTmIvPcy0aHuDJAxnursdPlrcjk0KFSBjUw
+ w1BV61EDWy6xAhUAhDLcFK0GO/Hz1arxOOvsgM/VLyUCgYEAnnx7hbdWozGbtnFg
+ nbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43zKt7dlEaQL7b5+JTZ
+ t3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM8d2rhd2Ui0xHbk0D
+ 451nhLxVWulviOSPhzKKvXrbySADgYQAAoGAfag+HCABIJadDD9Aarhgc2QR3Lp7
+ PpMOh0lAwLiIsvkO4UlbeOS0IJC8bcqLjM1fVw6FGSaxmq+4y1ag2m9k6IdE0Qh5
+ NxB/xFkmdwqXFRIJVp44OeUygB47YK76NmUIYG3DdfiPPU3bqzjvtOtETiCHvo25
+ 4D6UjwPpYErXRUajNjA0MA4GA1UdDwEB/wQEAwICBDAPBgNVHRMECDAGAQH/AgEA
+ MBEGA1UdDgQKBAiDhj5AdjLikzAJBgcqhkjOOAQDAy8AMCwCFELu0nuweqW7Wf0s
+ gk/CAGGL0BGKAhRNdgQGr5iyZKoH4oqPm0VJ9TjXLg==
+ </X509Certificate>
+ </X509Data>
+ </Object>
+ </Signature>
+ </YoursSincerely>
+ <PostScript>bar</PostScript>
+ <Notaries Id="notaries" xmlns="">
+ <Notary name="Great, A. T." />
+ <Notary name="Hun, A. T." />
+ </Notaries>
+ <!-- Commentary -->
+</Envelope>
+<!-- Postamble -->
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature.xml b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature.xml
new file mode 100644
index 0000000..504fbe1
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/signature.xml
@@ -0,0 +1,269 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE Envelope [
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY c14n 'http://www.w3.org/TR/2001/REC-xml-c14n-20010315'>
+ <!ENTITY xpath 'http://www.w3.org/TR/1999/REC-xpath-19991116'>
+ <!ENTITY xslt 'http://www.w3.org/TR/1999/REC-xslt-19991116'>
+ <!ATTLIST Notaries Id ID #IMPLIED>
+]>
+<!-- Preamble -->
+<Envelope xmlns:foo="http://example.org/foo" xmlns="http://example.org/usps">
+ <DearSir>foo</DearSir>
+ <Body>bar</Body>
+ <YoursSincerely>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#" Id="signature">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ <Reference URI="http://www.w3.org/Signature/2002/04/xml-stylesheet.b64">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-1">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath>
+ self::text()
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zyjp8GJOX69990Kkqw8ioPXGExk=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ ancestor-or-self::dsig:SignedInfo
+ and
+ count(ancestor-or-self::dsig:Reference |
+ here()/ancestor::dsig:Reference[1]) >
+ count(ancestor-or-self::dsig:Reference)
+ or
+ count(ancestor-or-self::node() |
+ id('notaries')) =
+ count(ancestor-or-self::node())
+ </XPath>
+ </Transform>
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>tQiE3GUKiBenPyp3J0Ei6rJMFv4=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-2">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>zyjp8GJOX69990Kkqw8ioPXGExk=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Manifest" URI="#manifest-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>qg4HFwsN+/WX32uH85WlJU9l45k=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#SignatureProperties" URI="#signature-properties-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>ETlEI3y7hvvAtMe9wQSz7LhbHEE=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>J/O0HhdaPXxx49fgGWMESL09GpA=</DigestValue>
+ </Reference>
+ <Reference URI="">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>J/O0HhdaPXxx49fgGWMESL09GpA=</DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(/)">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>J/O0HhdaPXxx49fgGWMESL09GpA=</DigestValue>
+ </Reference>
+ <Reference URI="#xpointer(/)">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>MkL9CX8yeABBth1RChyPx58Ls8w=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-3">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>yamSIokKmjA3hB/s3Fu07wDO3vM=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#object-3">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>yamSIokKmjA3hB/s3Fu07wDO3vM=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#xpointer(id('object-3'))">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>yamSIokKmjA3hB/s3Fu07wDO3vM=</DigestValue>
+ </Reference>
+ <Reference Type="http://www.w3.org/2000/09/xmldsig#Object" URI="#xpointer(id('object-3'))">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>419CYgyTWOTGYGBhzieWklNf7Bk=</DigestValue>
+ </Reference>
+ <Reference URI="#reference-2">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>VzK45P9Ksjqq5oXlKQpkGgB2CNY=</DigestValue>
+ </Reference>
+ <Reference Id="reference-1" URI="#manifest-reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>7/9fR+NIDz9owc1Lfsxu1JBr8uo=</DigestValue>
+ </Reference>
+ <Reference Id="reference-2" URI="#reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>qURlo3LSq4TWQtygBZJ0iXQ9E14=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ WvZUJAJ/3QNqzQvwne2vvy7U5Pck8ZZ5UTa6pIwR7GE+PoGi6A1kyw==
+ </SignatureValue>
+ <KeyInfo>
+ <RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#X509Data" URI="#object-4">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
+ ancestor-or-self::dsig:X509Data
+ </XPath>
+ </Transform>
+ </Transforms>
+ </RetrievalMethod>
+ </KeyInfo>
+ <Object Id="object-1" MimeType="text/plain">I am the text.</Object>
+ <Object Encoding="http://www.w3.org/2000/09/xmldsig#base64" Id="object-2" MimeType="text/plain">SSBhbSB0aGUgdGV4dC4=</Object>
+ <Object Id="object-3">
+ <NonCommentandus xmlns=""><!-- Commentandum --></NonCommentandus>
+ </Object>
+ <Object>
+ <Manifest Id="manifest-1">
+ <Reference Id="manifest-reference-1" URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ <Reference URI="#reference-1">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>qURlo3LSq4TWQtygBZJ0iXQ9E14=</DigestValue>
+ </Reference>
+ <Reference URI="#notaries">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xslt-19991116">
+ <xsl:stylesheet xmlns:xsl="http://www.w3.org/1999/XSL/Transform" xmlns="http://www.w3.org/TR/xhtml1/strict" exclude-result-prefixes="foo" version="1.0">
+ <xsl:output encoding="UTF-8" indent="no" method="xml" />
+ <xsl:template match="/">
+ <html>
+ <head>
+ <title>Notaries</title>
+ </head>
+ <body>
+ <table>
+ <xsl:for-each select="Notaries/Notary">
+ <tr>
+ <th>
+ <xsl:value-of select="@name" />
+ </th>
+ </tr>
+ </xsl:for-each>
+ </table>
+ </body>
+ </html>
+ </xsl:template>
+ </xsl:stylesheet>
+ </Transform>
+ <Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ </Transforms>
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>c7wq5XKos6RqNVJyFy7/fl6+sAs=</DigestValue>
+ </Reference>
+ </Manifest>
+ </Object>
+ <Object>
+ <SignatureProperties Id="signature-properties-1">
+ <SignatureProperty Target="#signature">
+ <SignerAddress xmlns="urn:demo"><IP>192.168.21.138</IP></SignerAddress>
+ </SignatureProperty>
+ </SignatureProperties>
+ </Object>
+ <Object Id="object-4">
+ <X509Data>
+ <X509SubjectName>
+ CN=Merlin Hughes,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509SubjectName>
+ <X509IssuerSerial>
+ <X509IssuerName>
+ CN=Transient CA,OU=X/Secure,O=Baltimore Technologies Ltd.,ST=Dublin,C=IE
+ </X509IssuerName>
+ <X509SerialNumber>1017788370348</X509SerialNumber>
+ </X509IssuerSerial>
+ <X509Certificate>
+ MIIDUDCCAxCgAwIBAgIGAOz46g2sMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDQwMjIyNTkzMFoXDTEyMDQwMjIxNTkyNVowbzELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEWMBQGA1UEAxMNTWVybGluIEh1Z2hl
+ czCCAbcwggEsBgcqhkjOOAQBMIIBHwKBgQDd454C+qcTIWlb65NKCt2PtguNpOSn
+ Id5woUigu7xBk2QZNAjVyIhMEfSWp8iR0IdKLx+JQLcNOrcn0Wwl5/hhW0MXsmlS
+ 8dM5Cq2rtmDHooLxbGTPqtALE6vsXQCk5iLz3MtGh7gyQMZ7q7HT5a3I5NChUgY1
+ MMNQVetRA1susQIVAIQy3BStBjvx89Wq8Tjr7IDP1S8lAoGBAJ58e4W3VqMxm7Zx
+ YJ2xZ6KX0Ze10WnKZDyURn+T9iFIFbKRFElKDeotXwwXwYON8yre3ZRGkC+2+fiU
+ 2bdzIWTT6LMbIMVbk+07P4OZOxJ6XWL9GuYcOQcNvX42xh34DPHdq4XdlItMR25N
+ A+OdZ4S8VVrpb4jkj4cyir1628kgA4GEAAKBgHH2KYoaQEHnqWzRUuDAG0EYXV6Q
+ 4ucC68MROYSL6GKqNS/AUFbvH2NUxQD7aGntYgYPxiCcj94i38rgSWg7ySSz99MA
+ R/Yv7OSd+uej3r6TlXU34u++xYvRo+sv4m9lb/jmXyZJKeC+dPqeU1IT5kCybURL
+ ILZfrZyDsiU/vhvVozowODAOBgNVHQ8BAf8EBAMCB4AwEQYDVR0OBAoECIatY7SE
+ lXEOMBMGA1UdIwQMMAqACIOGPkB2MuKTMAkGByqGSM44BAMDLwAwLAIUSvT02iQj
+ Q5da4Wpe0Bvs7GuCcVsCFCEcQpbjUfnxXFXNWiFyQ49ZrWqn
+ </X509Certificate>
+ <X509Certificate>
+ MIIDSzCCAwugAwIBAgIGAOz46fwJMAkGByqGSM44BAMwbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MB4XDTAyMDQwMjIyNTkyNVoXDTEyMDQwMjIxNTkyNVowbjELMAkGA1UEBhMCSUUx
+ DzANBgNVBAgTBkR1YmxpbjEkMCIGA1UEChMbQmFsdGltb3JlIFRlY2hub2xvZ2ll
+ cyBMdGQuMREwDwYDVQQLEwhYL1NlY3VyZTEVMBMGA1UEAxMMVHJhbnNpZW50IENB
+ MIIBtzCCASwGByqGSM44BAEwggEfAoGBAN3jngL6pxMhaVvrk0oK3Y+2C42k5Kch
+ 3nChSKC7vEGTZBk0CNXIiEwR9JanyJHQh0ovH4lAtw06tyfRbCXn+GFbQxeyaVLx
+ 0zkKrau2YMeigvFsZM+q0AsTq+xdAKTmIvPcy0aHuDJAxnursdPlrcjk0KFSBjUw
+ w1BV61EDWy6xAhUAhDLcFK0GO/Hz1arxOOvsgM/VLyUCgYEAnnx7hbdWozGbtnFg
+ nbFnopfRl7XRacpkPJRGf5P2IUgVspEUSUoN6i1fDBfBg43zKt7dlEaQL7b5+JTZ
+ t3MhZNPosxsgxVuT7Ts/g5k7EnpdYv0a5hw5Bw29fjbGHfgM8d2rhd2Ui0xHbk0D
+ 451nhLxVWulviOSPhzKKvXrbySADgYQAAoGAfag+HCABIJadDD9Aarhgc2QR3Lp7
+ PpMOh0lAwLiIsvkO4UlbeOS0IJC8bcqLjM1fVw6FGSaxmq+4y1ag2m9k6IdE0Qh5
+ NxB/xFkmdwqXFRIJVp44OeUygB47YK76NmUIYG3DdfiPPU3bqzjvtOtETiCHvo25
+ 4D6UjwPpYErXRUajNjA0MA4GA1UdDwEB/wQEAwICBDAPBgNVHRMECDAGAQH/AgEA
+ MBEGA1UdDgQKBAiDhj5AdjLikzAJBgcqhkjOOAQDAy8AMCwCFELu0nuweqW7Wf0s
+ gk/CAGGL0BGKAhRNdgQGr5iyZKoH4oqPm0VJ9TjXLg==
+ </X509Certificate>
+ </X509Data>
+ </Object>
+ </Signature>
+ </YoursSincerely>
+ <PostScript>bar</PostScript>
+ <Notaries xmlns="" Id="notaries">
+ <Notary name="Great, A. T." />
+ <Notary name="Hun, A. T." />
+ </Notaries>
+ <!-- Commentary -->
+</Envelope>
+<!-- Postamble -->
diff --git a/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/xml-stylesheet.b64 b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/xml-stylesheet.b64
new file mode 100644
index 0000000..eb9a11a
--- /dev/null
+++ b/samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/xml-stylesheet.b64
@@ -0,0 +1,274 @@
+PCFET0NUWVBFIGh0bWwgUFVCTElDICItLy9XM0MvL0RURCBIVE1MIDQuMCBUcmFu
+c2l0aW9uYWwvL0VOIj4KPGh0bWw+CjxoZWFkPgo8dGl0bGU+QXNzb2NpYXRpbmcg
+U3R5bGUgU2hlZXRzIHdpdGggWE1MIGRvY3VtZW50czwvdGl0bGU+CjxsaW5rIHJl
+bD0ic3R5bGVzaGVldCIgdHlwZT0idGV4dC9jc3MiIGhyZWY9Imh0dHA6Ly93d3cu
+dzMub3JnL1N0eWxlU2hlZXRzL1RSL1czQy1SRUMiPgo8c3R5bGUgdHlwZT0idGV4
+dC9jc3MiPmNvZGUgeyBmb250LWZhbWlseTogbW9ub3NwYWNlIH08L3N0eWxlPgo8
+L2hlYWQ+Cjxib2R5Pgo8ZGl2IGNsYXNzPSJoZWFkIj4KPGEgaHJlZj0iaHR0cDov
+L3d3dy53My5vcmcvIj48aW1nIHNyYz0iaHR0cDovL3d3dy53My5vcmcvSWNvbnMv
+V1dXL3czY19ob21lIiBhbHQ9IlczQyIgaGVpZ2h0PSI0OCIgd2lkdGg9IjcyIj48
+L2E+CjxoMT5Bc3NvY2lhdGluZyBTdHlsZSBTaGVldHMgd2l0aCBYTUwgZG9jdW1l
+bnRzPGJyPlZlcnNpb24gMS4wPC9oMT4KPGgyPlczQyBSZWNvbW1lbmRhdGlvbiAy
+OSBKdW5lIDE5OTk8L2gyPgo8ZGw+CjxkdD5UaGlzIHZlcnNpb246PC9kdD4KPGRk
+Pgo8YSBocmVmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzA2L1JFQy14bWwtc3R5
+bGVzaGVldC0xOTk5MDYyOSI+aHR0cDovL3d3dy53My5vcmcvMTk5OS8wNi9SRUMt
+eG1sLXN0eWxlc2hlZXQtMTk5OTA2Mjk8L2E+Cjxicj4KPC9kZD4KPGR0PkxhdGVz
+dCB2ZXJzaW9uOjwvZHQ+CjxkZD4KPGEgaHJlZj0iaHR0cDovL3d3dy53My5vcmcv
+VFIveG1sLXN0eWxlc2hlZXQiPmh0dHA6Ly93d3cudzMub3JnL1RSL3htbC1zdHls
+ZXNoZWV0PC9hPgo8YnI+CjwvZGQ+CjxkdD5QcmV2aW91cyB2ZXJzaW9uOjwvZHQ+
+CjxkZD4KPGEgaHJlZj0iaHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS94bWwtc3R5
+bGVzaGVldC0xOTk5MDQyOCI+aHR0cDovL3d3dy53My5vcmcvVFIvMTk5OS94bWwt
+c3R5bGVzaGVldC0xOTk5MDQyODwvYT4KPGJyPgo8L2RkPgo8ZHQ+RWRpdG9yOjwv
+ZHQ+CjxkZD4KCkphbWVzIENsYXJrCjxhIGhyZWY9Im1haWx0bzpqamNAamNsYXJr
+LmNvbSI+Jmx0O2pqY0BqY2xhcmsuY29tJmd0OzwvYT4KPGJyPgo8L2RkPgo8L2Rs
+Pgo8cCBjbGFzcz0iY29weXJpZ2h0Ij4KPGEgaHJlZj0iaHR0cDovL3d3dy53My5v
+cmcvQ29uc29ydGl1bS9MZWdhbC9pcHItbm90aWNlLmh0bWwjQ29weXJpZ2h0Ij4K
+CQlDb3B5cmlnaHQ8L2E+ICZuYnNwOyZjb3B5OyZuYnNwOyAxOTk5IDxhIGhyZWY9
+Imh0dHA6Ly93d3cudzMub3JnIj5XM0M8L2E+CgkJKDxhIGhyZWY9Imh0dHA6Ly93
+d3cubGNzLm1pdC5lZHUiPk1JVDwvYT4sCgkJPGEgaHJlZj0iaHR0cDovL3d3dy5p
+bnJpYS5mci8iPklOUklBPC9hPiwKCQk8YSBocmVmPSJodHRwOi8vd3d3LmtlaW8u
+YWMuanAvIj5LZWlvPC9hPiApLCBBbGwgUmlnaHRzIFJlc2VydmVkLiBXM0MKCQk8
+YSBocmVmPSJodHRwOi8vd3d3LnczLm9yZy9Db25zb3J0aXVtL0xlZ2FsL2lwci1u
+b3RpY2UuaHRtbCNMZWdhbCBEaXNjbGFpbWVyIj5saWFiaWxpdHksPC9hPjxhIGhy
+ZWY9Imh0dHA6Ly93d3cudzMub3JnL0NvbnNvcnRpdW0vTGVnYWwvaXByLW5vdGlj
+ZS5odG1sI1czQyBUcmFkZW1hcmtzIj50cmFkZW1hcms8L2E+LAoJCTxhIGhyZWY9
+Imh0dHA6Ly93d3cudzMub3JnL0NvbnNvcnRpdW0vTGVnYWwvY29weXJpZ2h0LWRv
+Y3VtZW50cy5odG1sIj5kb2N1bWVudCB1c2UgPC9hPmFuZAoJCTxhIGhyZWY9Imh0
+dHA6Ly93d3cudzMub3JnL0NvbnNvcnRpdW0vTGVnYWwvY29weXJpZ2h0LXNvZnR3
+YXJlLmh0bWwiPnNvZnR3YXJlIGxpY2Vuc2luZyA8L2E+cnVsZXMgYXBwbHkuCgk8
+L3A+CjxociB0aXRsZT0iU2VwYXJhdG9yIGZvciBoZWFkZXIiPgo8L2Rpdj4KPGgy
+Pgo8YSBuYW1lPSJhYnN0cmFjdCI+QWJzdHJhY3Q8L2E+CjwvaDI+Cgo8cD5UaGlz
+IGRvY3VtZW50IGFsbG93cyBhIHN0eWxlIHNoZWV0IHRvIGJlIGFzc29jaWF0ZWQg
+d2l0aCBhbiBYTUwKZG9jdW1lbnQgYnkgaW5jbHVkaW5nIG9uZSBvciBtb3JlIHBy
+b2Nlc3NpbmcgaW5zdHJ1Y3Rpb25zIHdpdGggYQp0YXJnZXQgb2YgPGNvZGU+eG1s
+LXN0eWxlc2hlZXQ8L2NvZGU+IGluIHRoZSBkb2N1bWVudCdzIHByb2xvZy48L3A+
+Cgo8aDI+CjxhIG5hbWU9InN0YXR1cyI+U3RhdHVzIG9mIHRoaXMgZG9jdW1lbnQ8
+L2E+CjwvaDI+Cgo8cD5UaGlzIGRvY3VtZW50IGhhcyBiZWVuIHJldmlld2VkIGJ5
+IFczQyBNZW1iZXJzIGFuZCBvdGhlciBpbnRlcmVzdGVkCnBhcnRpZXMgYW5kIGhh
+cyBiZWVuIGVuZG9yc2VkIGJ5IHRoZSBEaXJlY3RvciBhcyBhIFczQyA8YSBocmVm
+PSJodHRwOi8vd3d3LnczLm9yZy9Db25zb3J0aXVtL1Byb2Nlc3MvI1JlY3NXM0Mi
+PlJlY29tbWVuZGF0aW9uPC9hPi4gSXQKaXMgYSBzdGFibGUgZG9jdW1lbnQgYW5k
+IG1heSBiZSB1c2VkIGFzIHJlZmVyZW5jZSBtYXRlcmlhbCBvciBjaXRlZCBhcwph
+IG5vcm1hdGl2ZSByZWZlcmVuY2UgZnJvbSBvdGhlciBkb2N1bWVudHMuIFczQydz
+IHJvbGUgaW4gbWFraW5nIHRoZQpSZWNvbW1lbmRhdGlvbiBpcyB0byBkcmF3IGF0
+dGVudGlvbiB0byB0aGUgc3BlY2lmaWNhdGlvbiBhbmQgdG8KcHJvbW90ZSBpdHMg
+d2lkZXNwcmVhZCBkZXBsb3ltZW50LiBUaGlzIGVuaGFuY2VzIHRoZSBmdW5jdGlv
+bmFsaXR5IGFuZAppbnRlcm9wZXJhYmlsaXR5IG9mIHRoZSBXZWIuPC9wPgoKPHA+
+VGhlIGxpc3Qgb2Yga25vd24gZXJyb3JzIGluIHRoaXMgc3BlY2lmaWNhdGlvbnMg
+aXMgYXZhaWxhYmxlIGF0CjxhIGhyZWY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkv
+MDYvUkVDLXhtbC1zdHlsZXNoZWV0LTE5OTkwNjI5L2VycmF0YSI+aHR0cDovL3d3
+dy53My5vcmcvVFIvMTk5OS94bWwtc3R5bGVzaGVldC0xOTk5MDYyOS9lcnJhdGE8
+L2E+LjwvcD4KCjxwPkNvbW1lbnRzIG9uIHRoaXMgc3BlY2lmaWNhdGlvbiBtYXkg
+YmUgc2VudCB0byAmbHQ7PGEgaHJlZj0ibWFpbHRvOnd3dy14bWwtc3R5bGVzaGVl
+dC1jb21tZW50c0B3My5vcmciPnd3dy14bWwtc3R5bGVzaGVldC1jb21tZW50c0B3
+My5vcmc8L2E+Jmd0Oy4gVGhlIGFyY2hpdmUgb2YgcHVibGljCmNvbW1lbnRzIGlz
+IGF2YWlsYWJsZSBhdCA8YSBocmVmPSJodHRwOi8vd3d3LnczLm9yZy9BcmNoaXZl
+cy9QdWJsaWMvd3d3LXhtbC1zdHlsZXNoZWV0LWNvbW1lbnRzIj5odHRwOi8vdzMu
+b3JnL0FyY2hpdmVzL1B1YmxpYy93d3cteG1sLXN0eWxlc2hlZXQtY29tbWVudHM8
+L2E+LjwvcD4KCjxwPkEgbGlzdCBvZiBjdXJyZW50IFczQyBSZWNvbW1lbmRhdGlv
+bnMgYW5kIG90aGVyIHRlY2huaWNhbCBkb2N1bWVudHMKY2FuIGJlIGZvdW5kIGF0
+IDxhIGhyZWY9Imh0dHA6Ly93d3cudzMub3JnL1RSIj5odHRwOi8vd3d3LnczLm9y
+Zy9UUjwvYT4uPC9wPgoKPHA+VGhlIFdvcmtpbmcgR3JvdXAgZXhwZWN0cyBhZGRp
+dGlvbmFsIG1lY2hhbmlzbXMgZm9yIGxpbmtpbmcgc3R5bGUKc2hlZXRzIHRvIFhN
+TCBkb2N1bWVudCB0byBiZSBkZWZpbmVkIGluIGEgZnV0dXJlIHNwZWNpZmljYXRp
+b24uPC9wPgoKPHA+VGhlIHVzZSBvZiBYTUwgcHJvY2Vzc2luZyBpbnN0cnVjdGlv
+bnMgaW4gdGhpcyBzcGVjaWZpY2F0aW9uIHNob3VsZApub3QgYmUgdGFrZW4gYXMg
+YSBwcmVjZWRlbnQuICBUaGUgVzNDIGRvZXMgbm90IGFudGljaXBhdGUgcmVjb21t
+ZW5kaW5nCnRoZSB1c2Ugb2YgcHJvY2Vzc2luZyBpbnN0cnVjdGlvbnMgaW4gYW55
+IGZ1dHVyZSBzcGVjaWZpY2F0aW9uLiAgVGhlCjxhIGhyZWY9IiNyYXRpb25hbGUi
+PlJhdGlvbmFsZTwvYT4gZXhwbGFpbnMgd2h5IHRoZXkgd2VyZSB1c2VkIGluCnRo
+aXMgc3BlY2lmaWNhdGlvbi48L3A+Cgo8cD5UaGlzIGRvY3VtZW50IHdhcyBwcm9k
+dWNlZCBhcyBwYXJ0IG9mIHRoZSA8YSBocmVmPSJodHRwOi8vd3d3LnczLm9yZy9Y
+TUwvQWN0aXZpdHkiPlczQyBYTUwgQWN0aXZpdHk8L2E+LjwvcD4KCgo8aDI+Cjxh
+IG5hbWU9ImNvbnRlbnRzIj5UYWJsZSBvZiBjb250ZW50czwvYT4KPC9oMj4xIDxh
+IGhyZWY9IiNUaGUgeG1sLXN0eWxlc2hlZXQgcHJvY2Vzc2luZyBpbnN0cnVjdGlv
+biI+VGhlIHhtbC1zdHlsZXNoZWV0IHByb2Nlc3NpbmcgaW5zdHJ1Y3Rpb248L2E+
+Cjxicj4KPGgzPkFwcGVuZGljZXM8L2gzPkEgPGEgaHJlZj0iI1JlZmVyZW5jZXMi
+PlJlZmVyZW5jZXM8L2E+Cjxicj5CIDxhIGhyZWY9IiNyYXRpb25hbGUiPlJhdGlv
+bmFsZTwvYT4KPGJyPgo8aHI+Cgo8aDI+CjxhIG5hbWU9IlRoZSB4bWwtc3R5bGVz
+aGVldCBwcm9jZXNzaW5nIGluc3RydWN0aW9uIj48L2E+MSBUaGUgPGNvZGU+eG1s
+LXN0eWxlc2hlZXQ8L2NvZGU+IHByb2Nlc3NpbmcgaW5zdHJ1Y3Rpb248L2gyPgoK
+PHA+U3R5bGUgU2hlZXRzIGNhbiBiZSBhc3NvY2lhdGVkIHdpdGggYW4gWE1MPGEg
+aHJlZj0iI1hNTCI+W1hNTDEwXTwvYT4KZG9jdW1lbnQgYnkgdXNpbmcgYSBwcm9j
+ZXNzaW5nIGluc3RydWN0aW9uIHdob3NlIHRhcmdldCBpcwo8Y29kZT54bWwtc3R5
+bGVzaGVldDwvY29kZT4uICBUaGlzIHByb2Nlc3NpbmcgaW5zdHJ1Y3Rpb24gZm9s
+bG93cyB0aGUKYmVoYXZpb3VyIG9mIHRoZSBIVE1MIDQuMCA8Y29kZT4mbHQ7TElO
+SwpSRUw9InN0eWxlc2hlZXQiJmd0OzwvY29kZT48YSBocmVmPSIjSFRNTCI+W0hU
+TUw0MF08L2E+LjwvcD4KCjxwPlRoZSA8Y29kZT54bWwtc3R5bGVzaGVldDwvY29k
+ZT4gcHJvY2Vzc2luZyBpbnN0cnVjdGlvbiBpcyBwYXJzZWQgaW4KdGhlIHNhbWUg
+d2F5IGFzIGEgc3RhcnQtdGFnLCB3aXRoIHRoZSBleGNlcHRpb24gdGhhdCBlbnRp
+dGllcyBvdGhlcgp0aGFuIHByZWRlZmluZWQgZW50aXRpZXMgbXVzdCBub3QgYmUg
+cmVmZXJlbmNlZC48L3A+Cgo8cD5UaGUgZm9sbG93aW5nIGdyYW1tYXIgaXMgZ2l2
+ZW4gdXNpbmcgdGhlIHNhbWUgbm90YXRpb24gYXMgdGhlCmdyYW1tYXIgaW4gdGhl
+IFhNTCBSZWNvbW1lbmRhdGlvbjxhIGhyZWY9IiNYTUwiPltYTUwxMF08L2E+LiAg
+U3ltYm9scyBpbiB0aGUKZ3JhbW1hciB0aGF0IGFyZSBub3QgZGVmaW5lZCBoZXJl
+IGFyZSBkZWZpbmVkIGluIHRoZSBYTUwKUmVjb21tZW5kYXRpb24uPC9wPgoKPGg1
+PnhtbC1zdHlsZXNoZWV0IHByb2Nlc3NpbmcgaW5zdHJ1Y3Rpb248L2g1Pgo8dGFi
+bGUgY2xhc3M9InNjcmFwIj4KPHRib2R5Pgo8dHIgdmFsaWduPSJiYXNlbGluZSI+
+Cjx0ZD4KPGEgbmFtZT0iTlQtU3R5bGVTaGVldFBJIj48L2E+WzFdJm5ic3A7Jm5i
+c3A7Jm5ic3A7PC90ZD4KPHRkPlN0eWxlU2hlZXRQSTwvdGQ+Cjx0ZD4mbmJzcDsm
+bmJzcDsmbmJzcDs6Oj0mbmJzcDsmbmJzcDsmbmJzcDs8L3RkPgo8dGQ+JyZsdDs/
+eG1sLXN0eWxlc2hlZXQnICg8YSBocmVmPSJodHRwOi8vd3d3LnczLm9yZy9UUi9S
+RUMteG1sI05ULVMiPlM8L2E+IDxhIGhyZWY9IiNOVC1Qc2V1ZG9BdHQiPlBzZXVk
+b0F0dDwvYT4pKiA8YSBocmVmPSJodHRwOi8vd3d3LnczLm9yZy9UUi9SRUMteG1s
+I05ULVMiPlM8L2E+PyAnPyZndDsnPC90ZD4KPHRkPgo8L3RkPgo8L3RyPgo8dHIg
+dmFsaWduPSJiYXNlbGluZSI+Cjx0ZD4KPGEgbmFtZT0iTlQtUHNldWRvQXR0Ij48
+L2E+WzJdJm5ic3A7Jm5ic3A7Jm5ic3A7PC90ZD4KPHRkPlBzZXVkb0F0dDwvdGQ+
+Cjx0ZD4mbmJzcDsmbmJzcDsmbmJzcDs6Oj0mbmJzcDsmbmJzcDsmbmJzcDs8L3Rk
+Pgo8dGQ+CjxhIGhyZWY9Imh0dHA6Ly93d3cudzMub3JnL1RSL1JFQy14bWwjTlQt
+TmFtZSI+TmFtZTwvYT4gPGEgaHJlZj0iaHR0cDovL3d3dy53My5vcmcvVFIvUkVD
+LXhtbCNOVC1TIj5TPC9hPj8gJz0nIDxhIGhyZWY9Imh0dHA6Ly93d3cudzMub3Jn
+L1RSL1JFQy14bWwjTlQtUyI+UzwvYT4/IDxhIGhyZWY9IiNOVC1Qc2V1ZG9BdHRW
+YWx1ZSI+UHNldWRvQXR0VmFsdWU8L2E+CjwvdGQ+Cjx0ZD4KPC90ZD4KPC90cj4K
+PHRyIHZhbGlnbj0iYmFzZWxpbmUiPgo8dGQ+CjxhIG5hbWU9Ik5ULVBzZXVkb0F0
+dFZhbHVlIj48L2E+WzNdJm5ic3A7Jm5ic3A7Jm5ic3A7PC90ZD4KPHRkPlBzZXVk
+b0F0dFZhbHVlPC90ZD4KPHRkPiZuYnNwOyZuYnNwOyZuYnNwOzo6PSZuYnNwOyZu
+YnNwOyZuYnNwOzwvdGQ+Cjx0ZD4oJyInIChbXiImbHQ7JmFtcDtdIHwgPGEgaHJl
+Zj0iaHR0cDovL3d3dy53My5vcmcvVFIvUkVDLXhtbCNOVC1DaGFyUmVmIj5DaGFy
+UmVmPC9hPiB8IDxhIGhyZWY9IiNOVC1QcmVkZWZFbnRpdHlSZWYiPlByZWRlZkVu
+dGl0eVJlZjwvYT4pKiAnIic8L3RkPgo8dGQ+CjwvdGQ+CjwvdHI+Cjx0ciB2YWxp
+Z249ImJhc2VsaW5lIj4KPHRkPgo8L3RkPgo8dGQ+CjwvdGQ+Cjx0ZD4KPC90ZD4K
+PHRkPnwgIiciIChbXicmbHQ7JmFtcDtdIHwgPGEgaHJlZj0iaHR0cDovL3d3dy53
+My5vcmcvVFIvUkVDLXhtbCNOVC1DaGFyUmVmIj5DaGFyUmVmPC9hPiB8IDxhIGhy
+ZWY9IiNOVC1QcmVkZWZFbnRpdHlSZWYiPlByZWRlZkVudGl0eVJlZjwvYT4pKiAi
+JyIpPC90ZD4KPHRkPgo8L3RkPgo8L3RyPgo8dHIgdmFsaWduPSJiYXNlbGluZSI+
+Cjx0ZD4KPC90ZD4KPHRkPgo8L3RkPgo8dGQ+CjwvdGQ+Cjx0ZD4tICg8YSBocmVm
+PSJodHRwOi8vd3d3LnczLm9yZy9UUi9SRUMteG1sI05ULUNoYXIiPkNoYXI8L2E+
+KiAnPyZndDsnIDxhIGhyZWY9Imh0dHA6Ly93d3cudzMub3JnL1RSL1JFQy14bWwj
+TlQtQ2hhciI+Q2hhcjwvYT4qKTwvdGQ+Cjx0ZD4KPC90ZD4KPC90cj4KPHRyIHZh
+bGlnbj0iYmFzZWxpbmUiPgo8dGQ+CjxhIG5hbWU9Ik5ULVByZWRlZkVudGl0eVJl
+ZiI+PC9hPls0XSZuYnNwOyZuYnNwOyZuYnNwOzwvdGQ+Cjx0ZD5QcmVkZWZFbnRp
+dHlSZWY8L3RkPgo8dGQ+Jm5ic3A7Jm5ic3A7Jm5ic3A7Ojo9Jm5ic3A7Jm5ic3A7
+Jm5ic3A7PC90ZD4KPHRkPicmYW1wO2FtcDsnIHwgJyZhbXA7bHQ7JyB8ICcmYW1w
+O2d0OycgfCAnJmFtcDtxdW90OycgfCAnJmFtcDthcG9zOyc8L3RkPgo8dGQ+Cjwv
+dGQ+CjwvdHI+CjwvdGJvZHk+CjwvdGFibGU+Cgo8cD5JbiA8YSBocmVmPSIjTlQt
+UHNldWRvQXR0VmFsdWUiPlBzZXVkb0F0dFZhbHVlPC9hPiwgYSA8YSBocmVmPSJo
+dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMteG1sI05ULUNoYXJSZWYiPkNoYXJSZWY8
+L2E+IG9yIGEgPGEgaHJlZj0iI05ULVByZWRlZkVudGl0eVJlZiI+UHJlZGVmRW50
+aXR5UmVmPC9hPiBpcyBpbnRlcnByZXRlZCBpbiB0aGUKc2FtZSBtYW5uZXIgYXMg
+aW4gYSBub3JtYWwgWE1MIGF0dHJpYnV0ZSB2YWx1ZS4gIFRoZSBhY3R1YWwgdmFs
+dWUgb2YKdGhlIHBzZXVkby1hdHRyaWJ1dGUgaXMgdGhlIHZhbHVlIGFmdGVyIGVh
+Y2ggcmVmZXJlbmNlIGlzIHJlcGxhY2VkIGJ5CnRoZSBjaGFyYWN0ZXIgaXQgcmVm
+ZXJlbmNlcy4gIFRoaXMgcmVwbGFjZW1lbnQgaXMgbm90IHBlcmZvcm1lZAphdXRv
+bWF0aWNhbGx5IGJ5IGFuIFhNTCBwcm9jZXNzb3IuPC9wPgoKPHA+VGhlIDxjb2Rl
+PnhtbC1zdHlsZXNoZWV0PC9jb2RlPiBwcm9jZXNzaW5nIGluc3RydWN0aW9uIGlz
+IGFsbG93ZWQKb25seSBpbiB0aGUgcHJvbG9nIG9mIGFuIFhNTCBkb2N1bWVudC4g
+VGhlIHN5bnRheCBvZiBYTUwgY29uc3RyYWlucwp3aGVyZSBwcm9jZXNzaW5nIGlu
+c3RydWN0aW9ucyBhcmUgYWxsb3dlZCBpbiB0aGUgcHJvbG9nOyB0aGUKPGNvZGU+
+eG1sLXN0eWxlc2hlZXQ8L2NvZGU+IHByb2Nlc3NpbmcgaW5zdHJ1Y3Rpb24gaXMg
+YWxsb3dlZCBhbnl3aGVyZQppbiB0aGUgcHJvbG9nIHRoYXQgbWVldHMgdGhlc2Ug
+Y29uc3RyYWludHMuPC9wPgoKPGJsb2NrcXVvdGU+CjxiPk5PVEU6IDwvYj5JZiB0
+aGUgPGNvZGU+eG1sLXN0eWxlc2hlZXQ8L2NvZGU+IHByb2Nlc3NpbmcgaW5zdHJ1
+Y3Rpb24Kb2NjdXJzIGluIHRoZSBleHRlcm5hbCBEVEQgc3Vic2V0IG9yIGluIGEg
+cGFyYW1ldGVyIGVudGl0eSwgaXQgaXMKcG9zc2libGUgdGhhdCBpdCBtYXkgbm90
+IGJlIHByb2Nlc3NlZCBieSBhIG5vbi12YWxpZGF0aW5nIFhNTApwcm9jZXNzb3Ig
+KHNlZSA8YSBocmVmPSIjWE1MIj5bWE1MMTBdPC9hPikuPC9ibG9ja3F1b3RlPgoK
+PHA+VGhlIGZvbGxvd2luZyBwc2V1ZG8gYXR0cmlidXRlcyBhcmUgZGVmaW5lZDwv
+cD4KCjxwcmU+aHJlZiBDREFUQSAjUkVRVUlSRUQKdHlwZSBDREFUQSAjUkVRVUlS
+RUQKdGl0bGUgQ0RBVEEgI0lNUExJRUQKbWVkaWEgQ0RBVEEgI0lNUExJRUQKY2hh
+cnNldCBDREFUQSAjSU1QTElFRAphbHRlcm5hdGUgKHllc3xubykgIm5vIjwvcHJl
+PgoKPHA+VGhlIHNlbWFudGljcyBvZiB0aGUgcHNldWRvLWF0dHJpYnV0ZXMgYXJl
+IGV4YWN0bHkgYXMgd2l0aAo8Y29kZT4mbHQ7TElOSyBSRUw9InN0eWxlc2hlZXQi
+Jmd0OzwvY29kZT4gaW4gSFRNTCA0LjAsIHdpdGggdGhlCmV4Y2VwdGlvbiBvZiB0
+aGUgPGNvZGU+YWx0ZXJuYXRlPC9jb2RlPiBwc2V1ZG8tYXR0cmlidXRlLiAgSWYK
+PGNvZGU+YWx0ZXJuYXRlPSJ5ZXMiPC9jb2RlPiBpcyBzcGVjaWZpZWQsIHRoZW4g
+dGhlIHByb2Nlc3NpbmcKaW5zdHJ1Y3Rpb24gaGFzIHRoZSBzZW1hbnRpY3Mgb2Yg
+PGNvZGU+Jmx0O0xJTksgUkVMPSJhbHRlcm5hdGUKc3R5bGVzaGVldCImZ3Q7PC9j
+b2RlPiBpbnN0ZWFkIG9mIDxjb2RlPiZsdDtMSU5LClJFTD0ic3R5bGVzaGVldCIm
+Z3Q7PC9jb2RlPi48L3A+Cgo8YmxvY2txdW90ZT4KPGI+Tk9URTogPC9iPlNpbmNl
+IHRoZSB2YWx1ZSBvZiB0aGUgPGNvZGU+aHJlZjwvY29kZT4gYXR0cmlidXRlIGlz
+IGEgVVJJCnJlZmVyZW5jZSwgaXQgbWF5IGJlIGEgcmVsYXRpdmUgVVJJIGFuZCBp
+dCBtYXkgY29udGFpbiBhIGZyYWdtZW50CmlkZW50aWZpZXIuIEluIHBhcnRpY3Vs
+YXIgdGhlIFVSSSByZWZlcmVuY2UgbWF5IGNvbnRhaW4gb25seSBhCmZyYWdtZW50
+IGlkZW50aWZpZXIuICBTdWNoIGEgVVJJIHJlZmVyZW5jZSBpcyBhIHJlZmVyZW5j
+ZSB0byBhIHBhcnQgb2YKdGhlIGRvY3VtZW50IGNvbnRhaW5pbmcgdGhlIDxjb2Rl
+PnhtbC1zdHlsZXNoZWV0PC9jb2RlPiBwcm9jZXNzaW5nCmluc3RydWN0aW9uIChz
+ZWUgPGEgaHJlZj0iI1JGQzIzOTYiPltSRkMyMzk2XTwvYT4pLiBUaGUgY29uc2Vx
+dWVuY2UgaXMgdGhhdCB0aGUKPGNvZGU+eG1sLXN0eWxlc2hlZXQ8L2NvZGU+IHBy
+b2Nlc3NpbmcgaW5zdHJ1Y3Rpb24gYWxsb3dzIHN0eWxlIHNoZWV0cwp0byBiZSBl
+bWJlZGRlZCBpbiB0aGUgc2FtZSBkb2N1bWVudCBhcyB0aGUgPGNvZGU+eG1sLXN0
+eWxlc2hlZXQ8L2NvZGU+CnByb2Nlc3NpbmcgaW5zdHJ1Y3Rpb24uPC9ibG9ja3F1
+b3RlPgoKPHA+SW4gc29tZSBjYXNlcywgc3R5bGUgc2hlZXRzIG1heSBiZSBsaW5r
+ZWQgd2l0aCBhbiBYTUwgZG9jdW1lbnQgYnkKbWVhbnMgZXh0ZXJuYWwgdG8gdGhl
+IGRvY3VtZW50LiBGb3IgZXhhbXBsZSwgZWFybGllciB2ZXJzaW9ucyBvZiBIVFRQ
+CjxhIGhyZWY9IiNSRkMyMDY4Ij5bUkZDMjA2OF08L2E+IChzZWN0aW9uIDE5LjYu
+Mi40KSBhbGxvd2VkIHN0eWxlIHNoZWV0cyB0byBiZQphc3NvY2lhdGVkIHdpdGgg
+WE1MIGRvY3VtZW50cyBieSBtZWFucyBvZiB0aGUgPGNvZGU+TGluazwvY29kZT4K
+aGVhZGVyLiAgQW55IGxpbmtzIHRvIHN0eWxlIHNoZWV0cyB0aGF0IGFyZSBzcGVj
+aWZpZWQgZXh0ZXJuYWxseSB0byB0aGUKZG9jdW1lbnQgYXJlIGNvbnNpZGVyZWQg
+dG8gb2NjdXIgYmVmb3JlIHRoZSBsaW5rcyBzcGVjaWZpZWQgYnkgdGhlCjxjb2Rl
+PnhtbC1zdHlsZXNoZWV0PC9jb2RlPiBwcm9jZXNzaW5nIGluc3RydWN0aW9ucy4g
+IFRoaXMgaXMgdGhlIHNhbWUKYXMgaW4gSFRNTCA0LjAgKHNlZSA8YSBocmVmPSJo
+dHRwOi8vd3d3LnczLm9yZy9UUi9SRUMtaHRtbDQwL3ByZXNlbnQvc3R5bGVzLmh0
+bWwjaC0xNC42Ij5zZWN0aW9uCjE0LjY8L2E+KS48L3A+Cgo8cD5IZXJlIGFyZSBz
+b21lIGV4YW1wbGVzIGZyb20gSFRNTCA0LjAgd2l0aCB0aGUgY29ycmVzcG9uZGlu
+Zwpwcm9jZXNzaW5nIGluc3RydWN0aW9uOjwvcD4KCjxwcmU+Jmx0O0xJTksgaHJl
+Zj0ibXlzdHlsZS5jc3MiIHJlbD0ic3R5bGUgc2hlZXQiIHR5cGU9InRleHQvY3Nz
+IiZndDsKJmx0Oz94bWwtc3R5bGVzaGVldCBocmVmPSJteXN0eWxlLmNzcyIgdHlw
+ZT0idGV4dC9jc3MiPyZndDsKCiZsdDtMSU5LIGhyZWY9Im15c3R5bGUuY3NzIiB0
+aXRsZT0iQ29tcGFjdCIgcmVsPSJzdHlsZXNoZWV0Igp0eXBlPSJ0ZXh0L2NzcyIm
+Z3Q7CiZsdDs/eG1sLXN0eWxlc2hlZXQgaHJlZj0ibXlzdHlsZS5jc3MiIHRpdGxl
+PSJDb21wYWN0IiB0eXBlPSJ0ZXh0L2NzcyI/Jmd0OwoKJmx0O0xJTksgaHJlZj0i
+bXlzdHlsZS5jc3MiIHRpdGxlPSJNZWRpdW0iIHJlbD0iYWx0ZXJuYXRlIHN0eWxl
+c2hlZXQiCnR5cGU9InRleHQvY3NzIiZndDsKJmx0Oz94bWwtc3R5bGVzaGVldCBh
+bHRlcm5hdGU9InllcyIgaHJlZj0ibXlzdHlsZS5jc3MiIHRpdGxlPSJNZWRpdW0i
+CnR5cGU9InRleHQvY3NzIj8mZ3Q7PC9wcmU+Cgo8cD5NdWx0aXBsZSA8Y29kZT54
+bWwtc3R5bGVzaGVldDwvY29kZT4gcHJvY2Vzc2luZyBpbnN0cnVjdGlvbnMgYXJl
+CmFsc28gYWxsb3dlZCB3aXRoIGV4YWN0bHkgdGhlIHNhbWUgc2VtYW50aWNzIGFz
+IHdpdGggPGNvZGU+TElOSwpSRUw9InN0eWxlc2hlZXQiPC9jb2RlPi4gRm9yIGV4
+YW1wbGUsPC9wPgoKPHByZT4mbHQ7TElOSyByZWw9ImFsdGVybmF0ZSBzdHlsZXNo
+ZWV0IiB0aXRsZT0iY29tcGFjdCIgaHJlZj0ic21hbGwtYmFzZS5jc3MiCnR5cGU9
+InRleHQvY3NzIiZndDsKJmx0O0xJTksgcmVsPSJhbHRlcm5hdGUgc3R5bGVzaGVl
+dCIgdGl0bGU9ImNvbXBhY3QiIGhyZWY9InNtYWxsLWV4dHJhcy5jc3MiCnR5cGU9
+InRleHQvY3NzIiZndDsKJmx0O0xJTksgcmVsPSJhbHRlcm5hdGUgc3R5bGVzaGVl
+dCIgdGl0bGU9ImJpZyBwcmludCIgaHJlZj0iYmlncHJpbnQuY3NzIgp0eXBlPSJ0
+ZXh0L2NzcyImZ3Q7CiZsdDtMSU5LIHJlbD0ic3R5bGVzaGVldCIgaHJlZj0iY29t
+bW9uLmNzcyIgdHlwZT0idGV4dC9jc3MiJmd0OzwvcHJlPgoKPHA+d291bGQgYmUg
+ZXF1aXZhbGVudCB0bzo8L3A+Cgo8cHJlPiZsdDs/eG1sLXN0eWxlc2hlZXQgYWx0
+ZXJuYXRlPSJ5ZXMiIHRpdGxlPSJjb21wYWN0IiBocmVmPSJzbWFsbC1iYXNlLmNz
+cyIKdHlwZT0idGV4dC9jc3MiPyZndDsKJmx0Oz94bWwtc3R5bGVzaGVldCBhbHRl
+cm5hdGU9InllcyIgdGl0bGU9ImNvbXBhY3QiIGhyZWY9InNtYWxsLWV4dHJhcy5j
+c3MiCnR5cGU9InRleHQvY3NzIj8mZ3Q7CiZsdDs/eG1sLXN0eWxlc2hlZXQgYWx0
+ZXJuYXRlPSJ5ZXMiIHRpdGxlPSJiaWcgcHJpbnQiIGhyZWY9ImJpZ3ByaW50LmNz
+cyIKdHlwZT0idGV4dC9jc3MiPyZndDsKJmx0Oz94bWwtc3R5bGVzaGVldCBocmVm
+PSJjb21tb24uY3NzIiB0eXBlPSJ0ZXh0L2NzcyI/Jmd0OzwvcHJlPgoKCgo8aHIg
+dGl0bGU9IlNlcGFyYXRvciBmcm9tIGZvb3RlciI+Cgo8aDI+CjxhIG5hbWU9IlJl
+ZmVyZW5jZXMiPjwvYT5BIFJlZmVyZW5jZXM8L2gyPgoKPGRsPgoKPGR0Pgo8YSBu
+YW1lPSJIVE1MIj5IVE1MNDA8L2E+CjwvZHQ+CjxkZD5Xb3JsZCBXaWRlIFdlYgpD
+b25zb3J0aXVtLiA8aT5IVE1MIDQuMCBTcGVjaWZpY2F0aW9uLjwvaT4gVzNDIFJl
+Y29tbWVuZGF0aW9uLiBTZWUKPGEgaHJlZj0iaHR0cDovL3d3dy53My5vcmcvVFIv
+UkVDLWh0bWw0MCI+aHR0cDovL3d3dy53My5vcmcvVFIvUkVDLWh0bWw0MDwvYT4K
+PC9kZD4KCjxkdD4KPGEgbmFtZT0iUkZDMjA2OCI+UkZDMjA2ODwvYT4KPC9kdD4K
+PGRkPlIuIEZpZWxkaW5nLCBKLiBHZXR0eXMsIEouIE1vZ3VsLApILiBGcnlzdHlr
+IE5pZWxzZW4sIGFuZCBULiBCZXJuZXJzLUxlZS4gIDxpPkh5cGVydGV4dCBUcmFu
+c2ZlcgpQcm90b2NvbCAtLSBIVFRQLzEuMS48L2k+LiBJRVRGIFJGQyAyMDY4LiBT
+ZWUgPGEgaHJlZj0iaHR0cDovL3d3dy5pZXRmLm9yZy9yZmMvcmZjMjA2OC50eHQi
+Pmh0dHA6Ly93d3cuaWV0Zi5vcmcvcmZjL3JmYzIwNjgudHh0PC9hPi48L2RkPgoK
+PGR0Pgo8YSBuYW1lPSJSRkMyMzk2Ij5SRkMyMzk2PC9hPgo8L2R0Pgo8ZGQ+VC4g
+QmVybmVycy1MZWUsIFIuIEZpZWxkaW5nLCBhbmQKTC4gTWFzaW50ZXIuICA8aT5V
+bmlmb3JtIFJlc291cmNlIElkZW50aWZpZXJzIChVUkkpOiBHZW5lcmljClN5bnRh
+eDwvaT4uIElFVEYgUkZDIDIzOTYuIFNlZSA8YSBocmVmPSJodHRwOi8vd3d3Lmll
+dGYub3JnL3JmYy9yZmMyMzk2LnR4dCI+aHR0cDovL3d3dy5pZXRmLm9yZy9yZmMv
+cmZjMjM5Ni50eHQ8L2E+LjwvZGQ+Cgo8ZHQ+CjxhIG5hbWU9IlhNTCI+WE1MMTA8
+L2E+CjwvZHQ+CjxkZD5Xb3JsZCBXaWRlIFdlYiBDb25zb3J0aXVtLiA8aT5FeHRl
+bnNpYmxlCk1hcmt1cCBMYW5ndWFnZSAoWE1MKSAxLjAuPC9pPiBXM0MgUmVjb21t
+ZW5kYXRpb24uIFNlZSA8YSBocmVmPSJodHRwOi8vd3d3LnczLm9yZy9UUi8xOTk4
+L1JFQy14bWwtMTk5ODAyMTAiPmh0dHA6Ly93d3cudzMub3JnL1RSLzE5OTgvUkVD
+LXhtbC0xOTk4MDIxMDwvYT4KPC9kZD4KCjwvZGw+CgoKCgo8aDI+CjxhIG5hbWU9
+InJhdGlvbmFsZSI+PC9hPkIgUmF0aW9uYWxlPC9oMj4KCjxwPlRoZXJlIHdhcyBh
+biB1cmdlbnQgcmVxdWlyZW1lbnQgZm9yIGEgc3BlY2lmaWNhdGlvbiBmb3Igc3R5
+bGUgc2hlZXQKbGlua2luZyB0aGF0IGNvdWxkIGJlIGNvbXBsZXRlZCBpbiB0aW1l
+IGZvciB0aGUgbmV4dCByZWxlYXNlIGZyb20KbWFqb3IgYnJvd3NlciB2ZW5kb3Jz
+LiAgT25seSBieSBjaG9vc2luZyBhIHNpbXBsZSBtZWNoYW5pc20gY2xvc2VseQpi
+YXNlZCBvbiBhIHByb3ZlbiBleGlzdGluZyBtZWNoYW5pc20gY291bGQgdGhlIHNw
+ZWNpZmljYXRpb24gYmUKY29tcGxldGVkIGluIHRpbWUgdG8gbWVldCB0aGlzIHJl
+cXVpcmVtZW50LjwvcD4KCjxwPlVzZSBvZiBhIHByb2Nlc3NpbmcgaW5zdHJ1Y3Rp
+b24gYXZvaWRzIHBvbGx1dGluZyB0aGUgbWFpbiBkb2N1bWVudApzdHJ1Y3R1cmUg
+d2l0aCBhcHBsaWNhdGlvbiBzcGVjaWZpYyBwcm9jZXNzaW5nIGluZm9ybWF0aW9u
+LjwvcD4KCjxwPlRoZSBtZWNoYW5pc20gY2hvc2VuIGZvciB0aGlzIHZlcnNpb24g
+b2YgdGhlIHNwZWNpZmljYXRpb24gaXMgbm90IGEKY29uc3RyYWludCBvbiB0aGUg
+YWRkaXRpb25hbCBtZWNoYW5pc21zIHBsYW5uZWQgZm9yIGZ1dHVyZSB2ZXJzaW9u
+cy4KVGhlcmUgaXMgbm8gZXhwZWN0YXRpb24gdGhhdCB0aGVzZSB3aWxsIHVzZSBw
+cm9jZXNzaW5nIGluc3RydWN0aW9uczsKaW5kZWVkIHRoZXkgbWF5IG5vdCBpbmNs
+dWRlIHRoZSBsaW5raW5nIGluZm9ybWF0aW9uIGluIHRoZSBzb3VyY2UKZG9jdW1l
+bnQuPC9wPgoKCgoKPC9ib2R5Pgo8L2h0bWw+Cg==
diff --git a/samples/data/keystore.jks b/samples/data/keystore.jks
new file mode 100644
index 0000000..31a0214
--- /dev/null
+++ b/samples/data/keystore.jks
Binary files differ
diff --git a/samples/data/org/apache/xml/security/temp/extension.xsl b/samples/data/org/apache/xml/security/temp/extension.xsl
new file mode 100644
index 0000000..0c16e06
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/extension.xsl
@@ -0,0 +1,13 @@
+<xsl:stylesheet xmlns="http://www.w3.org/1999/xhtml"
+ xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
+ xmlns:pe="xalan://org.xmlsecurity.temp.TestProperties"
+ extension-element-prefixes="pe"
+ version="1.0">
+
+ <xsl:output indent="yes" omit-xml-declaration="yes"/>
+ <xsl:template match="/">
+ <pe:properties>
+ <xsl:apply-templates />
+ </pe:properties>
+ </xsl:template>
+</xsl:stylesheet>
diff --git a/samples/data/org/apache/xml/security/temp/id.xml b/samples/data/org/apache/xml/security/temp/id.xml
new file mode 100644
index 0000000..544a243
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/id.xml
@@ -0,0 +1,11 @@
+<?xml version="1.0"?>
+
+<!DOCTYPE doc [
+<!ATTLIST e9 Id ID #IMPLIED>
+]>
+
+
+<doc>
+ <e9 Id="NO3"></e9>
+ <e9 Id="id2"></e9>
+</doc>
diff --git a/samples/data/org/apache/xml/security/temp/id2.xml b/samples/data/org/apache/xml/security/temp/id2.xml
new file mode 100644
index 0000000..a27d4b3
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/id2.xml
@@ -0,0 +1,9 @@
+<?xml version="1.0"?>
+<!DOCTYPE doc [
+<!ATTLIST e9 Id ID #IMPLIED>
+]>
+<doc>
+ <!-- A comment -->
+ <e9 Id='N3'><!-- A comment -->Das N3 Element</e9>
+ <e9 Id='id2'><!-- A comment --> Das id2 Element</e9>
+</doc>
diff --git a/samples/data/org/apache/xml/security/temp/key/dsavalue.xml b/samples/data/org/apache/xml/security/temp/key/dsavalue.xml
new file mode 100644
index 0000000..9fa8846
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/key/dsavalue.xml
@@ -0,0 +1,21 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<DSAKeyValue xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <P>
+ rFto8uPQM6y34FLPmDh40BLJ1rVrC8VeRquuhPZ6jYNFkQuwxnu/wCvIAMhukPBL
+ FET8bJf/b2ef+oqxZajEb+88zlZoyG8g/wMfDBHTxz+CnowLahnCCTYBp5kt7G8q
+ UobJuvjylwj1st7V9Lsu03iXMXtbiriUjFa5gURasN8=
+ </P>
+ <Q>
+ kEjAFpCe4lcUOdwphpzf+tBaUds=
+ </Q>
+ <G>
+ oe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOWtKXeNK9FS7dWStreDxo2
+ SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTELh98mEocsLXkNh24HcH4
+ BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqw=
+ </G>
+ <Y>
+ pA5NnZvcd574WRXuOA7ZfC/7Lqt4cB0MRLWtHubtJoVOao9ib5ry4rTk0r6ddnOv
+ AIGKktutzK3ymvKleS3DOrwZQgJ+/BDWDW8kO9R66o6rdjiSobBi/0c2V1+dkqOg
+ jFmKz395mvCOZGhC7fqAVhHat2EjGPMfgSZyABa7+1k=
+ </Y>
+</DSAKeyValue>
diff --git a/samples/data/org/apache/xml/security/temp/key/retrieval-from-same-doc-key.xml b/samples/data/org/apache/xml/security/temp/key/retrieval-from-same-doc-key.xml
new file mode 100644
index 0000000..445e76a
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/key/retrieval-from-same-doc-key.xml
@@ -0,0 +1 @@
+<X509Data xmlns="http://www.w3.org/2000/09/xmldsig#"><X509Certificate></X509Certificate></X509Data>
\ No newline at end of file
diff --git a/samples/data/org/apache/xml/security/temp/key/retrieval-from-same-doc.xml b/samples/data/org/apache/xml/security/temp/key/retrieval-from-same-doc.xml
new file mode 100644
index 0000000..5139ece
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/key/retrieval-from-same-doc.xml
@@ -0,0 +1,60 @@
+<Document>
+ <KeyMaterials Id="thecert" xmlns="http://www.xmlsecurity.org/temp/mytempns">
+ <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Certificate>
+ MIICwzCCAiygAwIBAgIGAOZ75QhHMA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMRQwEgYDVQQDEwtYL1NlY3Vy
+ ZSBDQTAeFw0wMTA1MTUxMDA0NDVaFw0wMjA1MTUxMDA0MzdaMGkxCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ8wDQYDVQQDEwZNb3JpZ3Uw
+ gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALT4FJkxu+bB5lOwYa+irIb7sJU7
+ 9sRQbYYnfw35D7NQkig+Lvi2LXXoA6ABull2bF+gu+sgRzezzOs6VsTL8z57TIz2
+ 48HaMInFjOiqSANmzQKlXv1PjXSxSyHRi/3xc8gMfmCxeSPCZ5VpUiQoJ5ZpWcDz
+ /LKvb0l9X0YBzMZlAgMBAAGjcTBvMA4GA1UdDwEB/wQEAwIHgDARBgNVHQ4ECgQI
+ hbis35lIcu8wNQYDVR0SBC4wLIYqaHR0cDovL3d3dy5iYWx0aW1vcmUuY29tL3By
+ b2R1Y3RzL3hzZWN1cmUvMBMGA1UdIwQMMAqACIXsHwqPfxrRMA0GCSqGSIb3DQEB
+ BQUAA4GBAGSBdPou5CWAiyS5/f46m00mIIqO3xl6ZXOc/DRblF4gWnesd2F5v/s6
+ lAbqK8+wJM6GxvpOkSp6O1q6hZRyzF86QPlXCfhKAXkgzHXtb6PfT2m9t0iawnjy
+ P+oyYofnFU5FFVOCujSrmFx3FCU+Wg6RT3v1jRoM3YfMYZYEzfTT
+ </X509Certificate>
+ </X509Data>
+ </KeyMaterials>
+ <KeyMaterials Id="hjdsbadcret" xmlns="http://www.xmlsecurity.org/temp/mytempns">
+ <X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Certificate>
+ This is no valid base64 encoded X509 Certificate so if the XPath
+ ancestor::my:KeyMaterials[@Id="hjdsbadcret"]
+ would have been used this wouldn't resolve to a valid key
+ </X509Certificate>
+ </X509Data>
+ </KeyMaterials>
+ <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ FnwsSCWT6REW/8QnOjv0BK+r3Ly/4aB++pNnZp9pnz8f7+j33eKSj1soyQLq5zmN
+ FwyeeQhnlTbR1kfve014ub9uHVC9A1cfmGZxQF1DC+enHt+AAPJaa278/ocgpMb5
+ Gibl4w7e3HAdBn/RJCrFJH77wY2oU5Ob0zIQtECVNJk=
+ </SignatureValue>
+ <KeyInfo>
+ <RetrievalMethod URI="" Type="http://www.w3.org/2000/09/xmldsig#X509Data">
+ <Transforms>
+ <Transform Algorithm="http://www.w3.org/TR/1999/REC-xpath-19991116">
+ <XPath xmlns:my="http://www.xmlsecurity.org/temp/mytempns"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ ancestor::my:KeyMaterials[@Id="thecert"]
+ </XPath>
+ </Transform>
+ </Transforms>
+ </RetrievalMethod>
+ </KeyInfo>
+ </Signature>
+</Document>
+
\ No newline at end of file
diff --git a/samples/data/org/apache/xml/security/temp/key/signature-retrievalmethod-dsavalue.xml b/samples/data/org/apache/xml/security/temp/key/signature-retrievalmethod-dsavalue.xml
new file mode 100644
index 0000000..e24575c
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/key/signature-retrievalmethod-dsavalue.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ Fj9OwSxpJppDnihohduxEUqu9/p6TR9PpgNGapaiBHGcY2QUDBaOEw==
+ </SignatureValue>
+ <KeyInfo>
+ <RetrievalMethod Type="http://www.w3.org/2000/09/xmldsig#DSAKeyValue" URI="dsavalue.xml" />
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/org/apache/xml/security/temp/key/signature-retrievalmethod-x509data.xml b/samples/data/org/apache/xml/security/temp/key/signature-retrievalmethod-x509data.xml
new file mode 100644
index 0000000..e00bd86
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/key/signature-retrievalmethod-x509data.xml
@@ -0,0 +1,41 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <SignedInfo>
+ <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315" />
+ <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" />
+ <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" />
+ <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ </Reference>
+ </SignedInfo>
+ <SignatureValue>
+ ZrROxIcOSBvt5z2krEhQGSVIo4oAwTJwGAoFiWucvvEtY9k0L2R5RVHBnHCzk5GT
+ kHGaT8SUqtnDeiH6W/2FNfciiV/w1pxURvNcyW8cYCn1B5XF68vILXUaptWf0DKw
+ DvCFS+uLh0ACuEUfpe1Dx1fwB85lpK2iQcpx9dPaC4M=
+ </SignatureValue>
+ <KeyInfo>
+ <!--
+ <X509Data>
+ <X509Certificate>
+ MIICwzCCAiygAwIBAgIGAOZ75QhHMA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMRQwEgYDVQQDEwtYL1NlY3Vy
+ ZSBDQTAeFw0wMTA1MTUxMDA0NDVaFw0wMjA1MTUxMDA0MzdaMGkxCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ8wDQYDVQQDEwZNb3JpZ3Uw
+ gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALT4FJkxu+bB5lOwYa+irIb7sJU7
+ 9sRQbYYnfw35D7NQkig+Lvi2LXXoA6ABull2bF+gu+sgRzezzOs6VsTL8z57TIz2
+ 48HaMInFjOiqSANmzQKlXv1PjXSxSyHRi/3xc8gMfmCxeSPCZ5VpUiQoJ5ZpWcDz
+ /LKvb0l9X0YBzMZlAgMBAAGjcTBvMA4GA1UdDwEB/wQEAwIHgDARBgNVHQ4ECgQI
+ hbis35lIcu8wNQYDVR0SBC4wLIYqaHR0cDovL3d3dy5iYWx0aW1vcmUuY29tL3By
+ b2R1Y3RzL3hzZWN1cmUvMBMGA1UdIwQMMAqACIXsHwqPfxrRMA0GCSqGSIb3DQEB
+ BQUAA4GBAGSBdPou5CWAiyS5/f46m00mIIqO3xl6ZXOc/DRblF4gWnesd2F5v/s6
+ lAbqK8+wJM6GxvpOkSp6O1q6hZRyzF86QPlXCfhKAXkgzHXtb6PfT2m9t0iawnjy
+ P+oyYofnFU5FFVOCujSrmFx3FCU+Wg6RT3v1jRoM3YfMYZYEzfTT
+ </X509Certificate>
+ </X509Data>
+ -->
+ <RetrievalMethod URI="./x509data.xml" />
+ <!-- Type="http://www.w3.org/2000/09/xmldsig#X509Data" -->
+ </KeyInfo>
+</Signature>
diff --git a/samples/data/org/apache/xml/security/temp/key/x509data.xml b/samples/data/org/apache/xml/security/temp/key/x509data.xml
new file mode 100644
index 0000000..2a73f15
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/key/x509data.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<X509Data xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <X509Certificate>
+ MIICwzCCAiygAwIBAgIGAOZ75QhHMA0GCSqGSIb3DQEBBQUAMG4xCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMRQwEgYDVQQDEwtYL1NlY3Vy
+ ZSBDQTAeFw0wMTA1MTUxMDA0NDVaFw0wMjA1MTUxMDA0MzdaMGkxCzAJBgNVBAYT
+ AklFMQ8wDQYDVQQIEwZEdWJsaW4xJTAjBgNVBAoTHEJhbHRpbW9yZSBUZWNobm9s
+ b2dpZXMsIEx0ZC4xETAPBgNVBAsTCFgvU2VjdXJlMQ8wDQYDVQQDEwZNb3JpZ3Uw
+ gZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBALT4FJkxu+bB5lOwYa+irIb7sJU7
+ 9sRQbYYnfw35D7NQkig+Lvi2LXXoA6ABull2bF+gu+sgRzezzOs6VsTL8z57TIz2
+ 48HaMInFjOiqSANmzQKlXv1PjXSxSyHRi/3xc8gMfmCxeSPCZ5VpUiQoJ5ZpWcDz
+ /LKvb0l9X0YBzMZlAgMBAAGjcTBvMA4GA1UdDwEB/wQEAwIHgDARBgNVHQ4ECgQI
+ hbis35lIcu8wNQYDVR0SBC4wLIYqaHR0cDovL3d3dy5iYWx0aW1vcmUuY29tL3By
+ b2R1Y3RzL3hzZWN1cmUvMBMGA1UdIwQMMAqACIXsHwqPfxrRMA0GCSqGSIb3DQEB
+ BQUAA4GBAGSBdPou5CWAiyS5/f46m00mIIqO3xl6ZXOc/DRblF4gWnesd2F5v/s6
+ lAbqK8+wJM6GxvpOkSp6O1q6hZRyzF86QPlXCfhKAXkgzHXtb6PfT2m9t0iawnjy
+ P+oyYofnFU5FFVOCujSrmFx3FCU+Wg6RT3v1jRoM3YfMYZYEzfTT
+ </X509Certificate>
+</X509Data>
diff --git a/samples/data/org/apache/xml/security/temp/nuehomepage b/samples/data/org/apache/xml/security/temp/nuehomepage
new file mode 100644
index 0000000..0cce7df
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/nuehomepage
@@ -0,0 +1,29 @@
+<HTML>
+<HEAD>
+ <!-- Style sheet added (21.09.99)-->
+ <link rel="stylesheet" type="text/css" href="NUE_Style.css">
+<!-- Last modification: 10.11.98 by Niko Schweitzer -->
+ <META Name="description" Content="Institut fuer Nachrichtenuebermittlung, UNI-Siegen">
+ <META Name="keywords" Content="UNI,Siegen,Institut,Nachrichtenübermittlung,Institute,Data,Communications,Security,Sicherheit,Kryptographie,Cryptography,Digitale,Mobilfunksysteme,Digital,Communication,Information,ATM,GSM,PDH,SDH,PKI,Access,Rights,Profile,Certificate,Management">
+ <META NAME="Content-Language" CONTENT="de">
+
+<!------------------------------------------------------------------>
+<title>Home-Page des Instituts fuer Nachrichtenuebermittlung</title>
+<!------------------------------------------------------------------>
+
+
+<FRAMESET COLS="170,*" BORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 FRAMEBORDER=0 FRAMESPACING=0>
+ <FRAME NAME="contents_frame" SRC="contents.html" SCROLLING="Auto" BORDER=0 MARGINWIDTH=0 MARGINHEIGHT=0 FRAMEBORDER=0 FRAMESPACING=0>
+ <FRAMESET ><!--ROWS="80,*"> -->
+ <!-- <frame name="header_frame" src="header.html" scrolling="No" FRAMEBORDER="No"> -->
+ <frame name="main_frame" src="start.html" scrolling="Auto" FRAMEBORDER="No">
+ </FRAMESET>
+</FRAMESET>
+
+
+</HEAD>
+
+<BODY>
+
+</BODY>
+</HTML>
\ No newline at end of file
diff --git a/samples/data/org/apache/xml/security/temp/signature/signature-bad-c14n-algo.xml b/samples/data/org/apache/xml/security/temp/signature/signature-bad-c14n-algo.xml
new file mode 100644
index 0000000..edc297b
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/signature/signature-bad-c14n-algo.xml
@@ -0,0 +1,55 @@
+<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.apache.org/bad-c14n-algo"></ds:CanonicalizationMethod>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></ds:SignatureMethod>
+<ds:Reference URI="#TheFirstObject">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></ds:Transform>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+<ds:DigestValue>ipbs0UyafkdRIcfIo9zyZLce+CE=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>W1C5ZT2nQwXd+zIeZ1NUFjx5qn0ERyiLnSeYSS+FDG9yOpK1FK8AVA==</ds:SignatureValue>
+<ds:KeyInfo>
+<ds:X509Data>
+<ds:X509Certificate>
+MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2
+ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl
+dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC
+REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD
+VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T
+gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv
+8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
+Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv
+u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e
+K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
+gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR
+cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK
+8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC
+FA9ab72kKuB5geYGeckbBrcgPnZk
+</ds:X509Certificate>
+</ds:X509Data>
+<ds:KeyValue>
+<ds:DSAKeyValue>
+<ds:P>
+/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA
+HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAcc=
+</ds:P>
+<ds:Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q>
+<ds:G>
+9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
+zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL
+Zl6Ae1UlZAFMO/7PSSo=
+</ds:G>
+<ds:Y>
+Eln5/htZP51p7Y/Y1+zZOSSmoi2fQS0deniScan3990xy33RrPfF5odqEVmVYfTzFfKEz94aUXEY
+qY2VGVRCKrAZThk1SwoOB+UyfNSVjoqa4fppIQpTalK/JeR7uxQUr0Aeop68nr2u49GijYiLyvL3
+x04lGaZ8jUYZL3gZTNI=
+</ds:Y>
+</ds:DSAKeyValue>
+</ds:KeyValue>
+</ds:KeyInfo>
+<ds:Object Id="TheFirstObject"><InsideObject>A text in a box</InsideObject></ds:Object>
+</ds:Signature>
diff --git a/samples/data/org/apache/xml/security/temp/signature/signature-bad-sig-algo.xml b/samples/data/org/apache/xml/security/temp/signature/signature-bad-sig-algo.xml
new file mode 100644
index 0000000..5dabe5e
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/signature/signature-bad-sig-algo.xml
@@ -0,0 +1,55 @@
+<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod>
+<ds:SignatureMethod Algorithm="http://www.apache.org/bad-sig-algo"></ds:SignatureMethod>
+<ds:Reference URI="#TheFirstObject">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></ds:Transform>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+<ds:DigestValue>ipbs0UyafkdRIcfIo9zyZLce+CE=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>W1C5ZT2nQwXd+zIeZ1NUFjx5qn0ERyiLnSeYSS+FDG9yOpK1FK8AVA==</ds:SignatureValue>
+<ds:KeyInfo>
+<ds:X509Data>
+<ds:X509Certificate>
+MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2
+ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl
+dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC
+REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD
+VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T
+gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv
+8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
+Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv
+u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e
+K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
+gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR
+cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK
+8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC
+FA9ab72kKuB5geYGeckbBrcgPnZk
+</ds:X509Certificate>
+</ds:X509Data>
+<ds:KeyValue>
+<ds:DSAKeyValue>
+<ds:P>
+/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA
+HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAcc=
+</ds:P>
+<ds:Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q>
+<ds:G>
+9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
+zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL
+Zl6Ae1UlZAFMO/7PSSo=
+</ds:G>
+<ds:Y>
+Eln5/htZP51p7Y/Y1+zZOSSmoi2fQS0deniScan3990xy33RrPfF5odqEVmVYfTzFfKEz94aUXEY
+qY2VGVRCKrAZThk1SwoOB+UyfNSVjoqa4fppIQpTalK/JeR7uxQUr0Aeop68nr2u49GijYiLyvL3
+x04lGaZ8jUYZL3gZTNI=
+</ds:Y>
+</ds:DSAKeyValue>
+</ds:KeyValue>
+</ds:KeyInfo>
+<ds:Object Id="TheFirstObject"><InsideObject>A text in a box</InsideObject></ds:Object>
+</ds:Signature>
diff --git a/samples/data/org/apache/xml/security/temp/signature/signature-bad-transform-algo.xml b/samples/data/org/apache/xml/security/temp/signature/signature-bad-transform-algo.xml
new file mode 100644
index 0000000..32c4713
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/signature/signature-bad-transform-algo.xml
@@ -0,0 +1,55 @@
+<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></ds:SignatureMethod>
+<ds:Reference URI="#TheFirstObject">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.apache.org/bad-transform-algo"></ds:Transform>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+<ds:DigestValue>ipbs0UyafkdRIcfIo9zyZLce+CE=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>W1C5ZT2nQwXd+zIeZ1NUFjx5qn0ERyiLnSeYSS+FDG9yOpK1FK8AVA==</ds:SignatureValue>
+<ds:KeyInfo>
+<ds:X509Data>
+<ds:X509Certificate>
+MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2
+ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl
+dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC
+REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD
+VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T
+gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv
+8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
+Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv
+u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e
+K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
+gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR
+cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK
+8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC
+FA9ab72kKuB5geYGeckbBrcgPnZk
+</ds:X509Certificate>
+</ds:X509Data>
+<ds:KeyValue>
+<ds:DSAKeyValue>
+<ds:P>
+/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA
+HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAcc=
+</ds:P>
+<ds:Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q>
+<ds:G>
+9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
+zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL
+Zl6Ae1UlZAFMO/7PSSo=
+</ds:G>
+<ds:Y>
+Eln5/htZP51p7Y/Y1+zZOSSmoi2fQS0deniScan3990xy33RrPfF5odqEVmVYfTzFfKEz94aUXEY
+qY2VGVRCKrAZThk1SwoOB+UyfNSVjoqa4fppIQpTalK/JeR7uxQUr0Aeop68nr2u49GijYiLyvL3
+x04lGaZ8jUYZL3gZTNI=
+</ds:Y>
+</ds:DSAKeyValue>
+</ds:KeyValue>
+</ds:KeyInfo>
+<ds:Object Id="TheFirstObject"><InsideObject>A text in a box</InsideObject></ds:Object>
+</ds:Signature>
diff --git a/samples/data/org/apache/xml/security/temp/signature/signature-good.xml b/samples/data/org/apache/xml/security/temp/signature/signature-good.xml
new file mode 100644
index 0000000..13e33ac
--- /dev/null
+++ b/samples/data/org/apache/xml/security/temp/signature/signature-good.xml
@@ -0,0 +1,55 @@
+<ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+<ds:SignedInfo>
+<ds:CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"></ds:CanonicalizationMethod>
+<ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"></ds:SignatureMethod>
+<ds:Reference URI="#TheFirstObject">
+<ds:Transforms>
+<ds:Transform Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"></ds:Transform>
+</ds:Transforms>
+<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"></ds:DigestMethod>
+<ds:DigestValue>ipbs0UyafkdRIcfIo9zyZLce+CE=</ds:DigestValue>
+</ds:Reference>
+</ds:SignedInfo>
+<ds:SignatureValue>W1C5ZT2nQwXd+zIeZ1NUFjx5qn0ERyiLnSeYSS+FDG9yOpK1FK8AVA==</ds:SignatureValue>
+<ds:KeyInfo>
+<ds:X509Data>
+<ds:X509Certificate>
+MIIC9jCCArQCBDruqiowCwYHKoZIzjgEAwUAMGExCzAJBgNVBAYTAkRFMR0wGwYDVQQKExRVbml2
+ZXJzaXR5IG9mIFNpZWdlbjEQMA4GA1UECxMHRkIxMk5VRTEhMB8GA1UEAxMYQ2hyaXN0aWFuIEdl
+dWVyLVBvbGxtYW5uMB4XDTAxMDUwMTEyMjA1OFoXDTA2MTAyMjEyMjA1OFowYTELMAkGA1UEBhMC
+REUxHTAbBgNVBAoTFFVuaXZlcnNpdHkgb2YgU2llZ2VuMRAwDgYDVQQLEwdGQjEyTlVFMSEwHwYD
+VQQDExhDaHJpc3RpYW4gR2V1ZXItUG9sbG1hbm4wggG3MIIBLAYHKoZIzjgEATCCAR8CgYEA/X9T
+gR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuAHTRv
+8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOuK2HX
+Ku/yIgMZndFIAccCFQCXYFCPFSMLzLKSuYKi64QL8Fgc9QKBgQD34aCF1ps93su8q1w2uFe5eZSv
+u/o66oL5V0wLPQeCZ1FZV4661FlP5nEHEIGAtEkWcSPoTCgWE7fPCTKMyKbhPBZ6i1R8jSjgo64e
+K7OmdZFuo38L+iE1YvH7YnoBJDvMpPG+qFGQiaiD3+Fa5Z8GkotmXoB7VSVkAUw7/s9JKgOBhAAC
+gYASWfn+G1k/nWntj9jX7Nk5JKaiLZ9BLR16eJJxqff33THLfdGs98Xmh2oRWZVh9PMV8oTP3hpR
+cRipjZUZVEIqsBlOGTVLCg4H5TJ81JWOiprh+mkhClNqUr8l5Hu7FBSvQB6inryeva7j0aKNiIvK
+8vfHTiUZpnyNRhkveBlM0jALBgcqhkjOOAQDBQADLwAwLAIUPDd/UmB9GeHqvGjny30Bvjt0AkUC
+FA9ab72kKuB5geYGeckbBrcgPnZk
+</ds:X509Certificate>
+</ds:X509Data>
+<ds:KeyValue>
+<ds:DSAKeyValue>
+<ds:P>
+/X9TgR11EilS30qcLuzk5/YRt1I870QAwx4/gLZRJmlFXUAiUftZPY1Y+r/F9bow9subVWzXgTuA
+HTRv8mZgt2uZUKWkn5/oBHsQIsJPu6nX/rfGG/g7V+fGqKYVDwT7g/bTxR7DAjVUE1oWkTL2dfOu
+K2HXKu/yIgMZndFIAcc=
+</ds:P>
+<ds:Q>l2BQjxUjC8yykrmCouuEC/BYHPU=</ds:Q>
+<ds:G>
+9+GghdabPd7LvKtcNrhXuXmUr7v6OuqC+VdMCz0HgmdRWVeOutRZT+ZxBxCBgLRJFnEj6EwoFhO3
+zwkyjMim4TwWeotUfI0o4KOuHiuzpnWRbqN/C/ohNWLx+2J6ASQ7zKTxvqhRkImog9/hWuWfBpKL
+Zl6Ae1UlZAFMO/7PSSo=
+</ds:G>
+<ds:Y>
+Eln5/htZP51p7Y/Y1+zZOSSmoi2fQS0deniScan3990xy33RrPfF5odqEVmVYfTzFfKEz94aUXEY
+qY2VGVRCKrAZThk1SwoOB+UyfNSVjoqa4fppIQpTalK/JeR7uxQUr0Aeop68nr2u49GijYiLyvL3
+x04lGaZ8jUYZL3gZTNI=
+</ds:Y>
+</ds:DSAKeyValue>
+</ds:KeyValue>
+</ds:KeyInfo>
+<ds:Object Id="TheFirstObject"><InsideObject>A text in a box</InsideObject></ds:Object>
+</ds:Signature>
diff --git a/samples/data/org/w3c/www/TR/2000/REC-xml-20001006 b/samples/data/org/w3c/www/TR/2000/REC-xml-20001006
new file mode 100644
index 0000000..cc363b0
--- /dev/null
+++ b/samples/data/org/w3c/www/TR/2000/REC-xml-20001006
@@ -0,0 +1,3156 @@
+<?xml version="1.0" encoding="iso-8859-1"?>
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
+<!--ArborText, Inc., 1988-2000, v.4002-->
+<html lang="EN">
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"/>
+<title>Extensible Markup Language (XML) 1.0 (Second Edition)</title>
+<link href="http://www.w3.org/StyleSheets/TR/W3C-REC.css" type="text/css"
+rel="stylesheet"/>
+<style type="text/css"> code { font-family: monospace; } div.constraint,
+div.issue, div.note, div.notice { margin-left: 2em; } dt.label
+{ display: run-in; } li p { margin-top: 0.3em;
+ margin-bottom: 0.3em; } </style>
+</head>
+<body> <div class="head"><p><a href="http://www.w3.org/"><img src="http://www.w3.org/Icons/w3c_home"
+alt="W3C" height="48" width="72"/></a></p><h1>Extensible Markup Language (XML)
+1.0 (Second Edition)</h1>
+<h2>W3C Recommendation 6 October 2000</h2><dl>
+<dt>This version:</dt>
+<dd><a href="http://www.w3.org/TR/2000/REC-xml-20001006">http://www.w3.org/TR/2000/REC-xml-20001006</a>
+(<a href="http://www.w3.org/TR/2000/REC-xml-20001006.html">XHTML</a>, <a href="http://www.w3.org/TR/2000/REC-xml-20001006.xml">XML</a>, <a
+href="http://www.w3.org/TR/2000/REC-xml-20001006.pdf">PDF</a>, <a href="http://www.w3.org/TR/2000/REC-xml-20001006-review.html">XHTML
+review version</a> with color-coded revision indicators)</dd>
+<dt>Latest version:</dt>
+<dd><a href="http://www.w3.org/TR/REC-xml">http://www.w3.org/TR/REC-xml</a></dd>
+<dt>Previous versions:</dt>
+<dd><a href="http://www.w3.org/TR/2000/WD-xml-2e-20000814"> http://www.w3.org/TR/2000/WD-xml-2e-20000814</a> </dd>
+<dd><a href="http://www.w3.org/TR/1998/REC-xml-19980210"> http://www.w3.org/TR/1998/REC-xml-19980210</a> </dd>
+<dt>Editors:</dt>
+<dd>Tim Bray, Textuality and Netscape <a href="mailto:tbray@textuality.com"><tbray@textuality.com></a></dd>
+<dd>Jean Paoli, Microsoft <a href="mailto:jeanpa@microsoft.com"><jeanpa@microsoft.com></a></dd>
+<dd>C. M. Sperberg-McQueen, University of Illinois at Chicago and Text Encoding
+Initiative <a href="mailto:cmsmcq@uic.edu"><cmsmcq@uic.edu></a> </dd>
+<dd>Eve Maler, Sun Microsystems, Inc. <a href="mailto:elm@east.sun.com"><eve.maler@east.sun.com></a>
+ - Second Edition</dd>
+</dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2000 <a
+href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup>
+(<a href="http://www.lcs.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a
+href="http://www.inria.fr/"><abbr title="Institut National de Recherche en Informatique et Automatique"
+lang="fr">INRIA</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All
+Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a
+href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a>, <a
+href="http://www.w3.org/Consortium/Legal/copyright-documents-19990405">document
+use</a>, and <a href="http://www.w3.org/Consortium/Legal/copyright-software-19980720">software
+licensing</a> rules apply.</p></div><hr class="html_compat"/><div><h2><a
+name="abstract">Abstract</a></h2> <p>The Extensible Markup Language (XML)
+is a subset of SGML that is completely described in this document. Its goal
+is to enable generic SGML to be served, received, and processed on the Web
+in the way that is now possible with HTML. XML has been designed for ease
+of implementation and for interoperability with both SGML and HTML.</p> </div><div>
+<h2><a name="status">Status of this Document</a></h2> <p>This
+document has been reviewed by W3C Members and other interested parties and
+has been endorsed by the Director as a W3C Recommendation. It is a stable
+document and may be used as reference material or cited as a normative reference
+from another document. W3C's role in making the Recommendation is to draw
+attention to the specification and to promote its widespread deployment. This
+enhances the functionality and interoperability of the Web.</p> <p>This document
+specifies a syntax created by subsetting an existing, widely used international
+text processing standard (Standard Generalized Markup Language, ISO 8879:1986(E)
+as amended and corrected) for use on the World Wide Web. It is a product of
+the W3C XML Activity, details of which can be found at <a href="http://www.w3.org/XML/">http://www.w3.org/XML</a>.
+ The English version of this specification is the only normative version.
+However, for translations of this document, see <a href="http://www.w3.org/XML/#trans">http://www.w3.org/XML/#trans</a>.
+A list of current W3C Recommendations and other technical documents can be
+found at <a href="http://www.w3.org/TR/">http://www.w3.org/TR</a>.</p> <p>This
+second edition is <em>not</em> a new version of XML (first published 10 February 1998); it merely incorporates
+the changes dictated by the first-edition errata (available at <a href="http://www.w3.org/XML/xml-19980210-errata">http://www.w3.org/XML/xml-19980210-errata</a
+>) as a convenience to readers. The errata list for this second edition is
+available at <a href="http://www.w3.org/XML/xml-V10-2e-errata">http://www.w3.org/XML/xml-V10-2e-errata</a>.</p> <p>Please
+report errors in this document to <a href="mailto:xml-editor@w3.org">xml-editor@w3.org</a>; <a
+href="http://lists.w3.org/Archives/Public/xml-editor">archives</a> are available.</p> <div
+class="note"><p class="prefix"><b>Note:</b></p> <p>C. M. Sperberg-McQueen's
+affiliation has changed since the publication of the first edition. He is
+now at the World Wide Web Consortium, and can be contacted at <a href="mailto:cmsmcq@w3.org">cmsmcq@w3.org</a>.</p> </div> </div> <div
+class="toc"><h2><a name="contents">Table of Contents</a></h2><p class="toc">1 <a
+href="#sec-intro">Introduction</a><br class="html_compat"/> 1.1 <a
+href="#sec-origin-goals">Origin and Goals</a><br class="html_compat"/> 1.2 <a
+href="#sec-terminology">Terminology</a><br class="html_compat"/>2 <a href="#sec-documents">Documents</a><br
+class="html_compat"/> 2.1 <a href="#sec-well-formed">Well-Formed
+XML Documents</a><br class="html_compat"/> 2.2 <a href="#charsets">Characters</a><br
+class="html_compat"/> 2.3 <a href="#sec-common-syn">Common
+Syntactic Constructs</a><br class="html_compat"/> 2.4 <a
+href="#syntax">Character Data and Markup</a><br class="html_compat"/> 2.5 <a
+href="#sec-comments">Comments</a><br class="html_compat"/> 2.6 <a
+href="#sec-pi">Processing Instructions</a><br class="html_compat"/> 2.7 <a
+href="#sec-cdata-sect">CDATA Sections</a><br class="html_compat"/> 2.8 <a
+href="#sec-prolog-dtd">Prolog and Document Type Declaration</a><br class="html_compat"/> 2.9 <a
+href="#sec-rmd">Standalone Document Declaration</a><br class="html_compat"/> 2.10 <a
+href="#sec-white-space">White Space Handling</a><br class="html_compat"/> 2.11 <a
+href="#sec-line-ends">End-of-Line Handling</a><br class="html_compat"/> 2.12 <a
+href="#sec-lang-tag">Language Identification</a><br class="html_compat"/>3 <a
+href="#sec-logical-struct">Logical Structures</a><br class="html_compat"/> 3.1 <a
+href="#sec-starttags">Start-Tags, End-Tags, and Empty-Element Tags</a><br
+class="html_compat"/> 3.2 <a href="#elemdecls">Element
+Type Declarations</a><br class="html_compat"/> 3.2.1 <a
+href="#sec-element-content">Element Content</a><br class="html_compat"/> 3.2.2 <a
+href="#sec-mixed-content">Mixed Content</a><br class="html_compat"/> 3.3 <a
+href="#attdecls">Attribute-List Declarations</a><br class="html_compat"/> 3.3.1 <a
+href="#sec-attribute-types">Attribute Types</a><br class="html_compat"/> 3.3.2 <a
+href="#sec-attr-defaults">Attribute Defaults</a><br class="html_compat"/> 3.3.3 <a
+href="#AVNormalize">Attribute-Value Normalization</a><br class="html_compat"/> 3.4 <a
+href="#sec-condition-sect">Conditional Sections</a><br class="html_compat"/>4 <a
+href="#sec-physical-struct">Physical Structures</a><br class="html_compat"/> 4.1 <a
+href="#sec-references">Character and Entity References</a><br class="html_compat"/> 4.2 <a
+href="#sec-entity-decl">Entity Declarations</a><br class="html_compat"/> 4.2.1 <a
+href="#sec-internal-ent">Internal Entities</a><br class="html_compat"/> 4.2.2 <a
+href="#sec-external-ent">External Entities</a><br class="html_compat"/> 4.3 <a
+href="#TextEntities">Parsed Entities</a><br class="html_compat"/> 4.3.1 <a
+href="#sec-TextDecl">The Text Declaration</a><br class="html_compat"/> 4.3.2 <a
+href="#wf-entities">Well-Formed Parsed Entities</a><br class="html_compat"/> 4.3.3 <a
+href="#charencoding">Character Encoding in Entities</a><br class="html_compat"/> 4.4 <a
+href="#entproc">XML Processor Treatment of Entities and References</a><br
+class="html_compat"/> 4.4.1 <a
+href="#not-recognized">Not Recognized</a><br class="html_compat"/> 4.4.2 <a
+href="#included">Included</a><br class="html_compat"/> 4.4.3 <a
+href="#include-if-valid">Included If Validating</a><br class="html_compat"/> 4.4.4 <a
+href="#forbidden">Forbidden</a><br class="html_compat"/> 4.4.5 <a
+href="#inliteral">Included in Literal</a><br class="html_compat"/> 4.4.6 <a
+href="#notify">Notify</a><br class="html_compat"/> 4.4.7 <a
+href="#bypass">Bypassed</a><br class="html_compat"/> 4.4.8 <a
+href="#as-PE">Included as PE</a><br class="html_compat"/> 4.5 <a
+href="#intern-replacement">Construction of Internal Entity Replacement Text</a><br
+class="html_compat"/> 4.6 <a href="#sec-predefined-ent">Predefined
+Entities</a><br class="html_compat"/> 4.7 <a href="#Notations">Notation
+Declarations</a><br class="html_compat"/> 4.8 <a href="#sec-doc-entity">Document
+Entity</a><br class="html_compat"/>5 <a href="#sec-conformance">Conformance</a><br
+class="html_compat"/> 5.1 <a href="#proc-types">Validating
+and Non-Validating Processors</a><br class="html_compat"/> 5.2 <a
+href="#safe-behavior">Using XML Processors</a><br class="html_compat"/>6 <a
+href="#sec-notation">Notation</a><br class="html_compat"/></p><h3>Appendices</h3><p
+class="toc">A <a href="#sec-bibliography">References</a><br class="html_compat"/> A.1 <a
+href="#sec-existing-stds">Normative References</a><br class="html_compat"/> A.2 <a
+href="#null">Other References</a><br class="html_compat"/>B <a href="#CharClasses">Character
+Classes</a><br class="html_compat"/>C <a href="#sec-xml-and-sgml">XML and
+SGML</a> (Non-Normative)<br class="html_compat"/>D <a href="#sec-entexpand">Expansion
+of Entity and Character References</a> (Non-Normative)<br class="html_compat"/>E <a
+href="#determinism">Deterministic Content Models</a> (Non-Normative)<br class="html_compat"/>F <a
+href="#sec-guessing">Autodetection of Character Encodings</a> (Non-Normative)<br
+class="html_compat"/> F.1 <a href="#sec-guessing-no-ext-info">Detection
+Without External Encoding Information</a><br class="html_compat"/> F.2 <a
+href="#sec-guessing-with-ext-info">Priorities in the Presence of External
+Encoding Information</a><br class="html_compat"/>G <a href="#sec-xml-wg">W3C
+XML Working Group</a> (Non-Normative)<br class="html_compat"/>H <a href="#sec-core-wg">W3C
+XML Core Group</a> (Non-Normative)<br class="html_compat"/>I <a href="#b4d250b6c21">Production
+Notes</a> (Non-Normative)<br class="html_compat"/></p></div><hr class="html_compat"/><div
+class="body"> <div class="div1"> <h2><a name="sec-intro"></a>1 Introduction</h2> <p>Extensible
+Markup Language, abbreviated XML, describes a class of data objects called <a
+title="XML Document" href="#dt-xml-doc">XML documents</a> and partially describes
+the behavior of computer programs which process them. XML is an application
+profile or restricted form of SGML, the Standard Generalized Markup Language <a
+href="#ISO8879">[ISO 8879]</a>. By construction, XML documents are conforming
+SGML documents.</p> <p>XML documents are made up of storage units called <a
+title="Entity" href="#dt-entity">entities</a>, which contain either parsed
+or unparsed data. Parsed data is made up of <a title="Character" href="#dt-character">characters</a>,
+some of which form <a title="Character Data" href="#dt-chardata">character
+data</a>, and some of which form <a title="Markup" href="#dt-markup">markup</a>.
+Markup encodes a description of the document's storage layout and logical
+structure. XML provides a mechanism to impose constraints on the storage layout
+and logical structure.</p> <p>[<a title="XML Processor" name="dt-xml-proc">Definition</a>:
+A software module called an <b>XML processor</b> is used to read XML documents
+and provide access to their content and structure.] [<a title="Application"
+name="dt-app">Definition</a>: It is assumed that an XML processor is doing
+its work on behalf of another module, called the <b>application</b>.] This
+specification describes the required behavior of an XML processor in terms
+of how it must read XML data and the information it must provide to the application.</p> <div
+class="div2"> <h3><a name="sec-origin-goals"></a>1.1 Origin and Goals</h3> <p>XML
+was developed by an XML Working Group (originally known as the SGML Editorial
+Review Board) formed under the auspices of the World Wide Web Consortium (W3C)
+in 1996. It was chaired by Jon Bosak of Sun Microsystems with the active participation
+of an XML Special Interest Group (previously known as the SGML Working Group)
+also organized by the W3C. The membership of the XML Working Group is given
+in an appendix. Dan Connolly served as the WG's contact with the W3C.</p> <p>The
+design goals for XML are:</p> <ol>
+<li><p>XML shall be straightforwardly usable over the Internet.</p></li>
+<li><p>XML shall support a wide variety of applications.</p></li>
+<li><p>XML shall be compatible with SGML.</p></li>
+<li><p>It shall be easy to write programs which process XML documents.</p> </li>
+<li><p>The number of optional features in XML is to be kept to the absolute
+minimum, ideally zero.</p></li>
+<li><p>XML documents should be human-legible and reasonably clear.</p></li>
+<li><p>The XML design should be prepared quickly.</p></li>
+<li><p>The design of XML shall be formal and concise.</p></li>
+<li><p>XML documents shall be easy to create.</p></li>
+<li><p>Terseness in XML markup is of minimal importance.</p></li>
+</ol> <p>This specification, together with associated standards (Unicode and
+ISO/IEC 10646 for characters, Internet RFC 1766 for language identification
+tags, ISO 639 for language name codes, and ISO 3166 for country name codes),
+provides all the information necessary to understand XML Version 1.0 and construct
+computer programs to process it.</p> <p>This version of the XML specification
+ may be distributed freely, as long as all text and legal notices remain intact.</p> </div> <div
+class="div2"> <h3><a name="sec-terminology"></a>1.2 Terminology</h3> <p>The
+terminology used to describe XML documents is defined in the body of this
+specification. The terms defined in the following list are used in building
+those definitions and in describing the actions of an XML processor: </p><dl>
+<dt class="label">may</dt>
+<dd> <p>[<a title="May" name="dt-may">Definition</a>: Conforming documents
+and XML processors are permitted to but need not behave as described.]</p> </dd>
+<dt class="label">must</dt>
+<dd> <p>[<a title="Must" name="dt-must">Definition</a>: Conforming documents
+and XML processors are required to behave as described; otherwise they are
+in error. ]</p> </dd>
+<dt class="label">error</dt>
+<dd> <p>[<a title="Error" name="dt-error">Definition</a>: A violation of the
+rules of this specification; results are undefined. Conforming software may
+detect and report an error and may recover from it.]</p> </dd>
+<dt class="label">fatal error</dt>
+<dd> <p>[<a title="Fatal Error" name="dt-fatal">Definition</a>: An error which
+a conforming <a title="XML Processor" href="#dt-xml-proc">XML processor</a>
+must detect and report to the application. After encountering a fatal error,
+the processor may continue processing the data to search for further errors
+and may report such errors to the application. In order to support correction
+of errors, the processor may make unprocessed data from the document (with
+intermingled character data and markup) available to the application. Once
+a fatal error is detected, however, the processor must not continue normal
+processing (i.e., it must not continue to pass character data and information
+about the document's logical structure to the application in the normal way).]</p> </dd>
+<dt class="label">at user option</dt>
+<dd> <p>[<a title="At user option" name="dt-atuseroption">Definition</a>:
+Conforming software may or must (depending on the modal verb in the sentence)
+behave as described; if it does, it must provide users a means to enable or
+disable the behavior described.]</p> </dd>
+<dt class="label">validity constraint</dt>
+<dd> <p>[<a title="Validity constraint" name="dt-vc">Definition</a>: A rule
+which applies to all <a title="Validity" href="#dt-valid">valid</a> XML documents.
+Violations of validity constraints are errors; they must, at user option,
+be reported by <a title="Validating Processor" href="#dt-validating">validating
+XML processors</a>.]</p> </dd>
+<dt class="label">well-formedness constraint</dt>
+<dd> <p>[<a title="Well-formedness constraint" name="dt-wfc">Definition</a>:
+A rule which applies to all <a title="Well-Formed" href="#dt-wellformed">well-formed</a>
+XML documents. Violations of well-formedness constraints are <a title="Fatal Error"
+href="#dt-fatal">fatal errors</a>.]</p> </dd>
+<dt class="label">match</dt>
+<dd> <p>[<a title="match" name="dt-match">Definition</a>: (Of strings or names:)
+Two strings or names being compared must be identical. Characters with multiple
+possible representations in ISO/IEC 10646 (e.g. characters with both precomposed
+and base+diacritic forms) match only if they have the same representation
+in both strings. No case folding is performed. (Of strings and rules in the
+grammar:) A string matches a grammatical production if it belongs to the language
+generated by that production. (Of content and content models:) An element
+matches its declaration when it conforms in the fashion described in the constraint <a
+href="#elementvalid"><b>[VC: Element Valid]</b></a>.]</p> </dd>
+<dt class="label">for compatibility</dt>
+<dd> <p>[<a title="For Compatibility" name="dt-compat">Definition</a>: Marks
+a sentence describing a feature of XML included solely to ensure that XML
+remains compatible with SGML.]</p> </dd>
+<dt class="label">for interoperability</dt>
+<dd> <p>[<a title="For interoperability" name="dt-interop">Definition</a>:
+Marks a sentence describing a non-binding recommendation included to increase
+the chances that XML documents can be processed by the existing installed
+base of SGML processors which predate the WebSGML Adaptations Annex to ISO
+8879.]</p> </dd>
+</dl><p></p> </div> </div> <div class="div1"> <h2><a name="sec-documents"></a>2
+Documents</h2> <p>[<a title="XML Document" name="dt-xml-doc">Definition</a>:
+ A data object is an <b>XML document</b> if it is <a title="Well-Formed" href="#dt-wellformed">well-formed</a>,
+as defined in this specification. A well-formed XML document may in addition
+be <a title="Validity" href="#dt-valid">valid</a> if it meets certain further
+constraints.]</p> <p>Each XML document has both a logical and a physical structure.
+Physically, the document is composed of units called <a title="Entity" href="#dt-entity">entities</a>.
+An entity may <a title="Entity Reference" href="#dt-entref">refer</a> to other
+entities to cause their inclusion in the document. A document begins in a
+"root" or <a title="Document Entity" href="#dt-docent">document entity</a>.
+Logically, the document is composed of declarations, elements, comments, character
+references, and processing instructions, all of which are indicated in the
+document by explicit markup. The logical and physical structures must nest
+properly, as described in <a href="#wf-entities"><b>4.3.2 Well-Formed Parsed
+Entities</b></a>.</p> <div class="div2"> <h3><a name="sec-well-formed"></a>2.1
+Well-Formed XML Documents</h3> <p>[<a title="Well-Formed" name="dt-wellformed">Definition</a>:
+ A textual object is a <b>well-formed</b> XML document if:]</p> <ol>
+<li><p>Taken as a whole, it matches the production labeled <a href="#NT-document">document</a>.</p> </li>
+<li><p>It meets all the well-formedness constraints given in this specification.</p> </li>
+<li><p>Each of the <a title="Text Entity" href="#dt-parsedent">parsed entities</a>
+which is referenced directly or indirectly within the document is <a title="Well-Formed"
+href="#dt-wellformed">well-formed</a>.</p></li>
+</ol> <h5>Document</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-document"></a>[1] </td>
+<td><code>document</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-prolog">prolog</a> <a href="#NT-element">element</a> <a
+href="#NT-Misc">Misc</a>*</code></td>
+</tr>
+</tbody></table> <p>Matching the <a href="#NT-document">document</a> production
+implies that:</p> <ol>
+<li><p>It contains one or more <a title="Element" href="#dt-element">elements</a>.</p> </li>
+<li><p>[<a title="Root Element" name="dt-root">Definition</a>: There is exactly
+one element, called the <b>root</b>, or document element, no part of which
+appears in the <a title="Content" href="#dt-content">content</a> of any other
+element.] For all other elements, if the <a title="Start-Tag" href="#dt-stag">start-tag</a>
+is in the content of another element, the <a title="End Tag" href="#dt-etag">end-tag</a>
+is in the content of the same element. More simply stated, the elements, delimited
+by start- and end-tags, nest properly within each other.</p></li>
+</ol> <p>[<a title="Parent/Child" name="dt-parentchild">Definition</a>: As
+a consequence of this, for each non-root element <code>C</code> in the document,
+there is one other element <code>P</code> in the document such that <code>C</code>
+is in the content of <code>P</code>, but is not in the content of any other
+element that is in the content of <code>P</code>. <code>P</code> is referred
+to as the <b>parent</b> of <code>C</code>, and <code>C</code> as a <b>child</b>
+of <code>P</code>.]</p> </div> <div class="div2"> <h3><a name="charsets"></a>2.2
+Characters</h3> <p>[<a title="Text" name="dt-text">Definition</a>: A parsed
+entity contains <b>text</b>, a sequence of <a title="Character" href="#dt-character">characters</a>,
+which may represent markup or character data.] [<a title="Character" name="dt-character">Definition</a>:
+A <b>character</b> is an atomic unit of text as specified by ISO/IEC 10646 <a
+href="#ISO10646">[ISO/IEC 10646]</a> (see also <a href="#ISO10646-2000">[ISO/IEC
+10646-2000]</a>). Legal characters are tab, carriage return, line feed, and
+the legal characters of Unicode and ISO/IEC 10646. The versions of these standards
+cited in <a href="#sec-existing-stds"><b>A.1 Normative References</b></a>
+were current at the time this document was prepared. New characters may be
+added to these standards by amendments or new editions. Consequently, XML
+processors must accept any character in the range specified for <a href="#NT-Char">Char</a>.
+The use of "compatibility characters", as defined in section 6.8 of <a href="#Unicode">[Unicode]</a>
+(see also D21 in section 3.6 of <a href="#Unicode3">[Unicode3]</a>), is discouraged.]</p> <h5>Character
+Range</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-Char"></a>[2] </td>
+<td><code>Char</code></td>
+<td> ::= </td>
+<td><code>#x9 | #xA | #xD | [#x20-#xD7FF] | [#xE000-#xFFFD] | [#x10000-#x10FFFF]</code></td>
+<td><i>/* any Unicode character, excluding the surrogate blocks, FFFE, and
+FFFF. */</i></td>
+</tr>
+</tbody></table> <p>The mechanism for encoding character code points into
+bit patterns may vary from entity to entity. All XML processors must accept
+the UTF-8 and UTF-16 encodings of 10646; the mechanisms for signaling which
+of the two is in use, or for bringing other encodings into play, are discussed
+later, in <a href="#charencoding"><b>4.3.3 Character Encoding in Entities</b></a>.</p>
+ </div> <div class="div2"> <h3><a name="sec-common-syn"></a>2.3 Common Syntactic
+Constructs</h3> <p>This section defines some symbols used widely in the grammar.</p> <p><a
+href="#NT-S">S</a> (white space) consists of one or more space (#x20) characters,
+carriage returns, line feeds, or tabs.</p> <h5>White Space</h5><table class="scrap">
+<tbody>
+<tr valign="baseline">
+<td><a name="NT-S"></a>[3] </td>
+<td><code>S</code></td>
+<td> ::= </td>
+<td><code>(#x20 | #x9 | #xD | #xA)+</code></td>
+</tr>
+</tbody></table> <p>Characters are classified for convenience as letters,
+digits, or other characters. A letter consists of an alphabetic or syllabic
+base character or an ideographic character. Full definitions of the specific
+characters in each class are given in <a href="#CharClasses"><b>B Character
+Classes</b></a>.</p> <p>[<a title="Name" name="dt-name">Definition</a>: A <b>Name</b>
+is a token beginning with a letter or one of a few punctuation characters,
+and continuing with letters, digits, hyphens, underscores, colons, or full
+stops, together known as name characters.] Names beginning with the string
+"<code>xml</code>", or any string which would match <code>(('X'|'x') ('M'|'m')
+('L'|'l'))</code>, are reserved for standardization in this or future versions
+of this specification.</p> <div class="note"><p class="prefix"><b>Note:</b></p> <p>The
+Namespaces in XML Recommendation <a href="#xml-names">[XML Names]</a> assigns
+a meaning to names containing colon characters. Therefore, authors should
+not use the colon in XML names except for namespace purposes, but XML processors
+must accept the colon as a name character.</p> </div> <p>An <a href="#NT-Nmtoken">Nmtoken</a>
+(name token) is any mixture of name characters.</p> <h5>Names and Tokens</h5><table
+class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-NameChar"></a>[4] </td>
+<td><code>NameChar</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-Letter">Letter</a> | <a href="#NT-Digit">Digit</a>
+| '.' | '-' | '_' | ':' | <a href="#NT-CombiningChar">CombiningChar</a> | <a
+href="#NT-Extender">Extender</a></code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-Name"></a>[5] </td>
+<td><code>Name</code></td>
+<td> ::= </td>
+<td><code>(<a href="#NT-Letter">Letter</a> | '_' | ':') (<a href="#NT-NameChar">NameChar</a>)*</code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-Names"></a>[6] </td>
+<td><code>Names</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-Name">Name</a> (<a href="#NT-S">S</a> <a href="#NT-Name">Name</a>)*</code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-Nmtoken"></a>[7] </td>
+<td><code>Nmtoken</code></td>
+<td> ::= </td>
+<td><code>(<a href="#NT-NameChar">NameChar</a>)+</code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-Nmtokens"></a>[8] </td>
+<td><code>Nmtokens</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-Nmtoken">Nmtoken</a> (<a href="#NT-S">S</a> <a href="#NT-Nmtoken">Nmtoken</a>)*</code></td>
+</tr>
+</tbody></table> <p>Literal data is any quoted string not containing the quotation
+mark used as a delimiter for that string. Literals are used for specifying
+the content of internal entities (<a href="#NT-EntityValue">EntityValue</a>),
+the values of attributes (<a href="#NT-AttValue">AttValue</a>), and external
+identifiers (<a href="#NT-SystemLiteral">SystemLiteral</a>). Note that a <a
+href="#NT-SystemLiteral">SystemLiteral</a> can be parsed without scanning
+for markup.</p> <h5>Literals</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-EntityValue"></a>[9] </td>
+<td><code>EntityValue</code></td>
+<td> ::= </td>
+<td><code>'"' ([^%&"] | <a href="#NT-PEReference">PEReference</a> | <a
+href="#NT-Reference">Reference</a>)* '"' </code></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td><code>| "'" ([^%&'] | <a href="#NT-PEReference">PEReference</a>
+| <a href="#NT-Reference">Reference</a>)* "'"</code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-AttValue"></a>[10] </td>
+<td><code>AttValue</code></td>
+<td> ::= </td>
+<td><code>'"' ([^<&"] | <a href="#NT-Reference">Reference</a>)* '"' </code></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td><code>| "'" ([^<&'] | <a href="#NT-Reference">Reference</a>)*
+"'"</code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-SystemLiteral"></a>[11] </td>
+<td><code>SystemLiteral</code></td>
+<td> ::= </td>
+<td><code>('"' [^"]* '"') | ("'" [^']* "'") </code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-PubidLiteral"></a>[12] </td>
+<td><code>PubidLiteral</code></td>
+<td> ::= </td>
+<td><code>'"' <a href="#NT-PubidChar">PubidChar</a>* '"' | "'" (<a href="#NT-PubidChar">PubidChar</a>
+- "'")* "'"</code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-PubidChar"></a>[13] </td>
+<td><code>PubidChar</code></td>
+<td> ::= </td>
+<td><code>#x20 | #xD | #xA | [a-zA-Z0-9] | [-'()+,./:=?;!*#@$_%]</code></td>
+</tr>
+</tbody></table> <div class="note"><p class="prefix"><b>Note:</b></p> <p>Although
+the <a href="#NT-EntityValue">EntityValue</a> production allows the definition
+of an entity consisting of a single explicit <code><</code> in the literal
+(e.g., <code><!ENTITY mylt "<"></code>), it is strongly advised to avoid
+this practice since any reference to that entity will cause a well-formedness
+error.</p> </div> </div> <div class="div2"> <h3><a name="syntax"></a>2.4 Character
+Data and Markup</h3> <p><a title="Text" href="#dt-text">Text</a> consists
+of intermingled <a title="Character Data" href="#dt-chardata">character data</a>
+and markup. [<a title="Markup" name="dt-markup">Definition</a>: <b>Markup</b>
+takes the form of <a title="Start-Tag" href="#dt-stag">start-tags</a>, <a
+title="End Tag" href="#dt-etag">end-tags</a>, <a title="Empty" href="#dt-empty">empty-element
+tags</a>, <a title="Entity Reference" href="#dt-entref">entity references</a>, <a
+title="Character Reference" href="#dt-charref">character references</a>, <a
+title="Comment" href="#dt-comment">comments</a>, <a title="CDATA Section"
+href="#dt-cdsection">CDATA section</a> delimiters, <a title="Document Type Declaration"
+href="#dt-doctype">document type declarations</a>, <a title="Processing instruction"
+href="#dt-pi">processing instructions</a>, <a href="#NT-XMLDecl">XML declarations</a>, <a
+href="#NT-TextDecl">text declarations</a>, and any white space that is at
+the top level of the document entity (that is, outside the document element
+and not inside any other markup).]</p> <p>[<a title="Character Data" name="dt-chardata">Definition</a>:
+All text that is not markup constitutes the <b>character data</b> of the document.]</p> <p>The
+ampersand character (&) and the left angle bracket (<) may appear in
+their literal form <em>only</em> when used as markup delimiters, or within
+a <a title="Comment" href="#dt-comment">comment</a>, a <a title="Processing instruction"
+href="#dt-pi">processing instruction</a>, or a <a title="CDATA Section" href="#dt-cdsection">CDATA
+section</a>. If they are needed elsewhere, they must be <a title="escape"
+href="#dt-escape">escaped</a> using either <a title="Character Reference"
+href="#dt-charref">numeric character references</a> or the strings "<code>&amp;</code>"
+and "<code>&lt;</code>" respectively. The right angle bracket (>) may
+be represented using the string "<code>&gt;</code>", and must, <a title="For Compatibility"
+href="#dt-compat">for compatibility</a>, be escaped using "<code>&gt;</code>"
+or a character reference when it appears in the string "<code>]]></code>"
+in content, when that string is not marking the end of a <a title="CDATA Section"
+href="#dt-cdsection">CDATA section</a>.</p> <p>In the content of elements,
+character data is any string of characters which does not contain the start-delimiter
+of any markup. In a CDATA section, character data is any string of characters
+not including the CDATA-section-close delimiter, "<code>]]></code>".</p> <p>To
+allow attribute values to contain both single and double quotes, the apostrophe
+or single-quote character (') may be represented as "<code>&apos;</code>",
+and the double-quote character (") as "<code>&quot;</code>".</p> <h5>Character
+Data</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-CharData"></a>[14] </td>
+<td><code>CharData</code></td>
+<td> ::= </td>
+<td><code>[^<&]* - ([^<&]* ']]>' [^<&]*)</code></td>
+</tr>
+</tbody></table> </div> <div class="div2"> <h3><a name="sec-comments"></a>2.5
+Comments</h3> <p>[<a title="Comment" name="dt-comment">Definition</a>: <b>Comments</b>
+may appear anywhere in a document outside other <a title="Markup" href="#dt-markup">markup</a>;
+in addition, they may appear within the document type declaration at places
+allowed by the grammar. They are not part of the document's <a title="Character Data"
+href="#dt-chardata">character data</a>; an XML processor may, but need not,
+make it possible for an application to retrieve the text of comments. <a title="For Compatibility"
+href="#dt-compat">For compatibility</a>, the string "<code>--</code>" (double-hyphen)
+must not occur within comments.] Parameter entity references are not recognized
+within comments.</p> <h5>Comments</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-Comment"></a>[15] </td>
+<td><code>Comment</code></td>
+<td> ::= </td>
+<td><code>'<!--' ((<a href="#NT-Char">Char</a> - '-') | ('-' (<a href="#NT-Char">Char</a>
+- '-')))* '-->'</code></td>
+</tr>
+</tbody></table> <p>An example of a comment:</p> <table class="eg" width="100%"
+border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><!-- declarations for <head> & <body> --></pre></td>
+</tr>
+</table> <p>Note that the grammar does not allow a comment ending in <code>---></code>.
+The following example is <em>not</em> well-formed.</p> <table class="eg" width="100%"
+border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><!-- B+, B, or B---></pre></td>
+</tr>
+</table> </div> <div class="div2"> <h3><a name="sec-pi"></a>2.6 Processing
+Instructions</h3> <p>[<a title="Processing instruction" name="dt-pi">Definition</a>: <b>Processing
+instructions</b> (PIs) allow documents to contain instructions for applications.]</p> <h5>Processing
+Instructions</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-PI"></a>[16] </td>
+<td><code>PI</code></td>
+<td> ::= </td>
+<td><code>'<?' <a href="#NT-PITarget">PITarget</a> (<a href="#NT-S">S</a>
+(<a href="#NT-Char">Char</a>* - (<a href="#NT-Char">Char</a>* '?>' <a href="#NT-Char">Char</a>*)))?
+'?>'</code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-PITarget"></a>[17] </td>
+<td><code>PITarget</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-Name">Name</a> - (('X' | 'x') ('M' | 'm') ('L' | 'l'))</code></td>
+</tr>
+</tbody></table> <p>PIs are not part of the document's <a title="Character Data"
+href="#dt-chardata">character data</a>, but must be passed through to the
+application. The PI begins with a target (<a href="#NT-PITarget">PITarget</a>)
+used to identify the application to which the instruction is directed. The
+target names "<code>XML</code>", "<code>xml</code>", and so on are reserved
+for standardization in this or future versions of this specification. The
+XML <a title="Notation" href="#dt-notation">Notation</a> mechanism may be
+used for formal declaration of PI targets. Parameter entity references are
+not recognized within processing instructions.</p> </div> <div class="div2"> <h3><a
+name="sec-cdata-sect"></a>2.7 CDATA Sections</h3> <p>[<a title="CDATA Section"
+name="dt-cdsection">Definition</a>: <b>CDATA sections</b> may occur anywhere
+character data may occur; they are used to escape blocks of text containing
+characters which would otherwise be recognized as markup. CDATA sections begin
+with the string "<code><![CDATA[</code>" and end with the string "<code>]]></code>":]</p> <h5>CDATA
+Sections</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-CDSect"></a>[18] </td>
+<td><code>CDSect</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-CDStart">CDStart</a> <a href="#NT-CData">CData</a> <a
+href="#NT-CDEnd">CDEnd</a></code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-CDStart"></a>[19] </td>
+<td><code>CDStart</code></td>
+<td> ::= </td>
+<td><code>'<![CDATA['</code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-CData"></a>[20] </td>
+<td><code>CData</code></td>
+<td> ::= </td>
+<td><code>(<a href="#NT-Char">Char</a>* - (<a href="#NT-Char">Char</a>* ']]>' <a
+href="#NT-Char">Char</a>*)) </code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-CDEnd"></a>[21] </td>
+<td><code>CDEnd</code></td>
+<td> ::= </td>
+<td><code>']]>'</code></td>
+</tr>
+</tbody></table> <p>Within a CDATA section, only the <a href="#NT-CDEnd">CDEnd</a>
+string is recognized as markup, so that left angle brackets and ampersands
+may occur in their literal form; they need not (and cannot) be escaped using
+"<code>&lt;</code>" and "<code>&amp;</code>". CDATA sections cannot
+nest.</p> <p>An example of a CDATA section, in which "<code><greeting></code>"
+and "<code></greeting></code>" are recognized as <a title="Character Data"
+href="#dt-chardata">character data</a>, not <a title="Markup" href="#dt-markup">markup</a>:</p> <table
+class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><![CDATA[<greeting>Hello, world!</greeting>]]> </pre></td>
+</tr>
+</table> </div> <div class="div2"> <h3><a name="sec-prolog-dtd"></a>2.8 Prolog
+and Document Type Declaration</h3> <p>[<a title="XML Declaration" name="dt-xmldecl">Definition</a>:
+XML documents should begin with an <b>XML declaration</b> which specifies
+the version of XML being used.] For example, the following is a complete XML
+document, <a title="Well-Formed" href="#dt-wellformed">well-formed</a> but
+not <a title="Validity" href="#dt-valid">valid</a>:</p> <table class="eg"
+width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><?xml version="1.0"?> <greeting>Hello, world!</greeting> </pre></td>
+</tr>
+</table> <p>and so is this:</p> <table class="eg" width="100%" border="1"
+cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><greeting>Hello, world!</greeting></pre></td>
+</tr>
+</table> <p>The version number "<code>1.0</code>" should be used to indicate
+conformance to this version of this specification; it is an error for a document
+to use the value "<code>1.0</code>" if it does not conform to this version
+of this specification. It is the intent of the XML working group to give later
+versions of this specification numbers other than "<code>1.0</code>", but
+this intent does not indicate a commitment to produce any future versions
+of XML, nor if any are produced, to use any particular numbering scheme. Since
+future versions are not ruled out, this construct is provided as a means to
+allow the possibility of automatic version recognition, should it become necessary.
+Processors may signal an error if they receive documents labeled with versions
+they do not support.</p> <p>The function of the markup in an XML document
+is to describe its storage and logical structure and to associate attribute-value
+pairs with its logical structures. XML provides a mechanism, the <a title="Document Type Declaration"
+href="#dt-doctype">document type declaration</a>, to define constraints on
+the logical structure and to support the use of predefined storage units.
+[<a title="Validity" name="dt-valid">Definition</a>: An XML document is <b>valid</b>
+if it has an associated document type declaration and if the document complies
+with the constraints expressed in it.]</p> <p>The document type declaration
+must appear before the first <a title="Element" href="#dt-element">element</a>
+in the document.</p> <h5>Prolog</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-prolog"></a>[22] </td>
+<td><code>prolog</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-XMLDecl">XMLDecl</a>? <a href="#NT-Misc">Misc</a>*
+(<a href="#NT-doctypedecl">doctypedecl</a> <a href="#NT-Misc">Misc</a>*)?</code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-XMLDecl"></a>[23] </td>
+<td><code>XMLDecl</code></td>
+<td> ::= </td>
+<td><code>'<?xml' <a href="#NT-VersionInfo">VersionInfo</a> <a href="#NT-EncodingDecl">EncodingDecl</a>? <a
+href="#NT-SDDecl">SDDecl</a>? <a href="#NT-S">S</a>? '?>'</code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-VersionInfo"></a>[24] </td>
+<td><code>VersionInfo</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-S">S</a> 'version' <a href="#NT-Eq">Eq</a> ("'" <a
+href="#NT-VersionNum">VersionNum</a> "'" | '"' <a href="#NT-VersionNum">VersionNum</a>
+'"')<i>/* */</i></code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-Eq"></a>[25] </td>
+<td><code>Eq</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-S">S</a>? '=' <a href="#NT-S">S</a>?</code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-VersionNum"></a>[26] </td>
+<td><code>VersionNum</code></td>
+<td> ::= </td>
+<td><code>([a-zA-Z0-9_.:] | '-')+</code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-Misc"></a>[27] </td>
+<td><code>Misc</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-Comment">Comment</a> | <a href="#NT-PI">PI</a> | <a
+href="#NT-S">S</a></code></td>
+</tr>
+</tbody></table> <p>[<a title="Document Type Declaration" name="dt-doctype">Definition</a>:
+The XML <b>document type declaration</b> contains or points to <a title="markup declaration"
+href="#dt-markupdecl">markup declarations</a> that provide a grammar for a
+class of documents. This grammar is known as a document type definition, or <b>DTD</b>.
+The document type declaration can point to an external subset (a special kind
+of <a title="External Entity" href="#dt-extent">external entity</a>) containing
+markup declarations, or can contain the markup declarations directly in an
+internal subset, or can do both. The DTD for a document consists of both subsets
+taken together.]</p> <p>[<a title="markup declaration" name="dt-markupdecl">Definition</a>:
+ A <b>markup declaration</b> is an <a title="Element Type declaration" href="#dt-eldecl">element
+type declaration</a>, an <a title="Attribute-List Declaration" href="#dt-attdecl">attribute-list
+declaration</a>, an <a title="entity declaration" href="#dt-entdecl">entity
+declaration</a>, or a <a title="Notation Declaration" href="#dt-notdecl">notation
+declaration</a>.] These declarations may be contained in whole or in part
+within <a title="Parameter entity" href="#dt-PE">parameter entities</a>, as
+described in the well-formedness and validity constraints below. For further
+information, see <a href="#sec-physical-struct"><b>4 Physical Structures</b></a>.</p> <h5>Document
+Type Definition</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-doctypedecl"></a>[28] </td>
+<td><code>doctypedecl</code></td>
+<td> ::= </td>
+<td><code>'<!DOCTYPE' <a href="#NT-S">S</a> <a href="#NT-Name">Name</a>
+(<a href="#NT-S">S</a> <a href="#NT-ExternalID">ExternalID</a>)? <a href="#NT-S">S</a>?
+('[' (<a href="#NT-markupdecl">markupdecl</a> | <a href="#NT-DeclSep">DeclSep</a>)*
+']' <a href="#NT-S">S</a>?)? '>'</code></td>
+<td><a href="#vc-roottype">[VC: Root Element Type]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#ExtSubset">[WFC: External Subset]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><i>/* */</i></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-DeclSep"></a>[28a] </td>
+<td><code>DeclSep</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-PEReference">PEReference</a> | <a href="#NT-S">S</a></code></td>
+<td><a href="#PE-between-Decls">[WFC: PE Between Declarations]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><i>/* */</i></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-markupdecl"></a>[29] </td>
+<td><code>markupdecl</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-elementdecl">elementdecl</a> | <a href="#NT-AttlistDecl">AttlistDecl</a>
+| <a href="#NT-EntityDecl">EntityDecl</a> | <a href="#NT-NotationDecl">NotationDecl</a>
+| <a href="#NT-PI">PI</a> | <a href="#NT-Comment">Comment</a> </code></td>
+<td><a href="#vc-PEinMarkupDecl">[VC: Proper Declaration/PE Nesting]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#wfc-PEinInternalSubset">[WFC: PEs in Internal Subset]</a></td>
+</tr>
+</tbody></table> <p>Note that it is possible to construct a well-formed document
+containing a <a href="#NT-doctypedecl">doctypedecl</a> that neither points
+to an external subset nor contains an internal subset.</p> <p>The markup declarations
+may be made up in whole or in part of the <a title="Replacement Text" href="#dt-repltext">replacement
+text</a> of <a title="Parameter entity" href="#dt-PE">parameter entities</a>.
+The productions later in this specification for individual nonterminals (<a
+href="#NT-elementdecl">elementdecl</a>, <a href="#NT-AttlistDecl">AttlistDecl</a>,
+and so on) describe the declarations <em>after</em> all the parameter entities
+have been <a title="Include" href="#dt-include">included</a>.</p> <p>Parameter
+entity references are recognized anywhere in the DTD (internal and external
+subsets and external parameter entities), except in literals, processing instructions,
+comments, and the contents of ignored conditional sections (see <a href="#sec-condition-sect"><b>3.4
+Conditional Sections</b></a>). They are also recognized in entity value literals.
+The use of parameter entities in the internal subset is restricted as described
+below.</p> <div class="constraint"><p class="prefix"><a name="vc-roottype"></a><b>Validity
+constraint: Root Element Type</b></p><p>The <a href="#NT-Name">Name</a> in
+the document type declaration must match the element type of the <a title="Root Element"
+href="#dt-root">root element</a>.</p> </div> <div class="constraint"><p class="prefix"><a
+name="vc-PEinMarkupDecl"></a><b>Validity constraint: Proper Declaration/PE
+Nesting</b></p> <p>Parameter-entity <a title="Replacement Text" href="#dt-repltext">replacement
+text</a> must be properly nested with markup declarations. That is to say,
+if either the first character or the last character of a markup declaration
+(<a href="#NT-markupdecl">markupdecl</a> above) is contained in the replacement
+text for a <a title="Parameter-entity reference" href="#dt-PERef">parameter-entity
+reference</a>, both must be contained in the same replacement text.</p> </div> <div
+class="constraint"><p class="prefix"><a name="wfc-PEinInternalSubset"></a><b>Well-formedness
+constraint: PEs in Internal Subset</b></p><p>In the internal DTD subset, <a
+title="Parameter-entity reference" href="#dt-PERef">parameter-entity references</a>
+can occur only where markup declarations can occur, not within markup declarations.
+(This does not apply to references that occur in external parameter entities
+or to the external subset.)</p> </div> <div class="constraint"><p class="prefix"><a
+name="ExtSubset"></a><b>Well-formedness constraint: External Subset</b></p><p>The
+external subset, if any, must match the production for <a href="#NT-extSubset">extSubset</a>.</p> </div> <div
+class="constraint"><p class="prefix"><a name="PE-between-Decls"></a><b>Well-formedness
+constraint: PE Between Declarations</b></p><p>The replacement text of a parameter
+entity reference in a <a href="#NT-DeclSep">DeclSep</a> must match the production <a
+href="#NT-extSubsetDecl">extSubsetDecl</a>.</p> </div> <p>Like the internal
+subset, the external subset and any external parameter entities referenced
+in a <a href="#NT-DeclSep">DeclSep</a> must consist of a series of complete
+markup declarations of the types allowed by the non-terminal symbol <a href="#NT-markupdecl">markupdecl</a>,
+interspersed with white space or <a title="Parameter-entity reference" href="#dt-PERef">parameter-entity
+references</a>. However, portions of the contents of the external subset or
+of these external parameter entities may conditionally be ignored by using
+the <a title="conditional section" href="#dt-cond-section">conditional section</a>
+construct; this is not allowed in the internal subset.</p> <h5>External Subset</h5><table
+class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-extSubset"></a>[30] </td>
+<td><code>extSubset</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-TextDecl">TextDecl</a>? <a href="#NT-extSubsetDecl">extSubsetDecl</a></code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-extSubsetDecl"></a>[31] </td>
+<td><code>extSubsetDecl</code></td>
+<td> ::= </td>
+<td><code>( <a href="#NT-markupdecl">markupdecl</a> | <a href="#NT-conditionalSect">conditionalSect</a>
+| <a href="#NT-DeclSep">DeclSep</a>)*</code></td>
+<td><i>/* */</i></td>
+</tr>
+</tbody></table> <p>The external subset and external parameter entities also
+differ from the internal subset in that in them, <a title="Parameter-entity reference"
+href="#dt-PERef">parameter-entity references</a> are permitted <em>within</em>
+markup declarations, not only <em>between</em> markup declarations.</p> <p>An
+example of an XML document with a document type declaration:</p> <table class="eg"
+width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><?xml version="1.0"?> <!DOCTYPE greeting SYSTEM "hello.dtd"> <greeting>Hello, world!</greeting> </pre></td>
+</tr>
+</table> <p>The <a title="System Identifier" href="#dt-sysid">system identifier</a>
+"<code>hello.dtd</code>" gives the address (a URI reference) of a DTD for
+the document.</p> <p>The declarations can also be given locally, as in this
+example:</p> <table class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><?xml version="1.0" encoding="UTF-8" ?>
+<!DOCTYPE greeting [
+ <!ELEMENT greeting (#PCDATA)>
+]>
+<greeting>Hello, world!</greeting></pre></td>
+</tr>
+</table> <p>If both the external and internal subsets are used, the internal
+subset is considered to occur before the external subset. This has the effect
+that entity and attribute-list declarations in the internal subset take precedence
+over those in the external subset.</p> </div> <div class="div2"> <h3><a name="sec-rmd"></a>2.9
+Standalone Document Declaration</h3> <p>Markup declarations can affect the
+content of the document, as passed from an <a title="XML Processor" href="#dt-xml-proc">XML
+processor</a> to an application; examples are attribute defaults and entity
+declarations. The standalone document declaration, which may appear as a component
+of the XML declaration, signals whether or not there are such declarations
+which appear external to the <a title="Document Entity" href="#dt-docent">document
+entity</a> or in parameter entities. [<a title="External Markup Declaration"
+name="dt-extmkpdecl">Definition</a>: An <b>external markup declaration</b>
+is defined as a markup declaration occurring in the external subset or in
+a parameter entity (external or internal, the latter being included because
+non-validating processors are not required to read them).]</p> <h5>Standalone
+Document Declaration</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-SDDecl"></a>[32] </td>
+<td><code>SDDecl</code></td>
+<td> ::= </td>
+<td><code> <a href="#NT-S">S</a> 'standalone' <a href="#NT-Eq">Eq</a> (("'"
+('yes' | 'no') "'") | ('"' ('yes' | 'no') '"')) </code></td>
+<td><a href="#vc-check-rmd">[VC: Standalone Document Declaration]</a></td>
+</tr>
+</tbody></table> <p>In a standalone document declaration, the value "yes"
+indicates that there are no <a title="External Markup Declaration" href="#dt-extmkpdecl">external
+markup declarations</a> which affect the information passed from the XML processor
+to the application. The value "no" indicates that there are or may be such
+external markup declarations. Note that the standalone document declaration
+only denotes the presence of external <em>declarations</em>; the presence,
+in a document, of references to external <em>entities</em>, when those entities
+are internally declared, does not change its standalone status.</p> <p>If
+there are no external markup declarations, the standalone document declaration
+has no meaning. If there are external markup declarations but there is no
+standalone document declaration, the value "no" is assumed.</p> <p>Any XML
+document for which <code>standalone="no"</code> holds can be converted algorithmically
+to a standalone document, which may be desirable for some network delivery
+applications.</p> <div class="constraint"><p class="prefix"><a name="vc-check-rmd"></a><b>Validity
+constraint: Standalone Document Declaration</b></p><p>The standalone document
+declaration must have the value "no" if any external markup declarations contain
+declarations of:</p> <ul>
+<li><p>attributes with <a title="Attribute Default" href="#dt-default">default</a>
+values, if elements to which these attributes apply appear in the document
+without specifications of values for these attributes, or</p></li>
+<li><p>entities (other than <code>amp</code>, <code>lt</code>, <code>gt</code>, <code>apos</code>, <code>quot</code>),
+if <a title="Entity Reference" href="#dt-entref">references</a> to those entities
+appear in the document, or</p></li>
+<li><p>attributes with values subject to <a href="#AVNormalize"><cite>normalization</cite></a>,
+where the attribute appears in the document with a value which will change
+as a result of normalization, or</p></li>
+<li><p>element types with <a title="Element content" href="#dt-elemcontent">element
+content</a>, if white space occurs directly within any instance of those types.</p></li>
+</ul> </div> <p>An example XML declaration with a standalone document declaration:</p> <table
+class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><?xml version="1.0" standalone='yes'?></pre></td>
+</tr>
+</table> </div> <div class="div2"> <h3><a name="sec-white-space"></a>2.10
+White Space Handling</h3> <p>In editing XML documents, it is often convenient
+to use "white space" (spaces, tabs, and blank lines) to set apart the markup
+for greater readability. Such white space is typically not intended for inclusion
+in the delivered version of the document. On the other hand, "significant"
+white space that should be preserved in the delivered version is common, for
+example in poetry and source code.</p> <p>An <a title="XML Processor" href="#dt-xml-proc">XML
+processor</a> must always pass all characters in a document that are not markup
+through to the application. A <a title="Validating Processor" href="#dt-validating">
+validating XML processor</a> must also inform the application which of these
+characters constitute white space appearing in <a title="Element content"
+href="#dt-elemcontent">element content</a>.</p> <p>A special <a title="Attribute"
+href="#dt-attr">attribute</a> named <code>xml:space</code> may be attached
+to an element to signal an intention that in that element, white space should
+be preserved by applications. In valid documents, this attribute, like any
+other, must be <a title="Attribute-List Declaration" href="#dt-attdecl">declared</a>
+if it is used. When declared, it must be given as an <a title="Enumerated Attribute Values"
+href="#dt-enumerated">enumerated type</a> whose values are one or both of
+"default" and "preserve". For example:</p> <table class="eg" width="100%"
+border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><!ATTLIST poem xml:space (default|preserve) 'preserve'>
+
+<!-- -->
+<!ATTLIST pre xml:space (preserve) #FIXED 'preserve'></pre></td>
+</tr>
+</table> <p>The value "default" signals that applications' default white-space
+processing modes are acceptable for this element; the value "preserve" indicates
+the intent that applications preserve all the white space. This declared intent
+is considered to apply to all elements within the content of the element where
+it is specified, unless overriden with another instance of the <code>xml:space</code>
+attribute.</p> <p>The <a title="Root Element" href="#dt-root">root element</a>
+of any document is considered to have signaled no intentions as regards application
+space handling, unless it provides a value for this attribute or the attribute
+is declared with a default value.</p> </div> <div class="div2"> <h3><a name="sec-line-ends"></a>2.11
+End-of-Line Handling</h3> <p>XML <a title="Text Entity" href="#dt-parsedent">parsed
+entities</a> are often stored in computer files which, for editing convenience,
+are organized into lines. These lines are typically separated by some combination
+of the characters carriage-return (#xD) and line-feed (#xA).</p> <p>To simplify
+the tasks of <a title="Application" href="#dt-app">applications</a>, the characters
+passed to an application by the <a title="XML Processor" href="#dt-xml-proc">XML
+processor</a> must be as if the XML processor normalized all line breaks in
+external parsed entities (including the document entity) on input, before
+parsing, by translating both the two-character sequence #xD #xA and any #xD
+that is not followed by #xA to a single #xA character.</p> </div> <div class="div2"> <h3><a
+name="sec-lang-tag"></a>2.12 Language Identification</h3> <p>In document processing,
+it is often useful to identify the natural or formal language in which the
+content is written. A special <a title="Attribute" href="#dt-attr">attribute</a>
+named <code>xml:lang</code> may be inserted in documents to specify the language
+used in the contents and attribute values of any element in an XML document.
+In valid documents, this attribute, like any other, must be <a title="Attribute-List Declaration"
+href="#dt-attdecl">declared</a> if it is used. The values of the attribute
+are language identifiers as defined by <a href="#RFC1766">[IETF RFC 1766]</a>, <cite>Tags
+for the Identification of Languages</cite>, or its successor on the IETF Standards
+Track.</p> <div class="note"><p class="prefix"><b>Note:</b></p> <p><a href="#RFC1766">[IETF
+RFC 1766]</a> tags are constructed from two-letter language codes as defined
+by <a href="#ISO639">[ISO 639]</a>, from two-letter country codes as defined
+by <a href="#ISO3166">[ISO 3166]</a>, or from language identifiers registered
+with the Internet Assigned Numbers Authority <a href="#IANA-LANGCODES">[IANA-LANGCODES]</a>.
+It is expected that the successor to <a href="#RFC1766">[IETF RFC 1766]</a>
+will introduce three-letter language codes for languages not presently covered
+by <a href="#ISO639">[ISO 639]</a>.</p> </div> <p>(Productions 33 through
+38 have been removed.)</p> <p>For example:</p> <table class="eg" width="100%"
+border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><p xml:lang="en">The quick brown fox jumps over the lazy dog.</p>
+<p xml:lang="en-GB">What colour is it?</p>
+<p xml:lang="en-US">What color is it?</p>
+<sp who="Faust" desc='leise' xml:lang="de">
+ <l>Habe nun, ach! Philosophie,</l>
+ <l>Juristerei, und Medizin</l>
+ <l>und leider auch Theologie</l>
+ <l>durchaus studiert mit heißem Bemüh'n.</l>
+</sp></pre></td>
+</tr>
+</table> <p>The intent declared with <code>xml:lang</code> is considered
+to apply to all attributes and content of the element where it is specified,
+unless overridden with an instance of <code>xml:lang</code> on another element
+within that content.</p> <p>A simple declaration for <code>xml:lang</code>
+might take the form</p> <table class="eg" width="100%" border="1" cellpadding="5"
+bgcolor="#99ffff">
+<tr>
+<td><pre>xml:lang NMTOKEN #IMPLIED</pre></td>
+</tr>
+</table> <p>but specific default values may also be given, if appropriate.
+In a collection of French poems for English students, with glosses and notes
+in English, the <code>xml:lang</code> attribute might be declared this way:</p> <table
+class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><!ATTLIST poem xml:lang NMTOKEN 'fr'>
+<!ATTLIST gloss xml:lang NMTOKEN 'en'>
+<!ATTLIST note xml:lang NMTOKEN 'en'></pre></td>
+</tr>
+</table> </div> </div> <div class="div1"> <h2><a name="sec-logical-struct"></a>3
+Logical Structures</h2> <p>[<a title="Element" name="dt-element">Definition</a>:
+Each <a title="XML Document" href="#dt-xml-doc">XML document</a> contains
+one or more <b>elements</b>, the boundaries of which are either delimited
+by <a title="Start-Tag" href="#dt-stag">start-tags</a> and <a title="End Tag"
+href="#dt-etag">end-tags</a>, or, for <a title="Empty" href="#dt-empty">empty</a>
+elements, by an <a title="empty-element tag" href="#dt-eetag">empty-element
+tag</a>. Each element has a type, identified by name, sometimes called its
+"generic identifier" (GI), and may have a set of attribute specifications.]
+Each attribute specification has a <a title="Attribute Name" href="#dt-attrname">name</a>
+and a <a title="Attribute Value" href="#dt-attrval">value</a>.</p> <h5>Element</h5><table
+class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-element"></a>[39] </td>
+<td><code>element</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-EmptyElemTag">EmptyElemTag</a></code></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td><code>| <a href="#NT-STag">STag</a> <a href="#NT-content">content</a> <a
+href="#NT-ETag">ETag</a></code></td>
+<td><a href="#GIMatch">[WFC: Element Type Match]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#elementvalid">[VC: Element Valid]</a></td>
+</tr>
+</tbody></table> <p>This specification does not constrain the semantics, use,
+or (beyond syntax) names of the element types and attributes, except that
+names beginning with a match to <code>(('X'|'x')('M'|'m')('L'|'l'))</code>
+are reserved for standardization in this or future versions of this specification.</p> <div
+class="constraint"><p class="prefix"><a name="GIMatch"></a><b>Well-formedness
+constraint: Element Type Match</b></p><p>The <a href="#NT-Name">Name</a> in
+an element's end-tag must match the element type in the start-tag.</p> </div> <div
+class="constraint"><p class="prefix"><a name="elementvalid"></a><b>Validity
+constraint: Element Valid</b></p><p>An element is valid if there is a declaration
+matching <a href="#NT-elementdecl">elementdecl</a> where the <a href="#NT-Name">Name</a>
+matches the element type, and one of the following holds:</p> <ol>
+<li><p>The declaration matches <b>EMPTY</b> and the element has no <a title="Content"
+href="#dt-content">content</a>.</p></li>
+<li><p>The declaration matches <a href="#NT-children">children</a> and the
+sequence of <a title="Parent/Child" href="#dt-parentchild">child elements</a>
+belongs to the language generated by the regular expression in the content
+model, with optional white space (characters matching the nonterminal <a href="#NT-S">S</a>)
+between the start-tag and the first child element, between child elements,
+or between the last child element and the end-tag. Note that a CDATA section
+containing only white space does not match the nonterminal <a href="#NT-S">S</a>,
+and hence cannot appear in these positions.</p></li>
+<li><p>The declaration matches <a href="#NT-Mixed">Mixed</a> and the content
+consists of <a title="Character Data" href="#dt-chardata">character data</a>
+and <a title="Parent/Child" href="#dt-parentchild">child elements</a> whose
+types match names in the content model.</p></li>
+<li><p>The declaration matches <b>ANY</b>, and the types of any <a title="Parent/Child"
+href="#dt-parentchild">child elements</a> have been declared.</p></li>
+</ol> </div> <div class="div2"> <h3><a name="sec-starttags"></a>3.1 Start-Tags,
+End-Tags, and Empty-Element Tags</h3> <p>[<a title="Start-Tag" name="dt-stag">Definition</a>:
+The beginning of every non-empty XML element is marked by a <b>start-tag</b>.]</p> <h5>Start-tag</h5><table
+class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-STag"></a>[40] </td>
+<td><code>STag</code></td>
+<td> ::= </td>
+<td><code>'<' <a href="#NT-Name">Name</a> (<a href="#NT-S">S</a> <a href="#NT-Attribute">Attribute</a>)* <a
+href="#NT-S">S</a>? '>'</code></td>
+<td><a href="#uniqattspec">[WFC: Unique Att Spec]</a></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-Attribute"></a>[41] </td>
+<td><code>Attribute</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-Name">Name</a> <a href="#NT-Eq">Eq</a> <a href="#NT-AttValue">AttValue</a></code></td>
+<td><a href="#ValueType">[VC: Attribute Value Type]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#NoExternalRefs">[WFC: No External Entity References]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#CleanAttrVals">[WFC: No < in Attribute Values]</a></td>
+</tr>
+</tbody></table> <p>The <a href="#NT-Name">Name</a> in the start- and end-tags
+gives the element's <b>type</b>. [<a title="Attribute" name="dt-attr">Definition</a>:
+ The <a href="#NT-Name">Name</a>-<a href="#NT-AttValue">AttValue</a> pairs
+are referred to as the <b>attribute specifications</b> of the element], [<a
+title="Attribute Name" name="dt-attrname">Definition</a>: with the <a href="#NT-Name">Name</a>
+in each pair referred to as the <b>attribute name</b>] and [<a title="Attribute Value"
+name="dt-attrval">Definition</a>: the content of the <a href="#NT-AttValue">AttValue</a>
+(the text between the <code>'</code> or <code>"</code> delimiters) as the <b>attribute
+value</b>.]Note that the order of attribute specifications in a start-tag
+or empty-element tag is not significant.</p> <div class="constraint"><p class="prefix"><a
+name="uniqattspec"></a><b>Well-formedness constraint: Unique Att Spec</b></p><p>No
+attribute name may appear more than once in the same start-tag or empty-element
+tag.</p> </div> <div class="constraint"><p class="prefix"><a name="ValueType"></a><b>Validity
+constraint: Attribute Value Type</b></p><p>The attribute must have been declared;
+the value must be of the type declared for it. (For attribute types, see <a
+href="#attdecls"><b>3.3 Attribute-List Declarations</b></a>.)</p> </div> <div
+class="constraint"><p class="prefix"><a name="NoExternalRefs"></a><b>Well-formedness
+constraint: No External Entity References</b></p><p>Attribute values cannot
+contain direct or indirect entity references to external entities.</p> </div> <div
+class="constraint"><p class="prefix"><a name="CleanAttrVals"></a><b>Well-formedness
+constraint: No <code><</code> in Attribute Values</b></p> <p>The <a title="Replacement Text"
+href="#dt-repltext">replacement text</a> of any entity referred to directly
+or indirectly in an attribute value must not contain a <code><</code>.</p> </div> <p>An
+example of a start-tag:</p> <table class="eg" width="100%" border="1" cellpadding="5"
+bgcolor="#99ffff">
+<tr>
+<td><pre><termdef id="dt-dog" term="dog"></pre></td>
+</tr>
+</table> <p>[<a title="End Tag" name="dt-etag">Definition</a>: The end of
+every element that begins with a start-tag must be marked by an <b>end-tag</b>
+containing a name that echoes the element's type as given in the start-tag:]</p> <h5>End-tag</h5><table
+class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-ETag"></a>[42] </td>
+<td><code>ETag</code></td>
+<td> ::= </td>
+<td><code>'</' <a href="#NT-Name">Name</a> <a href="#NT-S">S</a>? '>'</code></td>
+</tr>
+</tbody></table> <p>An example of an end-tag:</p> <table class="eg" width="100%"
+border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre></termdef></pre></td>
+</tr>
+</table> <p>[<a title="Content" name="dt-content">Definition</a>: The <a title="Text"
+href="#dt-text">text</a> between the start-tag and end-tag is called the element's <b>content</b>:]</p> <h5>Content
+of Elements</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-content"></a>[43] </td>
+<td><code>content</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-CharData">CharData</a>? ((<a href="#NT-element">element</a>
+| <a href="#NT-Reference">Reference</a> | <a href="#NT-CDSect">CDSect</a>
+| <a href="#NT-PI">PI</a> | <a href="#NT-Comment">Comment</a>) <a href="#NT-CharData">CharData</a>?)*</code></td>
+<td><i>/* */</i></td>
+</tr>
+</tbody></table> <p>[<a title="Empty" name="dt-empty">Definition</a>: An element
+with no content is said to be <b>empty</b>.] The representation of an empty
+element is either a start-tag immediately followed by an end-tag, or an empty-element
+tag. [<a title="empty-element tag" name="dt-eetag">Definition</a>: An <b>empty-element
+tag</b> takes a special form:]</p> <h5>Tags for Empty Elements</h5><table
+class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-EmptyElemTag"></a>[44] </td>
+<td><code>EmptyElemTag</code></td>
+<td> ::= </td>
+<td><code>'<' <a href="#NT-Name">Name</a> (<a href="#NT-S">S</a> <a href="#NT-Attribute">Attribute</a>)* <a
+href="#NT-S">S</a>? '/>'</code></td>
+<td><a href="#uniqattspec">[WFC: Unique Att Spec]</a></td>
+</tr>
+</tbody></table> <p>Empty-element tags may be used for any element which has
+no content, whether or not it is declared using the keyword <b>EMPTY</b>. <a
+title="For interoperability" href="#dt-interop">For interoperability</a>,
+the empty-element tag should be used, and should only be used, for elements
+which are declared EMPTY.</p> <p>Examples of empty elements:</p> <table class="eg"
+width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><IMG align="left"
+ src="http://www.w3.org/Icons/WWW/w3c_home" />
+<br></br>
+<br/></pre></td>
+</tr>
+</table> </div> <div class="div2"> <h3><a name="elemdecls"></a>3.2 Element
+Type Declarations</h3> <p>The <a title="Element" href="#dt-element">element</a>
+structure of an <a title="XML Document" href="#dt-xml-doc">XML document</a>
+may, for <a title="Validity" href="#dt-valid">validation</a> purposes, be
+constrained using element type and attribute-list declarations. An element
+type declaration constrains the element's <a title="Content" href="#dt-content">content</a>.</p> <p>Element
+type declarations often constrain which element types can appear as <a title="Parent/Child"
+href="#dt-parentchild">children</a> of the element. At user option, an XML
+processor may issue a warning when a declaration mentions an element type
+for which no declaration is provided, but this is not an error.</p> <p>[<a
+title="Element Type declaration" name="dt-eldecl">Definition</a>: An <b>element
+type declaration</b> takes the form:]</p> <h5>Element Type Declaration</h5><table
+class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-elementdecl"></a>[45] </td>
+<td><code>elementdecl</code></td>
+<td> ::= </td>
+<td><code>'<!ELEMENT' <a href="#NT-S">S</a> <a href="#NT-Name">Name</a> <a
+href="#NT-S">S</a> <a href="#NT-contentspec">contentspec</a> <a href="#NT-S">S</a>?
+'>'</code></td>
+<td><a href="#EDUnique">[VC: Unique Element Type Declaration]</a></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-contentspec"></a>[46] </td>
+<td><code>contentspec</code></td>
+<td> ::= </td>
+<td><code>'EMPTY' | 'ANY' | <a href="#NT-Mixed">Mixed</a> | <a href="#NT-children">children</a> </code></td>
+</tr>
+</tbody></table> <p>where the <a href="#NT-Name">Name</a> gives the element
+type being declared.</p> <div class="constraint"><p class="prefix"><a name="EDUnique"></a><b>Validity
+constraint: Unique Element Type Declaration</b></p><p>No element type may
+be declared more than once.</p> </div> <p>Examples of element type declarations:</p> <table
+class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><!ELEMENT br EMPTY>
+<!ELEMENT p (#PCDATA|emph)* >
+<!ELEMENT %name.para; %content.para; >
+<!ELEMENT container ANY></pre></td>
+</tr>
+</table> <div class="div3"> <h4><a name="sec-element-content"></a>3.2.1 Element
+Content</h4> <p>[<a title="Element content" name="dt-elemcontent">Definition</a>:
+An element <a title="Start-Tag" href="#dt-stag">type</a> has <b>element content</b>
+when elements of that type must contain only <a title="Parent/Child" href="#dt-parentchild">child</a>
+elements (no character data), optionally separated by white space (characters
+matching the nonterminal <a href="#NT-S">S</a>).][<a title="Content model"
+name="dt-content-model">Definition</a>: In this case, the constraint includes
+a <b>content model</b>, a simple grammar governing the allowed types of the
+child elements and the order in which they are allowed to appear.] The grammar
+is built on content particles (<a href="#NT-cp">cp</a>s), which consist of
+names, choice lists of content particles, or sequence lists of content particles:</p> <h5>Element-content
+Models</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-children"></a>[47] </td>
+<td><code>children</code></td>
+<td> ::= </td>
+<td><code>(<a href="#NT-choice">choice</a> | <a href="#NT-seq">seq</a>) ('?'
+| '*' | '+')?</code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-cp"></a>[48] </td>
+<td><code>cp</code></td>
+<td> ::= </td>
+<td><code>(<a href="#NT-Name">Name</a> | <a href="#NT-choice">choice</a> | <a
+href="#NT-seq">seq</a>) ('?' | '*' | '+')?</code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-choice"></a>[49] </td>
+<td><code>choice</code></td>
+<td> ::= </td>
+<td><code>'(' <a href="#NT-S">S</a>? <a href="#NT-cp">cp</a> ( <a href="#NT-S">S</a>?
+'|' <a href="#NT-S">S</a>? <a href="#NT-cp">cp</a> )+ <a href="#NT-S">S</a>?
+')'</code></td>
+<td><i>/* */</i></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><i>/* */</i></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#vc-PEinGroup">[VC: Proper Group/PE Nesting]</a></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-seq"></a>[50] </td>
+<td><code>seq</code></td>
+<td> ::= </td>
+<td><code>'(' <a href="#NT-S">S</a>? <a href="#NT-cp">cp</a> ( <a href="#NT-S">S</a>?
+',' <a href="#NT-S">S</a>? <a href="#NT-cp">cp</a> )* <a href="#NT-S">S</a>?
+')'</code></td>
+<td><i>/* */</i></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#vc-PEinGroup">[VC: Proper Group/PE Nesting]</a></td>
+</tr>
+</tbody></table> <p>where each <a href="#NT-Name">Name</a> is the type of
+an element which may appear as a <a title="Parent/Child" href="#dt-parentchild">child</a>.
+Any content particle in a choice list may appear in the <a title="Element content"
+href="#dt-elemcontent">element content</a> at the location where the choice
+list appears in the grammar; content particles occurring in a sequence list
+must each appear in the <a title="Element content" href="#dt-elemcontent">element
+content</a> in the order given in the list. The optional character following
+a name or list governs whether the element or the content particles in the
+list may occur one or more (<code>+</code>), zero or more (<code>*</code>),
+or zero or one times (<code>?</code>). The absence of such an operator means
+that the element or content particle must appear exactly once. This syntax
+and meaning are identical to those used in the productions in this specification.</p> <p>The
+content of an element matches a content model if and only if it is possible
+to trace out a path through the content model, obeying the sequence, choice,
+and repetition operators and matching each element in the content against
+an element type in the content model. <a title="For Compatibility" href="#dt-compat">For
+compatibility</a>, it is an error if an element in the document can match
+more than one occurrence of an element type in the content model. For more
+information, see <a href="#determinism"><b>E Deterministic Content Models</b></a>.</p>
+ <div class="constraint"><p class="prefix"><a name="vc-PEinGroup"></a><b>Validity
+constraint: Proper Group/PE Nesting</b></p><p>Parameter-entity <a title="Replacement Text"
+href="#dt-repltext">replacement text</a> must be properly nested with parenthesized
+groups. That is to say, if either of the opening or closing parentheses in
+a <a href="#NT-choice">choice</a>, <a href="#NT-seq">seq</a>, or <a href="#NT-Mixed">Mixed</a>
+construct is contained in the replacement text for a <a title="Parameter-entity reference"
+href="#dt-PERef">parameter entity</a>, both must be contained in the same
+replacement text.</p> <p><a title="For interoperability" href="#dt-interop">For
+interoperability</a>, if a parameter-entity reference appears in a <a href="#NT-choice">choice</a>, <a
+href="#NT-seq">seq</a>, or <a href="#NT-Mixed">Mixed</a> construct, its replacement
+text should contain at least one non-blank character, and neither the first
+nor last non-blank character of the replacement text should be a connector
+(<code>|</code> or <code>,</code>).</p> </div> <p>Examples of element-content
+models:</p> <table class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><!ELEMENT spec (front, body, back?)>
+<!ELEMENT div1 (head, (p | list | note)*, div2*)>
+<!ELEMENT dictionary-body (%div.mix; | %dict.mix;)*></pre></td>
+</tr>
+</table> </div> <div class="div3"> <h4><a name="sec-mixed-content"></a>3.2.2
+Mixed Content</h4> <p>[<a title="Mixed Content" name="dt-mixed">Definition</a>:
+An element <a title="Start-Tag" href="#dt-stag">type</a> has <b>mixed content</b>
+when elements of that type may contain character data, optionally interspersed
+with <a title="Parent/Child" href="#dt-parentchild">child</a> elements.] In
+this case, the types of the child elements may be constrained, but not their
+order or their number of occurrences:</p> <h5>Mixed-content Declaration</h5><table
+class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-Mixed"></a>[51] </td>
+<td><code>Mixed</code></td>
+<td> ::= </td>
+<td><code>'(' <a href="#NT-S">S</a>? '#PCDATA' (<a href="#NT-S">S</a>? '|' <a
+href="#NT-S">S</a>? <a href="#NT-Name">Name</a>)* <a href="#NT-S">S</a>? ')*' </code></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td><code>| '(' <a href="#NT-S">S</a>? '#PCDATA' <a href="#NT-S">S</a>? ')' </code></td>
+<td><a href="#vc-PEinGroup">[VC: Proper Group/PE Nesting]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#vc-MixedChildrenUnique">[VC: No Duplicate Types]</a></td>
+</tr>
+</tbody></table> <p>where the <a href="#NT-Name">Name</a>s give the types
+of elements that may appear as children. The keyword <b>#PCDATA</b> derives
+historically from the term "parsed character data."</p> <div class="constraint"><p
+class="prefix"><a name="vc-MixedChildrenUnique"></a><b>Validity constraint:
+No Duplicate Types</b></p><p>The same name must not appear more than once
+in a single mixed-content declaration.</p> </div> <p>Examples of mixed content
+declarations:</p> <table class="eg" width="100%" border="1" cellpadding="5"
+bgcolor="#99ffff">
+<tr>
+<td><pre><!ELEMENT p (#PCDATA|a|ul|b|i|em)*>
+<!ELEMENT p (#PCDATA | %font; | %phrase; | %special; | %form;)* >
+<!ELEMENT b (#PCDATA)></pre></td>
+</tr>
+</table> </div> </div> <div class="div2"> <h3><a name="attdecls"></a>3.3 Attribute-List
+Declarations</h3> <p><a title="Attribute" href="#dt-attr">Attributes</a> are
+used to associate name-value pairs with <a title="Element" href="#dt-element">elements</a>.
+Attribute specifications may appear only within <a title="Start-Tag" href="#dt-stag">start-tags</a>
+and <a title="empty-element tag" href="#dt-eetag">empty-element tags</a>;
+thus, the productions used to recognize them appear in <a href="#sec-starttags"><b>3.1
+Start-Tags, End-Tags, and Empty-Element Tags</b></a>. Attribute-list declarations
+may be used:</p> <ul>
+<li><p>To define the set of attributes pertaining to a given element type.</p> </li>
+<li><p>To establish type constraints for these attributes.</p></li>
+<li><p>To provide <a title="Attribute Default" href="#dt-default">default
+values</a> for attributes.</p></li>
+</ul> <p>[<a title="Attribute-List Declaration" name="dt-attdecl">Definition</a>:
+ <b>Attribute-list declarations</b> specify the name, data type, and default
+value (if any) of each attribute associated with a given element type:]</p> <h5>Attribute-list
+Declaration</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-AttlistDecl"></a>[52] </td>
+<td><code>AttlistDecl</code></td>
+<td> ::= </td>
+<td><code>'<!ATTLIST' <a href="#NT-S">S</a> <a href="#NT-Name">Name</a> <a
+href="#NT-AttDef">AttDef</a>* <a href="#NT-S">S</a>? '>'</code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-AttDef"></a>[53] </td>
+<td><code>AttDef</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-S">S</a> <a href="#NT-Name">Name</a> <a href="#NT-S">S</a> <a
+href="#NT-AttType">AttType</a> <a href="#NT-S">S</a> <a href="#NT-DefaultDecl">DefaultDecl</a></code></td>
+</tr>
+</tbody></table> <p>The <a href="#NT-Name">Name</a> in the <a href="#NT-AttlistDecl">AttlistDecl</a>
+rule is the type of an element. At user option, an XML processor may issue
+a warning if attributes are declared for an element type not itself declared,
+but this is not an error. The <a href="#NT-Name">Name</a> in the <a href="#NT-AttDef">AttDef</a>
+rule is the name of the attribute.</p> <p>When more than one <a href="#NT-AttlistDecl">AttlistDecl</a>
+is provided for a given element type, the contents of all those provided are
+merged. When more than one definition is provided for the same attribute of
+a given element type, the first declaration is binding and later declarations
+are ignored. <a title="For interoperability" href="#dt-interop">For interoperability,</a>
+writers of DTDs may choose to provide at most one attribute-list declaration
+for a given element type, at most one attribute definition for a given attribute
+name in an attribute-list declaration, and at least one attribute definition
+in each attribute-list declaration. For interoperability, an XML processor
+may at user option issue a warning when more than one attribute-list declaration
+is provided for a given element type, or more than one attribute definition
+is provided for a given attribute, but this is not an error.</p> <div class="div3"> <h4><a
+name="sec-attribute-types"></a>3.3.1 Attribute Types</h4> <p>XML attribute
+types are of three kinds: a string type, a set of tokenized types, and enumerated
+types. The string type may take any literal string as a value; the tokenized
+types have varying lexical and semantic constraints. The validity constraints
+noted in the grammar are applied after the attribute value has been normalized
+as described in <a href="#attdecls"><b>3.3 Attribute-List Declarations</b></a>.</p> <h5>Attribute
+Types</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-AttType"></a>[54] </td>
+<td><code>AttType</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-StringType">StringType</a> | <a href="#NT-TokenizedType">TokenizedType</a>
+| <a href="#NT-EnumeratedType">EnumeratedType</a> </code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-StringType"></a>[55] </td>
+<td><code>StringType</code></td>
+<td> ::= </td>
+<td><code>'CDATA'</code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-TokenizedType"></a>[56] </td>
+<td><code>TokenizedType</code></td>
+<td> ::= </td>
+<td><code>'ID'</code></td>
+<td><a href="#id">[VC: ID]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#one-id-per-el">[VC: One ID per Element Type]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#id-default">[VC: ID Attribute Default]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td><code>| 'IDREF'</code></td>
+<td><a href="#idref">[VC: IDREF]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td><code>| 'IDREFS'</code></td>
+<td><a href="#idref">[VC: IDREF]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td><code>| 'ENTITY'</code></td>
+<td><a href="#entname">[VC: Entity Name]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td><code>| 'ENTITIES'</code></td>
+<td><a href="#entname">[VC: Entity Name]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td><code>| 'NMTOKEN'</code></td>
+<td><a href="#nmtok">[VC: Name Token]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td><code>| 'NMTOKENS'</code></td>
+<td><a href="#nmtok">[VC: Name Token]</a></td>
+</tr>
+</tbody></table> <div class="constraint"><p class="prefix"><a name="id"></a><b>Validity
+constraint: ID</b></p><p>Values of type <b>ID</b> must match the <a href="#NT-Name">Name</a>
+production. A name must not appear more than once in an XML document as a
+value of this type; i.e., ID values must uniquely identify the elements which
+bear them.</p> </div> <div class="constraint"><p class="prefix"><a name="one-id-per-el"></a><b>Validity
+constraint: One ID per Element Type</b></p><p>No element type may have more
+than one ID attribute specified.</p> </div> <div class="constraint"><p class="prefix"><a
+name="id-default"></a><b>Validity constraint: ID Attribute Default</b></p><p>An
+ID attribute must have a declared default of <b>#IMPLIED</b> or <b>#REQUIRED</b>.</p> </div> <div
+class="constraint"><p class="prefix"><a name="idref"></a><b>Validity constraint:
+IDREF</b></p><p>Values of type <b>IDREF</b> must match the <a href="#NT-Name">Name</a>
+production, and values of type <b>IDREFS</b> must match <a href="#NT-Names">Names</a>;
+each <a href="#NT-Name">Name</a> must match the value of an ID attribute on
+some element in the XML document; i.e. <b>IDREF</b> values must match the
+value of some ID attribute.</p> </div> <div class="constraint"><p class="prefix"><a
+name="entname"></a><b>Validity constraint: Entity Name</b></p><p>Values of
+type <b>ENTITY</b> must match the <a href="#NT-Name">Name</a> production,
+values of type <b>ENTITIES</b> must match <a href="#NT-Names">Names</a>; each <a
+href="#NT-Name">Name</a> must match the name of an <a title="Unparsed Entity"
+href="#dt-unparsed">unparsed entity</a> declared in the <a title="Document Type Declaration"
+href="#dt-doctype">DTD</a>.</p> </div> <div class="constraint"><p class="prefix"><a
+name="nmtok"></a><b>Validity constraint: Name Token</b></p><p>Values of type <b>NMTOKEN</b>
+must match the <a href="#NT-Nmtoken">Nmtoken</a> production; values of type <b>NMTOKENS</b>
+must match <a title="" href="#NT-Nmtokens">Nmtokens</a>.</p> </div> <p>[<a
+title="Enumerated Attribute Values" name="dt-enumerated">Definition</a>: <b>Enumerated
+attributes</b> can take one of a list of values provided in the declaration].
+There are two kinds of enumerated types:</p> <h5>Enumerated Attribute Types</h5><table
+class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-EnumeratedType"></a>[57] </td>
+<td><code>EnumeratedType</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-NotationType">NotationType</a> | <a href="#NT-Enumeration">Enumeration</a> </code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-NotationType"></a>[58] </td>
+<td><code>NotationType</code></td>
+<td> ::= </td>
+<td><code>'NOTATION' <a href="#NT-S">S</a> '(' <a href="#NT-S">S</a>? <a href="#NT-Name">Name</a>
+(<a href="#NT-S">S</a>? '|' <a href="#NT-S">S</a>? <a href="#NT-Name">Name</a>)* <a
+href="#NT-S">S</a>? ')' </code></td>
+<td><a href="#notatn">[VC: Notation Attributes]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#OneNotationPer">[VC: One Notation Per Element Type]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#NoNotationEmpty">[VC: No Notation on Empty Element]</a></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-Enumeration"></a>[59] </td>
+<td><code>Enumeration</code></td>
+<td> ::= </td>
+<td><code>'(' <a href="#NT-S">S</a>? <a href="#NT-Nmtoken">Nmtoken</a> (<a
+href="#NT-S">S</a>? '|' <a href="#NT-S">S</a>? <a href="#NT-Nmtoken">Nmtoken</a>)* <a
+href="#NT-S">S</a>? ')'</code></td>
+<td><a href="#enum">[VC: Enumeration]</a></td>
+</tr>
+</tbody></table> <p>A <b>NOTATION</b> attribute identifies a <a title="Notation"
+href="#dt-notation">notation</a>, declared in the DTD with associated system
+and/or public identifiers, to be used in interpreting the element to which
+the attribute is attached.</p> <div class="constraint"><p class="prefix"><a
+name="notatn"></a><b>Validity constraint: Notation Attributes</b></p><p>Values
+of this type must match one of the <a href="#Notations"><cite>notation</cite></a>
+names included in the declaration; all notation names in the declaration must
+be declared.</p> </div> <div class="constraint"><p class="prefix"><a name="OneNotationPer"></a><b>Validity
+constraint: One Notation Per Element Type</b></p><p>No element type may have
+more than one <b>NOTATION</b> attribute specified.</p> </div> <div class="constraint"><p
+class="prefix"><a name="NoNotationEmpty"></a><b>Validity constraint: No Notation
+on Empty Element</b></p><p><a title="For Compatibility" href="#dt-compat">For
+compatibility</a>, an attribute of type <b>NOTATION</b> must not be declared
+on an element declared <b>EMPTY</b>.</p> </div> <div class="constraint"><p
+class="prefix"><a name="enum"></a><b>Validity constraint: Enumeration</b></p><p>Values
+of this type must match one of the <a href="#NT-Nmtoken">Nmtoken</a> tokens
+in the declaration.</p> </div> <p><a title="For interoperability" href="#dt-interop">For
+interoperability,</a> the same <a href="#NT-Nmtoken">Nmtoken</a> should not
+occur more than once in the enumerated attribute types of a single element
+type.</p> </div> <div class="div3"> <h4><a name="sec-attr-defaults"></a>3.3.2
+Attribute Defaults</h4> <p>An <a title="Attribute-List Declaration" href="#dt-attdecl">attribute
+declaration</a> provides information on whether the attribute's presence is
+required, and if not, how an XML processor should react if a declared attribute
+is absent in a document.</p> <h5>Attribute Defaults</h5><table class="scrap">
+<tbody>
+<tr valign="baseline">
+<td><a name="NT-DefaultDecl"></a>[60] </td>
+<td><code>DefaultDecl</code></td>
+<td> ::= </td>
+<td><code>'#REQUIRED' | '#IMPLIED' </code></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td><code>| (('#FIXED' S)? <a href="#NT-AttValue">AttValue</a>)</code></td>
+<td><a href="#RequiredAttr">[VC: Required Attribute]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#defattrvalid">[VC: Attribute Default Legal]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#CleanAttrVals">[WFC: No < in Attribute Values]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#FixedAttr">[VC: Fixed Attribute Default]</a></td>
+</tr>
+</tbody></table> <p>In an attribute declaration, <b>#REQUIRED</b> means that
+the attribute must always be provided, <b>#IMPLIED</b> that no default value
+is provided. [<a title="Attribute Default" name="dt-default">Definition</a>:
+If the declaration is neither <b>#REQUIRED</b> nor <b>#IMPLIED</b>, then the <a
+href="#NT-AttValue">AttValue</a> value contains the declared <b>default</b>
+value; the <b>#FIXED</b> keyword states that the attribute must always have
+the default value. If a default value is declared, when an XML processor encounters
+an omitted attribute, it is to behave as though the attribute were present
+with the declared default value.]</p> <div class="constraint"><p class="prefix"><a
+name="RequiredAttr"></a><b>Validity constraint: Required Attribute</b></p><p>If
+the default declaration is the keyword <b>#REQUIRED</b>, then the attribute
+must be specified for all elements of the type in the attribute-list declaration.</p> </div> <div
+class="constraint"><p class="prefix"><a name="defattrvalid"></a><b>Validity
+constraint: Attribute Default Legal</b></p><p>The declared default value must
+meet the lexical constraints of the declared attribute type.</p> </div> <div
+class="constraint"><p class="prefix"><a name="FixedAttr"></a><b>Validity constraint:
+Fixed Attribute Default</b></p><p>If an attribute has a default value declared
+with the <b>#FIXED</b> keyword, instances of that attribute must match the
+default value.</p> </div> <p>Examples of attribute-list declarations:</p> <table
+class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><!ATTLIST termdef
+ id ID #REQUIRED
+ name CDATA #IMPLIED>
+<!ATTLIST list
+ type (bullets|ordered|glossary) "ordered">
+<!ATTLIST form
+ method CDATA #FIXED "POST"></pre></td>
+</tr>
+</table> </div> <div class="div3"> <h4><a name="AVNormalize"></a>3.3.3 Attribute-Value
+Normalization</h4> <p>Before the value of an attribute is passed to the application
+or checked for validity, the XML processor must normalize the attribute value
+by applying the algorithm below, or by using some other method such that the
+value passed to the application is the same as that produced by the algorithm.</p> <ol>
+<li><p>All line breaks must have been normalized on input to #xA as described
+in <a href="#sec-line-ends"><b>2.11 End-of-Line Handling</b></a>, so the rest
+of this algorithm operates on text normalized in this way.</p></li>
+<li><p>Begin with a normalized value consisting of the empty string.</p> </li>
+<li><p>For each character, entity reference, or character reference in the
+unnormalized attribute value, beginning with the first and continuing to the
+last, do the following:</p> <ul>
+<li><p>For a character reference, append the referenced character to the normalized
+value.</p></li>
+<li><p>For an entity reference, recursively apply step 3 of this algorithm
+to the replacement text of the entity.</p></li>
+<li><p>For a white space character (#x20, #xD, #xA, #x9), append a space character
+(#x20) to the normalized value.</p></li>
+<li><p>For another character, append the character to the normalized value.</p> </li>
+</ul> </li>
+</ol> <p>If the attribute type is not CDATA, then the XML processor must further
+process the normalized attribute value by discarding any leading and trailing
+space (#x20) characters, and by replacing sequences of space (#x20) characters
+by a single space (#x20) character.</p> <p>Note that if the unnormalized attribute
+value contains a character reference to a white space character other than
+space (#x20), the normalized value contains the referenced character itself
+(#xD, #xA or #x9). This contrasts with the case where the unnormalized value
+contains a white space character (not a reference), which is replaced with
+a space character (#x20) in the normalized value and also contrasts with the
+case where the unnormalized value contains an entity reference whose replacement
+text contains a white space character; being recursively processed, the white
+space character is replaced with a space character (#x20) in the normalized
+value.</p> <p>All attributes for which no declaration has been read should
+be treated by a non-validating processor as if declared <b>CDATA</b>.</p> <p>Following
+are examples of attribute normalization. Given the following declarations:</p> <table
+class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><!ENTITY d "&#xD;">
+<!ENTITY a "&#xA;">
+<!ENTITY da "&#xD;&#xA;"></pre></td>
+</tr>
+</table> <p>the attribute specifications in the left column below would be
+normalized to the character sequences of the middle column if the attribute <code>a</code>
+is declared <b>NMTOKENS</b> and to those of the right columns if <code>a</code>
+is declared <b>CDATA</b>.</p> <table border="1" frame="border"><thead>
+<tr>
+<th rowspan="1" colspan="1">Attribute specification</th>
+<th rowspan="1" colspan="1">a is NMTOKENS</th>
+<th rowspan="1" colspan="1">a is CDATA</th>
+</tr>
+</thead><tbody>
+<tr>
+<td rowspan="1" colspan="1"><table class="eg" width="100%" border="1" cellpadding="5"
+bgcolor="#99ffff">
+<tr>
+<td><pre>a="
+
+xyz"</pre></td>
+</tr>
+</table></td>
+<td rowspan="1" colspan="1"><code>x y z</code></td>
+<td rowspan="1" colspan="1"><code>#x20 #x20 x y z</code></td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><table class="eg" width="100%" border="1" cellpadding="5"
+bgcolor="#99ffff">
+<tr>
+<td><pre>a="&d;&d;A&a;&a;B&da;"</pre></td>
+</tr>
+</table></td>
+<td rowspan="1" colspan="1"><code>A #x20 B</code></td>
+<td rowspan="1" colspan="1"><code>#x20 #x20 A #x20 #x20 B #x20 #x20</code></td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><table class="eg" width="100%" border="1" cellpadding="5"
+bgcolor="#99ffff">
+<tr>
+<td><pre>a=
+"&#xd;&#xd;A&#xa;&#xa;B&#xd;&#xa;"</pre></td>
+</tr>
+</table></td>
+<td rowspan="1" colspan="1"><code>#xD #xD A #xA #xA B #xD #xA</code></td>
+<td rowspan="1" colspan="1"><code>#xD #xD A #xA #xA B #xD #xD</code></td>
+</tr>
+</tbody></table> <p>Note that the last example is invalid (but well-formed)
+if <code>a</code> is declared to be of type <b>NMTOKENS</b>.</p> </div> </div> <div
+class="div2"> <h3><a name="sec-condition-sect"></a>3.4 Conditional Sections</h3> <p>[<a
+title="conditional section" name="dt-cond-section">Definition</a>: <b>Conditional
+sections</b> are portions of the <a title="Document Type Declaration" href="#dt-doctype">document
+type declaration external subset</a> which are included in, or excluded from,
+the logical structure of the DTD based on the keyword which governs them.]</p> <h5>Conditional
+Section</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-conditionalSect"></a>[61] </td>
+<td><code>conditionalSect</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-includeSect">includeSect</a> | <a href="#NT-ignoreSect">ignoreSect</a> </code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-includeSect"></a>[62] </td>
+<td><code>includeSect</code></td>
+<td> ::= </td>
+<td><code>'<![' S? 'INCLUDE' S? '[' <a href="#NT-extSubsetDecl">extSubsetDecl</a>
+']]>' </code></td>
+<td><i>/* */</i></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#condsec-nesting">[VC: Proper Conditional Section/PE Nesting]</a></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-ignoreSect"></a>[63] </td>
+<td><code>ignoreSect</code></td>
+<td> ::= </td>
+<td><code>'<![' S? 'IGNORE' S? '[' <a href="#NT-ignoreSectContents">ignoreSectContents</a>*
+']]>'</code></td>
+<td><i>/* */</i></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#condsec-nesting">[VC: Proper Conditional Section/PE Nesting]</a></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-ignoreSectContents"></a>[64] </td>
+<td><code>ignoreSectContents</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-Ignore">Ignore</a> ('<![' <a href="#NT-ignoreSectContents">ignoreSectContents</a>
+']]>' <a href="#NT-Ignore">Ignore</a>)*</code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-Ignore"></a>[65] </td>
+<td><code>Ignore</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-Char">Char</a>* - (<a href="#NT-Char">Char</a>* ('<!['
+| ']]>') <a href="#NT-Char">Char</a>*) </code></td>
+</tr>
+</tbody></table> <div class="constraint"><p class="prefix"><a name="condsec-nesting"></a><b>Validity
+constraint: Proper Conditional Section/PE Nesting</b></p><p>If any of the
+"<code><![</code>", "<code>[</code>", or "<code>]]></code>" of a conditional
+section is contained in the replacement text for a parameter-entity reference,
+all of them must be contained in the same replacement text.</p> </div> <p>Like
+the internal and external DTD subsets, a conditional section may contain one
+or more complete declarations, comments, processing instructions, or nested
+conditional sections, intermingled with white space.</p> <p>If the keyword
+of the conditional section is <b>INCLUDE</b>, then the contents of the conditional
+section are part of the DTD. If the keyword of the conditional section is <b>IGNORE</b>,
+then the contents of the conditional section are not logically part of the
+DTD. If a conditional section with a keyword of <b>INCLUDE</b> occurs within
+a larger conditional section with a keyword of <b>IGNORE</b>, both the outer
+and the inner conditional sections are ignored. The contents of an ignored
+conditional section are parsed by ignoring all characters after the "<code>[</code>"
+following the keyword, except conditional section starts "<code><![</code>"
+and ends "<code>]]></code>", until the matching conditional section end
+is found. Parameter entity references are not recognized in this process.</p> <p>If
+the keyword of the conditional section is a parameter-entity reference, the
+parameter entity must be replaced by its content before the processor decides
+whether to include or ignore the conditional section.</p> <p>An example:</p> <table
+class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><!ENTITY % draft 'INCLUDE' >
+<!ENTITY % final 'IGNORE' >
+
+<![%draft;[
+<!ELEMENT book (comments*, title, body, supplements?)>
+]]>
+<![%final;[
+<!ELEMENT book (title, body, supplements?)>
+]]></pre></td>
+</tr>
+</table> </div> </div> <div class="div1"> <h2><a name="sec-physical-struct"></a>4
+Physical Structures</h2> <p>[<a title="Entity" name="dt-entity">Definition</a>:
+An XML document may consist of one or many storage units. These are called <b>entities</b>;
+they all have <b>content</b> and are all (except for the <a title="Document Entity"
+href="#dt-docent">document entity</a> and the <a title="Document Type Declaration"
+href="#dt-doctype">external DTD subset</a>) identified by entity <b>name</b>.]
+Each XML document has one entity called the <a title="Document Entity" href="#dt-docent">document
+entity</a>, which serves as the starting point for the <a title="XML Processor"
+href="#dt-xml-proc">XML processor</a> and may contain the whole document.</p> <p>Entities
+may be either parsed or unparsed. [<a title="Text Entity" name="dt-parsedent">Definition</a>:
+A <b>parsed entity's</b> contents are referred to as its <a title="Replacement Text"
+href="#dt-repltext">replacement text</a>; this <a title="Text" href="#dt-text">text</a>
+is considered an integral part of the document.]</p> <p>[<a title="Unparsed Entity"
+name="dt-unparsed">Definition</a>: An <b>unparsed entity</b> is a resource
+whose contents may or may not be <a title="Text" href="#dt-text">text</a>,
+and if text, may be other than XML. Each unparsed entity has an associated <a
+title="Notation" href="#dt-notation">notation</a>, identified by name. Beyond
+a requirement that an XML processor make the identifiers for the entity and
+notation available to the application, XML places no constraints on the contents
+of unparsed entities.]</p> <p>Parsed entities are invoked by name using entity
+references; unparsed entities by name, given in the value of <b>ENTITY</b>
+or <b>ENTITIES</b> attributes.</p> <p>[<a title="general entity" name="gen-entity">Definition</a>: <b>General
+entities</b> are entities for use within the document content. In this specification,
+general entities are sometimes referred to with the unqualified term <em>entity</em>
+when this leads to no ambiguity.] [<a title="Parameter entity" name="dt-PE">Definition</a>: <b>Parameter
+entities</b> are parsed entities for use within the DTD.] These two types
+of entities use different forms of reference and are recognized in different
+contexts. Furthermore, they occupy different namespaces; a parameter entity
+and a general entity with the same name are two distinct entities.</p> <div
+class="div2"> <h3><a name="sec-references"></a>4.1 Character and Entity References</h3> <p>[<a
+title="Character Reference" name="dt-charref">Definition</a>: A <b>character
+reference</b> refers to a specific character in the ISO/IEC 10646 character
+set, for example one not directly accessible from available input devices.]</p> <h5>Character
+Reference</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-CharRef"></a>[66] </td>
+<td><code>CharRef</code></td>
+<td> ::= </td>
+<td><code>'&#' [0-9]+ ';' </code></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td><code>| '&#x' [0-9a-fA-F]+ ';'</code></td>
+<td><a href="#wf-Legalchar">[WFC: Legal Character]</a></td>
+</tr>
+</tbody></table> <div class="constraint"><p class="prefix"><a name="wf-Legalchar"></a><b>Well-formedness
+constraint: Legal Character</b></p><p>Characters referred to using character
+references must match the production for <a title="" href="#NT-Char">Char</a>.</p> </div> <p>If
+the character reference begins with "<code>&#x</code>", the digits and
+letters up to the terminating <code>;</code> provide a hexadecimal representation
+of the character's code point in ISO/IEC 10646. If it begins just with "<code>&#</code>",
+the digits up to the terminating <code>;</code> provide a decimal representation
+of the character's code point.</p> <p>[<a title="Entity Reference" name="dt-entref">Definition</a>:
+An <b>entity reference</b> refers to the content of a named entity.] [<a title="General Entity Reference"
+name="dt-GERef">Definition</a>: References to parsed general entities use
+ampersand (<code>&</code>) and semicolon (<code>;</code>) as delimiters.]
+[<a title="Parameter-entity reference" name="dt-PERef">Definition</a>: <b>Parameter-entity
+references</b> use percent-sign (<code>%</code>) and semicolon (<code>;</code>)
+as delimiters.]</p> <h5>Entity Reference</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-Reference"></a>[67] </td>
+<td><code>Reference</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-EntityRef">EntityRef</a> | <a href="#NT-CharRef">CharRef</a></code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-EntityRef"></a>[68] </td>
+<td><code>EntityRef</code></td>
+<td> ::= </td>
+<td><code>'&' <a href="#NT-Name">Name</a> ';'</code></td>
+<td><a href="#wf-entdeclared">[WFC: Entity Declared]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#vc-entdeclared">[VC: Entity Declared]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#textent">[WFC: Parsed Entity]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#norecursion">[WFC: No Recursion]</a></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-PEReference"></a>[69] </td>
+<td><code>PEReference</code></td>
+<td> ::= </td>
+<td><code>'%' <a href="#NT-Name">Name</a> ';'</code></td>
+<td><a href="#vc-entdeclared">[VC: Entity Declared]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#norecursion">[WFC: No Recursion]</a></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td></td>
+<td><a href="#indtd">[WFC: In DTD]</a></td>
+</tr>
+</tbody></table> <div class="constraint"><p class="prefix"><a name="wf-entdeclared"></a><b>Well-formedness
+constraint: Entity Declared</b></p><p>In a document without any DTD, a document
+with only an internal DTD subset which contains no parameter entity references,
+or a document with "<code>standalone='yes'</code>", for an entity reference
+that does not occur within the external subset or a parameter entity, the <a
+href="#NT-Name">Name</a> given in the entity reference must <a title="match"
+href="#dt-match">match</a> that in an <a href="#sec-entity-decl"><cite>entity
+declaration</cite></a> that does not occur within the external subset or a
+parameter entity, except that well-formed documents need not declare any of
+the following entities: <code>amp</code>, <code>lt</code>, <code>gt</code>, <code>apos</code>, <code>quot</code>.
+The declaration of a general entity must precede any reference to it which
+appears in a default value in an attribute-list declaration.</p> <p>Note that
+if entities are declared in the external subset or in external parameter entities,
+a non-validating processor is <a href="#include-if-valid"><cite>not obligated
+to</cite></a> read and process their declarations; for such documents, the
+rule that an entity must be declared is a well-formedness constraint only
+if <a href="#sec-rmd"><cite>standalone='yes'</cite></a>.</p> </div> <div class="constraint"><p
+class="prefix"><a name="vc-entdeclared"></a><b>Validity constraint: Entity
+Declared</b></p><p>In a document with an external subset or external parameter
+entities with "<code>standalone='no'</code>", the <a href="#NT-Name">Name</a>
+given in the entity reference must <a title="match" href="#dt-match">match</a>
+that in an <a href="#sec-entity-decl"><cite>entity declaration</cite></a>.
+For interoperability, valid documents should declare the entities <code>amp</code>, <code>lt</code>, <code>gt</code>, <code>apos</code>, <code>quot</code
+>, in the form specified in <a href="#sec-predefined-ent"><b>4.6 Predefined
+Entities</b></a>. The declaration of a parameter entity must precede any reference
+to it. Similarly, the declaration of a general entity must precede any attribute-list
+declaration containing a default value with a direct or indirect reference
+to that general entity.</p> </div> <div class="constraint"><p class="prefix"><a
+name="textent"></a><b>Well-formedness constraint: Parsed Entity</b></p><p>An
+entity reference must not contain the name of an <a title="Unparsed Entity"
+href="#dt-unparsed">unparsed entity</a>. Unparsed entities may be referred
+to only in <a title="Attribute Value" href="#dt-attrval">attribute values</a>
+declared to be of type <b>ENTITY</b> or <b>ENTITIES</b>.</p> </div> <div class="constraint"><p
+class="prefix"><a name="norecursion"></a><b>Well-formedness constraint: No
+Recursion</b></p><p>A parsed entity must not contain a recursive reference
+to itself, either directly or indirectly.</p> </div> <div class="constraint"><p
+class="prefix"><a name="indtd"></a><b>Well-formedness constraint: In DTD</b></p><p>Parameter-entity
+references may only appear in the <a title="Document Type Declaration" href="#dt-doctype">DTD</a>.</p> </div> <p>Examples
+of character and entity references:</p> <table class="eg" width="100%" border="1"
+cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre>Type <key>less-than</key> (&#x3C;) to save options.
+This document was prepared on &docdate; and
+is classified &security-level;.</pre></td>
+</tr>
+</table> <p>Example of a parameter-entity reference:</p> <table class="eg"
+width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><!-- declare the parameter entity "ISOLat2"... -->
+<!ENTITY % ISOLat2
+ SYSTEM "http://www.xml.com/iso/isolat2-xml.entities" >
+<!-- ... now reference it. -->
+%ISOLat2;</pre></td>
+</tr>
+</table> </div> <div class="div2"> <h3><a name="sec-entity-decl"></a>4.2 Entity
+Declarations</h3> <p>[<a title="entity declaration" name="dt-entdecl">Definition</a>:
+ Entities are declared thus:]</p> <h5>Entity Declaration</h5><table class="scrap">
+<tbody>
+<tr valign="baseline">
+<td><a name="NT-EntityDecl"></a>[70] </td>
+<td><code>EntityDecl</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-GEDecl">GEDecl</a> | <a href="#NT-PEDecl">PEDecl</a></code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-GEDecl"></a>[71] </td>
+<td><code>GEDecl</code></td>
+<td> ::= </td>
+<td><code>'<!ENTITY' <a href="#NT-S">S</a> <a href="#NT-Name">Name</a> <a
+href="#NT-S">S</a> <a href="#NT-EntityDef">EntityDef</a> <a href="#NT-S">S</a>?
+'>'</code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-PEDecl"></a>[72] </td>
+<td><code>PEDecl</code></td>
+<td> ::= </td>
+<td><code>'<!ENTITY' <a href="#NT-S">S</a> '%' <a href="#NT-S">S</a> <a
+href="#NT-Name">Name</a> <a href="#NT-S">S</a> <a href="#NT-PEDef">PEDef</a> <a
+href="#NT-S">S</a>? '>'</code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-EntityDef"></a>[73] </td>
+<td><code>EntityDef</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-EntityValue">EntityValue</a> | (<a href="#NT-ExternalID">ExternalID</a> <a
+href="#NT-NDataDecl">NDataDecl</a>?)</code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-PEDef"></a>[74] </td>
+<td><code>PEDef</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-EntityValue">EntityValue</a> | <a href="#NT-ExternalID">ExternalID</a></code></td>
+</tr>
+</tbody></table> <p>The <a href="#NT-Name">Name</a> identifies the entity
+in an <a title="Entity Reference" href="#dt-entref">entity reference</a> or,
+in the case of an unparsed entity, in the value of an <b>ENTITY</b> or <b>ENTITIES</b>
+attribute. If the same entity is declared more than once, the first declaration
+encountered is binding; at user option, an XML processor may issue a warning
+if entities are declared multiple times.</p> <div class="div3"> <h4><a name="sec-internal-ent"></a>4.2.1
+Internal Entities</h4> <p>[<a title="Internal Entity Replacement Text" name="dt-internent">Definition</a>:
+If the entity definition is an <a href="#NT-EntityValue">EntityValue</a>,
+the defined entity is called an <b>internal entity</b>. There is no separate
+physical storage object, and the content of the entity is given in the declaration.]
+Note that some processing of entity and character references in the <a title="Literal Entity Value"
+href="#dt-litentval">literal entity value</a> may be required to produce the
+correct <a title="Replacement Text" href="#dt-repltext">replacement text</a>:
+see <a href="#intern-replacement"><b>4.5 Construction of Internal Entity Replacement
+Text</b></a>.</p> <p>An internal entity is a <a title="Text Entity" href="#dt-parsedent">parsed
+entity</a>.</p> <p>Example of an internal entity declaration:</p> <table class="eg"
+width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><!ENTITY Pub-Status "This is a pre-release of the
+ specification."></pre></td>
+</tr>
+</table> </div> <div class="div3"> <h4><a name="sec-external-ent"></a>4.2.2
+External Entities</h4> <p>[<a title="External Entity" name="dt-extent">Definition</a>:
+If the entity is not internal, it is an <b>external entity</b>, declared as
+follows:]</p> <h5>External Entity Declaration</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-ExternalID"></a>[75] </td>
+<td><code>ExternalID</code></td>
+<td> ::= </td>
+<td><code>'SYSTEM' <a href="#NT-S">S</a> <a href="#NT-SystemLiteral">SystemLiteral</a></code></td>
+</tr>
+<tr valign="baseline">
+<td></td>
+<td></td>
+<td></td>
+<td><code>| 'PUBLIC' <a href="#NT-S">S</a> <a href="#NT-PubidLiteral">PubidLiteral</a> <a
+href="#NT-S">S</a> <a href="#NT-SystemLiteral">SystemLiteral</a> </code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-NDataDecl"></a>[76] </td>
+<td><code>NDataDecl</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-S">S</a> 'NDATA' <a href="#NT-S">S</a> <a href="#NT-Name">Name</a></code></td>
+<td><a href="#not-declared">[VC: Notation Declared]</a></td>
+</tr>
+</tbody></table> <p>If the <a href="#NT-NDataDecl">NDataDecl</a> is present,
+this is a general <a title="Unparsed Entity" href="#dt-unparsed">unparsed
+entity</a>; otherwise it is a parsed entity.</p> <div class="constraint"><p
+class="prefix"><a name="not-declared"></a><b>Validity constraint: Notation
+Declared</b></p><p>The <a href="#NT-Name">Name</a> must match the declared
+name of a <a title="Notation" href="#dt-notation">notation</a>.</p> </div> <p>[<a
+title="System Identifier" name="dt-sysid">Definition</a>: The <a href="#NT-SystemLiteral">SystemLiteral</a>
+is called the entity's <b>system identifier</b>. It is a URI reference (as
+defined in <a href="#rfc2396">[IETF RFC 2396]</a>, updated by <a href="#rfc2732">[IETF
+RFC 2732]</a>), meant to be dereferenced to obtain input for the XML processor
+to construct the entity's replacement text.] It is an error for a fragment
+identifier (beginning with a <code>#</code> character) to be part of a system
+identifier. Unless otherwise provided by information outside the scope of
+this specification (e.g. a special XML element type defined by a particular
+DTD, or a processing instruction defined by a particular application specification),
+relative URIs are relative to the location of the resource within which the
+entity declaration occurs. A URI might thus be relative to the <a title="Document Entity"
+href="#dt-docent">document entity</a>, to the entity containing the <a title="Document Type Declaration"
+href="#dt-doctype">external DTD subset</a>, or to some other <a title="External Entity"
+href="#dt-extent">external parameter entity</a>.</p> <p>URI references require
+encoding and escaping of certain characters. The disallowed characters include
+all non-ASCII characters, plus the excluded characters listed in Section 2.4
+of <a href="#rfc2396">[IETF RFC 2396]</a>, except for the number sign (<code>#</code>)
+and percent sign (<code>%</code>) characters and the square bracket characters
+re-allowed in <a href="#rfc2732">[IETF RFC 2732]</a>. Disallowed characters
+must be escaped as follows:</p> <ol>
+<li><p>Each disallowed character is converted to UTF-8 <a href="#rfc2279">[IETF
+RFC 2279]</a> as one or more bytes.</p></li>
+<li><p>Any octets corresponding to a disallowed character are escaped with
+the URI escaping mechanism (that is, converted to <code>%</code><var>HH</var>,
+where HH is the hexadecimal notation of the byte value).</p></li>
+<li><p>The original character is replaced by the resulting character sequence.</p> </li>
+</ol> <p>[<a title="Public identifier" name="dt-pubid">Definition</a>: In
+addition to a system identifier, an external identifier may include a <b>public
+identifier</b>.] An XML processor attempting to retrieve the entity's content
+may use the public identifier to try to generate an alternative URI reference.
+If the processor is unable to do so, it must use the URI reference specified
+in the system literal. Before a match is attempted, all strings of white space
+in the public identifier must be normalized to single space characters (#x20),
+and leading and trailing white space must be removed.</p> <p>Examples of external
+entity declarations:</p> <table class="eg" width="100%" border="1" cellpadding="5"
+bgcolor="#99ffff">
+<tr>
+<td><pre><!ENTITY open-hatch
+ SYSTEM "http://www.textuality.com/boilerplate/OpenHatch.xml">
+<!ENTITY open-hatch
+ PUBLIC "-//Textuality//TEXT Standard open-hatch boilerplate//EN"
+ "http://www.textuality.com/boilerplate/OpenHatch.xml">
+<!ENTITY hatch-pic
+ SYSTEM "../grafix/OpenHatch.gif"
+ NDATA gif ></pre></td>
+</tr>
+</table> </div> </div> <div class="div2"> <h3><a name="TextEntities"></a>4.3
+Parsed Entities</h3> <div class="div3"> <h4><a name="sec-TextDecl"></a>4.3.1
+The Text Declaration</h4> <p>External parsed entities should each begin with
+a <b>text declaration</b>.</p> <h5>Text Declaration</h5><table class="scrap">
+<tbody>
+<tr valign="baseline">
+<td><a name="NT-TextDecl"></a>[77] </td>
+<td><code>TextDecl</code></td>
+<td> ::= </td>
+<td><code>'<?xml' <a href="#NT-VersionInfo">VersionInfo</a>? <a href="#NT-EncodingDecl">EncodingDecl</a> <a
+href="#NT-S">S</a>? '?>'</code></td>
+</tr>
+</tbody></table> <p>The text declaration must be provided literally, not by
+reference to a parsed entity. No text declaration may appear at any position
+other than the beginning of an external parsed entity. The text declaration
+in an external parsed entity is not considered part of its <a title="Replacement Text"
+href="#dt-repltext">replacement text</a>.</p> </div> <div class="div3"> <h4><a
+name="wf-entities"></a>4.3.2 Well-Formed Parsed Entities</h4> <p>The document
+entity is well-formed if it matches the production labeled <a href="#NT-document">document</a>.
+An external general parsed entity is well-formed if it matches the production
+labeled <a href="#NT-extParsedEnt">extParsedEnt</a>. All external parameter
+entities are well-formed by definition.</p> <h5>Well-Formed External Parsed
+Entity</h5><table class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-extParsedEnt"></a>[78] </td>
+<td><code>extParsedEnt</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-TextDecl">TextDecl</a>? <a href="#NT-content">content</a></code></td>
+</tr>
+</tbody></table> <p>An internal general parsed entity is well-formed if its
+replacement text matches the production labeled <a href="#NT-content">content</a>.
+All internal parameter entities are well-formed by definition.</p> <p>A consequence
+of well-formedness in entities is that the logical and physical structures
+in an XML document are properly nested; no <a title="Start-Tag" href="#dt-stag">start-tag</a>, <a
+title="End Tag" href="#dt-etag">end-tag</a>, <a title="Empty" href="#dt-empty">empty-element
+tag</a>, <a title="Element" href="#dt-element">element</a>, <a title="Comment"
+href="#dt-comment">comment</a>, <a title="Processing instruction" href="#dt-pi">processing
+instruction</a>, <a title="Character Reference" href="#dt-charref">character
+reference</a>, or <a title="Entity Reference" href="#dt-entref">entity reference</a>
+can begin in one entity and end in another.</p> </div> <div class="div3"> <h4><a
+name="charencoding"></a>4.3.3 Character Encoding in Entities</h4> <p>Each
+external parsed entity in an XML document may use a different encoding for
+its characters. All XML processors must be able to read entities in both the
+UTF-8 and UTF-16 encodings. The terms "UTF-8" and "UTF-16" in this specification
+do not apply to character encodings with any other labels, even if the encodings
+or labels are very similar to UTF-8 or UTF-16.</p> <p>Entities encoded in
+UTF-16 must begin with the Byte Order Mark described by Annex F of <a href="#ISO10646">[ISO/IEC
+10646]</a>, Annex H of <a href="#ISO10646-2000">[ISO/IEC 10646-2000]</a>,
+section 2.4 of <a href="#Unicode">[Unicode]</a>, and section 2.7 of <a href="#Unicode3">[Unicode3]</a>
+(the ZERO WIDTH NO-BREAK SPACE character, #xFEFF). This is an encoding signature,
+not part of either the markup or the character data of the XML document. XML
+processors must be able to use this character to differentiate between UTF-8
+and UTF-16 encoded documents.</p> <p>Although an XML processor is required
+to read only entities in the UTF-8 and UTF-16 encodings, it is recognized
+that other encodings are used around the world, and it may be desired for
+XML processors to read entities that use them. In the absence of external
+character encoding information (such as MIME headers), parsed entities which
+are stored in an encoding other than UTF-8 or UTF-16 must begin with a text
+declaration (see <a href="#sec-TextDecl"><b>4.3.1 The Text Declaration</b></a>)
+containing an encoding declaration:</p> <h5>Encoding Declaration</h5><table
+class="scrap"><tbody>
+<tr valign="baseline">
+<td><a name="NT-EncodingDecl"></a>[80] </td>
+<td><code>EncodingDecl</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-S">S</a> 'encoding' <a href="#NT-Eq">Eq</a> ('"' <a
+href="#NT-EncName">EncName</a> '"' | "'" <a href="#NT-EncName">EncName</a>
+"'" ) </code></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-EncName"></a>[81] </td>
+<td><code>EncName</code></td>
+<td> ::= </td>
+<td><code>[A-Za-z] ([A-Za-z0-9._] | '-')*</code></td>
+<td><i>/* Encoding name contains only Latin characters */</i></td>
+</tr>
+</tbody></table> <p>In the <a title="Document Entity" href="#dt-docent">document
+entity</a>, the encoding declaration is part of the <a title="XML Declaration"
+href="#dt-xmldecl">XML declaration</a>. The <a href="#NT-EncName">EncName</a>
+is the name of the encoding used.</p> <p>In an encoding declaration, the
+values "<code>UTF-8</code>", "<code>UTF-16</code>", "<code>ISO-10646-UCS-2</code>",
+and "<code>ISO-10646-UCS-4</code>" should be used for the various encodings
+and transformations of Unicode / ISO/IEC 10646, the values "<code>ISO-8859-1</code>",
+"<code>ISO-8859-2</code>", ... "<code>ISO-8859-</code><var>n</var>" (where <var>n</var>
+is the part number) should be used for the parts of ISO 8859, and the values
+"<code>ISO-2022-JP</code>", "<code>Shift_JIS</code>", and "<code>EUC-JP</code>"
+should be used for the various encoded forms of JIS X-0208-1997. It is recommended
+that character encodings registered (as <em>charset</em>s) with the Internet
+Assigned Numbers Authority <a href="#IANA">[IANA-CHARSETS]</a>, other than
+those just listed, be referred to using their registered names; other encodings
+should use names starting with an "x-" prefix. XML processors should match
+character encoding names in a case-insensitive way and should either interpret
+an IANA-registered name as the encoding registered at IANA for that name or
+treat it as unknown (processors are, of course, not required to support all
+IANA-registered encodings).</p> <p>In the absence of information provided
+by an external transport protocol (e.g. HTTP or MIME), it is an <a title="Error"
+href="#dt-error">error</a> for an entity including an encoding declaration
+to be presented to the XML processor in an encoding other than that named
+in the declaration, or for an entity which begins with neither a Byte Order
+Mark nor an encoding declaration to use an encoding other than UTF-8. Note
+that since ASCII is a subset of UTF-8, ordinary ASCII entities do not strictly
+need an encoding declaration.</p> <p>It is a fatal error for a <a href="#NT-TextDecl">TextDecl</a>
+to occur other than at the beginning of an external entity.</p> <p>It is a <a
+title="Fatal Error" href="#dt-fatal">fatal error</a> when an XML processor
+encounters an entity with an encoding that it is unable to process. It is
+a fatal error if an XML entity is determined (via default, encoding declaration,
+or higher-level protocol) to be in a certain encoding but contains octet sequences
+that are not legal in that encoding. It is also a fatal error if an XML entity
+contains no encoding declaration and its content is not legal UTF-8 or UTF-16.</p> <p>Examples
+of text declarations containing encoding declarations:</p> <table class="eg"
+width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><?xml encoding='UTF-8'?>
+<?xml encoding='EUC-JP'?></pre></td>
+</tr>
+</table> </div> </div> <div class="div2"> <h3><a name="entproc"></a>4.4 XML
+Processor Treatment of Entities and References</h3> <p>The table below summarizes
+the contexts in which character references, entity references, and invocations
+of unparsed entities might appear and the required behavior of an <a title="XML Processor"
+href="#dt-xml-proc">XML processor</a> in each case. The labels in the leftmost
+column describe the recognition context: </p><dl>
+<dt class="label">Reference in Content</dt>
+<dd> <p>as a reference anywhere after the <a title="Start-Tag" href="#dt-stag">start-tag</a>
+and before the <a title="End Tag" href="#dt-etag">end-tag</a> of an element;
+corresponds to the nonterminal <a href="#NT-content">content</a>.</p> </dd>
+<dt class="label">Reference in Attribute Value</dt>
+<dd> <p>as a reference within either the value of an attribute in a <a title="Start-Tag"
+href="#dt-stag">start-tag</a>, or a default value in an <a title="Attribute-List Declaration"
+href="#dt-attdecl">attribute declaration</a>; corresponds to the nonterminal <a
+href="#NT-AttValue">AttValue</a>.</p> </dd>
+<dt class="label">Occurs as Attribute Value</dt>
+<dd> <p>as a <a href="#NT-Name">Name</a>, not a reference, appearing either
+as the value of an attribute which has been declared as type <b>ENTITY</b>,
+or as one of the space-separated tokens in the value of an attribute which
+has been declared as type <b>ENTITIES</b>.</p> </dd>
+<dt class="label">Reference in Entity Value</dt>
+<dd> <p>as a reference within a parameter or internal entity's <a title="Literal Entity Value"
+href="#dt-litentval">literal entity value</a> in the entity's declaration;
+corresponds to the nonterminal <a href="#NT-EntityValue">EntityValue</a>.</p> </dd>
+<dt class="label">Reference in DTD</dt>
+<dd> <p>as a reference within either the internal or external subsets of the <a
+title="Document Type Declaration" href="#dt-doctype">DTD</a>, but outside
+of an <a href="#NT-EntityValue">EntityValue</a>, <a href="#NT-AttValue">AttValue</a>, <a
+href="#NT-PI">PI</a>, <a href="#NT-Comment">Comment</a>, <a href="#NT-SystemLiteral">SystemLiteral</a>, <a
+href="#NT-PubidLiteral">PubidLiteral</a>, or the contents of an ignored conditional
+section (see <a href="#sec-condition-sect"><b>3.4 Conditional Sections</b></a>).</p> <p>.</p> </dd>
+</dl><p></p> <table border="1" frame="border" cellpadding="7"><tbody align="center">
+<tr>
+<td rowspan="2" colspan="1"></td>
+<td rowspan="1" colspan="4" align="center" valign="bottom">Entity Type</td>
+<td rowspan="2" colspan="1" align="center">Character</td>
+</tr>
+<tr align="center" valign="bottom">
+<td rowspan="1" colspan="1">Parameter</td>
+<td rowspan="1" colspan="1">Internal General</td>
+<td rowspan="1" colspan="1">External Parsed General</td>
+<td rowspan="1" colspan="1">Unparsed</td>
+</tr>
+<tr align="center" valign="middle">
+<td rowspan="1" colspan="1" align="right">Reference in Content</td>
+<td rowspan="1" colspan="1"><a href="#not-recognized"><cite>Not recognized</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#included"><cite>Included</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#include-if-valid"><cite>Included if
+validating</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#forbidden"><cite>Forbidden</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#included"><cite>Included</cite></a></td>
+</tr>
+<tr align="center" valign="middle">
+<td rowspan="1" colspan="1" align="right">Reference in Attribute Value</td>
+<td rowspan="1" colspan="1"><a href="#not-recognized"><cite>Not recognized</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#inliteral"><cite>Included in literal</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#forbidden"><cite>Forbidden</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#forbidden"><cite>Forbidden</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#included"><cite>Included</cite></a></td>
+</tr>
+<tr align="center" valign="middle">
+<td rowspan="1" colspan="1" align="right">Occurs as Attribute Value</td>
+<td rowspan="1" colspan="1"><a href="#not-recognized"><cite>Not recognized</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#forbidden"><cite>Forbidden</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#forbidden"><cite>Forbidden</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#notify"><cite>Notify</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#not-recognized"><cite>Not recognized</cite></a></td>
+</tr>
+<tr align="center" valign="middle">
+<td rowspan="1" colspan="1" align="right">Reference in EntityValue</td>
+<td rowspan="1" colspan="1"><a href="#inliteral"><cite>Included in literal</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#bypass"><cite>Bypassed</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#bypass"><cite>Bypassed</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#forbidden"><cite>Forbidden</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#included"><cite>Included</cite></a></td>
+</tr>
+<tr align="center" valign="middle">
+<td rowspan="1" colspan="1" align="right">Reference in DTD</td>
+<td rowspan="1" colspan="1"><a href="#as-PE"><cite>Included as PE</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#forbidden"><cite>Forbidden</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#forbidden"><cite>Forbidden</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#forbidden"><cite>Forbidden</cite></a></td>
+<td rowspan="1" colspan="1"><a href="#forbidden"><cite>Forbidden</cite></a></td>
+</tr>
+</tbody></table> <div class="div3"> <h4><a name="not-recognized"></a>4.4.1
+Not Recognized</h4> <p>Outside the DTD, the <code>%</code> character has no
+special significance; thus, what would be parameter entity references in the
+DTD are not recognized as markup in <a href="#NT-content">content</a>. Similarly,
+the names of unparsed entities are not recognized except when they appear
+in the value of an appropriately declared attribute.</p> </div> <div class="div3"> <h4><a
+name="included"></a>4.4.2 Included</h4> <p>[<a title="Include" name="dt-include">Definition</a>:
+An entity is <b>included</b> when its <a title="Replacement Text" href="#dt-repltext">replacement
+text</a> is retrieved and processed, in place of the reference itself, as
+though it were part of the document at the location the reference was recognized.]
+The replacement text may contain both <a title="Character Data" href="#dt-chardata">character
+data</a> and (except for parameter entities) <a title="Markup" href="#dt-markup">markup</a>,
+which must be recognized in the usual way. (The string "<code>AT&amp;T;</code>"
+expands to "<code>AT&T;</code>" and the remaining ampersand is not recognized
+as an entity-reference delimiter.) A character reference is <b>included</b>
+when the indicated character is processed in place of the reference itself. </p> </div> <div
+class="div3"> <h4><a name="include-if-valid"></a>4.4.3 Included If Validating</h4> <p>When
+an XML processor recognizes a reference to a parsed entity, in order to <a
+title="Validity" href="#dt-valid">validate</a> the document, the processor
+must <a title="Include" href="#dt-include">include</a> its replacement text.
+If the entity is external, and the processor is not attempting to validate
+the XML document, the processor <a title="May" href="#dt-may">may</a>, but
+need not, include the entity's replacement text. If a non-validating processor
+does not include the replacement text, it must inform the application that
+it recognized, but did not read, the entity.</p> <p>This rule is based on
+the recognition that the automatic inclusion provided by the SGML and XML
+entity mechanism, primarily designed to support modularity in authoring, is
+not necessarily appropriate for other applications, in particular document
+browsing. Browsers, for example, when encountering an external parsed entity
+reference, might choose to provide a visual indication of the entity's presence
+and retrieve it for display only on demand.</p> </div> <div class="div3"> <h4><a
+name="forbidden"></a>4.4.4 Forbidden</h4> <p>The following are forbidden,
+and constitute <a title="Fatal Error" href="#dt-fatal">fatal</a> errors:</p> <ul>
+<li><p>the appearance of a reference to an <a title="Unparsed Entity" href="#dt-unparsed">unparsed
+entity</a>.</p></li>
+<li><p>the appearance of any character or general-entity reference in the
+DTD except within an <a href="#NT-EntityValue">EntityValue</a> or <a href="#NT-AttValue">AttValue</a>.</p> </li>
+<li><p>a reference to an external entity in an attribute value.</p></li>
+</ul> </div> <div class="div3"> <h4><a name="inliteral"></a>4.4.5 Included
+in Literal</h4> <p>When an <a title="Entity Reference" href="#dt-entref">entity
+reference</a> appears in an attribute value, or a parameter entity reference
+appears in a literal entity value, its <a title="Replacement Text" href="#dt-repltext">replacement
+text</a> is processed in place of the reference itself as though it were part
+of the document at the location the reference was recognized, except that
+a single or double quote character in the replacement text is always treated
+as a normal data character and will not terminate the literal. For example,
+this is well-formed:</p> <table class="eg" width="100%" border="1" cellpadding="5"
+bgcolor="#99ffff">
+<tr>
+<td><pre><!-- -->
+<!ENTITY % YN '"Yes"' >
+<!ENTITY WhatHeSaid "He said %YN;" ></pre></td>
+</tr>
+</table> <p>while this is not:</p> <table class="eg" width="100%" border="1"
+cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><!ENTITY EndAttr "27'" >
+<element attribute='a-&EndAttr;></pre></td>
+</tr>
+</table> </div> <div class="div3"> <h4><a name="notify"></a>4.4.6 Notify</h4> <p>When
+the name of an <a title="Unparsed Entity" href="#dt-unparsed">unparsed entity</a>
+appears as a token in the value of an attribute of declared type <b>ENTITY</b>
+or <b>ENTITIES</b>, a validating processor must inform the application of
+the <a title="System Identifier" href="#dt-sysid">system</a> and <a title="Public identifier"
+href="#dt-pubid">public</a> (if any) identifiers for both the entity and its
+associated <a title="Notation" href="#dt-notation">notation</a>.</p> </div> <div
+class="div3"> <h4><a name="bypass"></a>4.4.7 Bypassed</h4> <p>When a general
+entity reference appears in the <a href="#NT-EntityValue">EntityValue</a>
+in an entity declaration, it is bypassed and left as is.</p> </div> <div class="div3"> <h4><a
+name="as-PE"></a>4.4.8 Included as PE</h4> <p>Just as with external parsed
+entities, parameter entities need only be <a href="#include-if-valid"><cite>included
+if validating</cite></a>. When a parameter-entity reference is recognized
+in the DTD and included, its <a title="Replacement Text" href="#dt-repltext">replacement
+text</a> is enlarged by the attachment of one leading and one following space
+(#x20) character; the intent is to constrain the replacement text of parameter
+entities to contain an integral number of grammatical tokens in the DTD. This
+behavior does not apply to parameter entity references within entity values;
+these are described in <a href="#inliteral"><b>4.4.5 Included in Literal</b></a>.</p> </div> </div> <div
+class="div2"> <h3><a name="intern-replacement"></a>4.5 Construction of Internal
+Entity Replacement Text</h3> <p>In discussing the treatment of internal entities,
+it is useful to distinguish two forms of the entity's value. [<a title="Literal Entity Value"
+name="dt-litentval">Definition</a>: The <b>literal entity value</b> is the
+quoted string actually present in the entity declaration, corresponding to
+the non-terminal <a href="#NT-EntityValue">EntityValue</a>.] [<a title="Replacement Text"
+name="dt-repltext">Definition</a>: The <b>replacement text</b> is the content
+of the entity, after replacement of character references and parameter-entity
+references.]</p> <p>The literal entity value as given in an internal entity
+declaration (<a href="#NT-EntityValue">EntityValue</a>) may contain character,
+parameter-entity, and general-entity references. Such references must be contained
+entirely within the literal entity value. The actual replacement text that
+is <a title="Include" href="#dt-include">included</a> as described above must
+contain the <em>replacement text</em> of any parameter entities referred to,
+and must contain the character referred to, in place of any character references
+in the literal entity value; however, general-entity references must be left
+as-is, unexpanded. For example, given the following declarations:</p> <table
+class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><!ENTITY % pub "&#xc9;ditions Gallimard" >
+<!ENTITY rights "All rights reserved" >
+<!ENTITY book "La Peste: Albert Camus,
+&#xA9; 1947 %pub;. &rights;" ></pre></td>
+</tr>
+</table> <p>then the replacement text for the entity "<code>book</code>" is:</p> <table
+class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre>La Peste: Albert Camus,
+© 1947 Éditions Gallimard. &rights;</pre></td>
+</tr>
+</table> <p>The general-entity reference "<code>&rights;</code>" would
+be expanded should the reference "<code>&book;</code>" appear in the document's
+content or an attribute value.</p> <p>These simple rules may have complex
+interactions; for a detailed discussion of a difficult example, see <a href="#sec-entexpand"><b>D
+Expansion of Entity and Character References</b></a>.</p> </div> <div class="div2"> <h3><a
+name="sec-predefined-ent"></a>4.6 Predefined Entities</h3> <p>[<a title="escape"
+name="dt-escape">Definition</a>: Entity and character references can both
+be used to <b>escape</b> the left angle bracket, ampersand, and other delimiters.
+A set of general entities (<code>amp</code>, <code>lt</code>, <code>gt</code>, <code>apos</code>, <code>quot</code>)
+is specified for this purpose. Numeric character references may also be used;
+they are expanded immediately when recognized and must be treated as character
+data, so the numeric character references "<code>&#60;</code>" and "<code>&#38;</code>"
+may be used to escape <code><</code> and <code>&</code> when they occur
+in character data.]</p> <p>All XML processors must recognize these entities
+whether they are declared or not. <a title="For interoperability" href="#dt-interop">For
+interoperability</a>, valid XML documents should declare these entities, like
+any others, before using them. If the entities <code>lt</code> or <code>amp</code>
+are declared, they must be declared as internal entities whose replacement
+text is a character reference to the respective character (less-than sign
+or ampersand) being escaped; the double escaping is required for these entities
+so that references to them produce a well-formed result. If the entities <code>gt</code>, <code>apos</code>,
+or <code>quot</code> are declared, they must be declared as internal entities
+whose replacement text is the single character being escaped (or a character
+reference to that character; the double escaping here is unnecessary but harmless).
+For example:</p> <table class="eg" width="100%" border="1" cellpadding="5"
+bgcolor="#99ffff">
+<tr>
+<td><pre><!ENTITY lt "&#38;#60;">
+<!ENTITY gt "&#62;">
+<!ENTITY amp "&#38;#38;">
+<!ENTITY apos "&#39;">
+<!ENTITY quot "&#34;"></pre></td>
+</tr>
+</table> </div> <div class="div2"> <h3><a name="Notations"></a>4.7 Notation
+Declarations</h3> <p>[<a title="Notation" name="dt-notation">Definition</a>: <b>Notations</b>
+identify by name the format of <a title="External Entity" href="#dt-extent">unparsed
+entities</a>, the format of elements which bear a notation attribute, or the
+application to which a <a title="Processing instruction" href="#dt-pi">processing
+instruction</a> is addressed.]</p> <p>[<a title="Notation Declaration" name="dt-notdecl">Definition</a>:
+ <b>Notation declarations</b> provide a name for the notation, for use in
+entity and attribute-list declarations and in attribute specifications, and
+an external identifier for the notation which may allow an XML processor or
+its client application to locate a helper application capable of processing
+data in the given notation.]</p> <h5>Notation Declarations</h5><table class="scrap">
+<tbody>
+<tr valign="baseline">
+<td><a name="NT-NotationDecl"></a>[82] </td>
+<td><code>NotationDecl</code></td>
+<td> ::= </td>
+<td><code>'<!NOTATION' <a href="#NT-S">S</a> <a href="#NT-Name">Name</a> <a
+href="#NT-S">S</a> (<a href="#NT-ExternalID">ExternalID</a> | <a href="#NT-PublicID">PublicID</a>) <a
+href="#NT-S">S</a>? '>'</code></td>
+<td><a href="#UniqueNotationName">[VC: Unique Notation Name]</a></td>
+</tr>
+</tbody><tbody>
+<tr valign="baseline">
+<td><a name="NT-PublicID"></a>[83] </td>
+<td><code>PublicID</code></td>
+<td> ::= </td>
+<td><code>'PUBLIC' <a href="#NT-S">S</a> <a href="#NT-PubidLiteral">PubidLiteral</a> </code></td>
+</tr>
+</tbody></table> <div class="constraint"><p class="prefix"><a name="UniqueNotationName"></a><b>Validity
+constraint: Unique Notation Name</b></p><p>Only one notation declaration can
+declare a given <a href="#NT-Name">Name</a>.</p> </div> <p>XML processors
+must provide applications with the name and external identifier(s) of any
+notation declared and referred to in an attribute value, attribute definition,
+or entity declaration. They may additionally resolve the external identifier
+into the <a title="System Identifier" href="#dt-sysid">system identifier</a>,
+file name, or other information needed to allow the application to call a
+processor for data in the notation described. (It is not an error, however,
+for XML documents to declare and refer to notations for which notation-specific
+applications are not available on the system where the XML processor or application
+is running.)</p> </div> <div class="div2"> <h3><a name="sec-doc-entity"></a>4.8
+Document Entity</h3> <p>[<a title="Document Entity" name="dt-docent">Definition</a>:
+The <b>document entity</b> serves as the root of the entity tree and a starting-point
+for an <a title="XML Processor" href="#dt-xml-proc">XML processor</a>.] This
+specification does not specify how the document entity is to be located by
+an XML processor; unlike other entities, the document entity has no name and
+might well appear on a processor input stream without any identification at
+all.</p> </div> </div> <div class="div1"> <h2><a name="sec-conformance"></a>5
+Conformance</h2> <div class="div2"> <h3><a name="proc-types"></a>5.1 Validating
+and Non-Validating Processors</h3> <p>Conforming <a title="XML Processor"
+href="#dt-xml-proc">XML processors</a> fall into two classes: validating and
+non-validating.</p> <p>Validating and non-validating processors alike must
+report violations of this specification's well-formedness constraints in the
+content of the <a title="Document Entity" href="#dt-docent">document entity</a>
+and any other <a title="Text Entity" href="#dt-parsedent">parsed entities</a>
+that they read.</p> <p>[<a title="Validating Processor" name="dt-validating">Definition</a>: <b>Validating
+processors</b> must, at user option, report violations of the constraints
+expressed by the declarations in the <a title="Document Type Declaration"
+href="#dt-doctype">DTD</a>, and failures to fulfill the validity constraints
+given in this specification.] To accomplish this, validating XML processors
+must read and process the entire DTD and all external parsed entities referenced
+in the document.</p> <p>Non-validating processors are required to check only
+the <a title="Document Entity" href="#dt-docent">document entity</a>, including
+the entire internal DTD subset, for well-formedness. [<a title="Process Declarations"
+name="dt-use-mdecl">Definition</a>: While they are not required to check
+the document for validity, they are required to <b>process</b> all the declarations
+they read in the internal DTD subset and in any parameter entity that they
+read, up to the first reference to a parameter entity that they do <em>not</em>
+read; that is to say, they must use the information in those declarations
+to <a href="#AVNormalize"><cite>normalize</cite></a> attribute values, <a
+href="#included"><cite>include</cite></a> the replacement text of internal
+entities, and supply <a href="#sec-attr-defaults"><cite>default attribute
+values</cite></a>.] Except when <code>standalone="yes"</code>, they must not <a
+title="Process Declarations" href="#dt-use-mdecl">process</a> <a title="entity declaration"
+href="#dt-entdecl">entity declarations</a> or <a title="Attribute-List Declaration"
+href="#dt-attdecl">attribute-list declarations</a> encountered after a reference
+to a parameter entity that is not read, since the entity may have contained
+overriding declarations.</p> </div> <div class="div2"> <h3><a name="safe-behavior"></a>5.2
+Using XML Processors</h3> <p>The behavior of a validating XML processor is
+highly predictable; it must read every piece of a document and report all
+well-formedness and validity violations. Less is required of a non-validating
+processor; it need not read any part of the document other than the document
+entity. This has two effects that may be important to users of XML processors:</p> <ul>
+<li><p>Certain well-formedness errors, specifically those that require reading
+external entities, may not be detected by a non-validating processor. Examples
+include the constraints entitled <a href="#wf-entdeclared"><cite>Entity Declared</cite></a>, <a
+href="#textent"><cite>Parsed Entity</cite></a>, and <a href="#norecursion"><cite>No
+Recursion</cite></a>, as well as some of the cases described as <a href="#forbidden"><cite>forbidden</cite></a>
+in <a href="#entproc"><b>4.4 XML Processor Treatment of Entities and References</b></a>.</p></li>
+<li><p>The information passed from the processor to the application may vary,
+depending on whether the processor reads parameter and external entities.
+For example, a non-validating processor may not <a href="#AVNormalize"><cite>normalize</cite></a>
+attribute values, <a href="#included"><cite>include</cite></a> the replacement
+text of internal entities, or supply <a href="#sec-attr-defaults"><cite>default
+attribute values</cite></a>, where doing so depends on having read declarations
+in external or parameter entities.</p></li>
+</ul> <p>For maximum reliability in interoperating between different XML processors,
+applications which use non-validating processors should not rely on any behaviors
+not required of such processors. Applications which require facilities such
+as the use of default attributes or internal entities which are declared in
+external entities should use validating XML processors.</p> </div> </div> <div
+class="div1"> <h2><a name="sec-notation"></a>6 Notation</h2> <p>The formal
+grammar of XML is given in this specification using a simple Extended Backus-Naur
+Form (EBNF) notation. Each rule in the grammar defines one symbol, in the
+form</p> <table class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre>symbol ::= expression</pre></td>
+</tr>
+</table> <p>Symbols are written with an initial capital letter if they are
+the start symbol of a regular language, otherwise with an initial lower case
+letter. Literal strings are quoted.</p> <p>Within the expression on the right-hand
+side of a rule, the following expressions are used to match strings of one
+or more characters: </p><dl>
+<dt class="label"><code>#xN</code></dt>
+<dd> <p>where <code>N</code> is a hexadecimal integer, the expression matches
+the character in ISO/IEC 10646 whose canonical (UCS-4) code value, when interpreted
+as an unsigned binary number, has the value indicated. The number of leading
+zeros in the <code>#xN</code> form is insignificant; the number of leading
+zeros in the corresponding code value is governed by the character encoding
+in use and is not significant for XML.</p> </dd>
+<dt class="label"><code>[a-zA-Z]</code>, <code>[#xN-#xN]</code></dt>
+<dd> <p>matches any <a href="#NT-Char">Char</a> with a value in the range(s)
+indicated (inclusive).</p> </dd>
+<dt class="label"><code>[abc]</code>, <code>[#xN#xN#xN]</code></dt>
+<dd> <p>matches any <a href="#NT-Char">Char</a> with a value among the characters
+enumerated. Enumerations and ranges can be mixed in one set of brackets.</p> </dd>
+<dt class="label"><code>[^a-z]</code>, <code>[^#xN-#xN]</code></dt>
+<dd> <p>matches any <a href="#NT-Char">Char</a> with a value <em>outside</em>
+the range indicated.</p> </dd>
+<dt class="label"><code>[^abc]</code>, <code>[^#xN#xN#xN]</code></dt>
+<dd> <p>matches any <a href="#NT-Char">Char</a> with a value not among the
+characters given. Enumerations and ranges of forbidden values can be mixed
+in one set of brackets.</p> </dd>
+<dt class="label"><code>"string"</code></dt>
+<dd> <p>matches a literal string <a title="match" href="#dt-match">matching</a>
+that given inside the double quotes.</p> </dd>
+<dt class="label"><code>'string'</code></dt>
+<dd> <p>matches a literal string <a title="match" href="#dt-match">matching</a>
+that given inside the single quotes.</p> </dd>
+</dl><p> These symbols may be combined to match more complex patterns as follows,
+where <code>A</code> and <code>B</code> represent simple expressions: </p><dl>
+<dt class="label">(<code>expression</code>)</dt>
+<dd> <p><code>expression</code> is treated as a unit and may be combined as
+described in this list.</p> </dd>
+<dt class="label"><code>A?</code></dt>
+<dd> <p>matches <code>A</code> or nothing; optional <code>A</code>.</p> </dd>
+<dt class="label"><code>A B</code></dt>
+<dd> <p>matches <code>A</code> followed by <code>B</code>. This operator has
+higher precedence than alternation; thus <code>A B | C D</code> is identical
+to <code>(A B) | (C D)</code>.</p> </dd>
+<dt class="label"><code>A | B</code></dt>
+<dd> <p>matches <code>A</code> or <code>B</code> but not both.</p> </dd>
+<dt class="label"><code>A - B</code></dt>
+<dd> <p>matches any string that matches <code>A</code> but does not match <code>B</code>.</p> </dd>
+<dt class="label"><code>A+</code></dt>
+<dd> <p>matches one or more occurrences of <code>A</code>.Concatenation has
+higher precedence than alternation; thus <code>A+ | B+</code> is identical
+to <code>(A+) | (B+)</code>.</p> </dd>
+<dt class="label"><code>A*</code></dt>
+<dd> <p>matches zero or more occurrences of <code>A</code>. Concatenation
+has higher precedence than alternation; thus <code>A* | B*</code> is identical
+to <code>(A*) | (B*)</code>.</p> </dd>
+</dl><p> Other notations used in the productions are: </p><dl>
+<dt class="label"><code>/* ... */</code></dt>
+<dd> <p>comment.</p> </dd>
+<dt class="label"><code>[ wfc: ... ]</code></dt>
+<dd> <p>well-formedness constraint; this identifies by name a constraint on <a
+title="Well-Formed" href="#dt-wellformed">well-formed</a> documents associated
+with a production.</p> </dd>
+<dt class="label"><code>[ vc: ... ]</code></dt>
+<dd> <p>validity constraint; this identifies by name a constraint on <a title="Validity"
+href="#dt-valid">valid</a> documents associated with a production.</p> </dd>
+</dl><p></p> </div> </div><div class="back"> <div class="div1"> <h2><a name="sec-bibliography"></a>A
+References</h2> <div class="div2"> <h3><a name="sec-existing-stds"></a>A.1
+Normative References</h3> <dl>
+<dt class="label"><a name="IANA"></a>IANA-CHARSETS</dt>
+<dd>(Internet Assigned Numbers Authority) <cite>Official Names for Character
+Sets</cite>, ed. Keld Simonsen et al. See <a href="ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets">ftp://ftp.isi.edu/in-notes/iana/assignments/character-sets</a
+>. </dd>
+<dt class="label"><a name="RFC1766"></a>IETF RFC 1766</dt>
+<dd>IETF (Internet Engineering Task Force). <cite>RFC 1766: Tags for the Identification
+of Languages</cite>, ed. H. Alvestrand. 1995. (See <a href="http://www.ietf.org/rfc/rfc1766.txt">http://www.ietf.org/rfc/rfc1766.txt</a>.)</dd>
+<dt class="label"><a name="ISO10646"></a>ISO/IEC 10646</dt>
+<dd>ISO (International Organization for Standardization). <cite>ISO/IEC 10646-1993
+(E). Information technology -- Universal Multiple-Octet Coded Character Set
+(UCS) -- Part 1: Architecture and Basic Multilingual Plane.</cite> [Geneva]:
+International Organization for Standardization, 1993 (plus amendments AM 1
+through AM 7).</dd>
+<dt class="label"><a name="ISO10646-2000"></a>ISO/IEC 10646-2000</dt>
+<dd> ISO (International Organization for Standardization). <cite>ISO/IEC 10646-1:2000.
+Information technology -- Universal Multiple-Octet Coded Character Set (UCS)
+-- Part 1: Architecture and Basic Multilingual Plane.</cite> [Geneva]: International
+Organization for Standardization, 2000.</dd>
+<dt class="label"><a name="Unicode"></a>Unicode</dt>
+<dd>The Unicode Consortium. <em>The Unicode Standard, Version 2.0.</em> Reading,
+Mass.: Addison-Wesley Developers Press, 1996.</dd>
+<dt class="label"><a name="Unicode3"></a>Unicode3</dt>
+<dd> The Unicode Consortium. <em>The Unicode Standard, Version 3.0.</em> Reading,
+Mass.: Addison-Wesley Developers Press, 2000. ISBN 0-201-61633-5.</dd>
+</dl></div> <div class="div2"> <h3><a name="null"></a>A.2 Other References</h3> <dl>
+<dt class="label"><a name="Aho"></a>Aho/Ullman</dt>
+<dd>Aho, Alfred V., Ravi Sethi, and Jeffrey D. Ullman. <cite>Compilers: Principles,
+Techniques, and Tools</cite>. Reading: Addison-Wesley, 1986, rpt. corr. 1988.</dd>
+<dt class="label"><a name="Berners-Lee"></a>Berners-Lee et al.</dt>
+<dd> Berners-Lee, T., R. Fielding, and L. Masinter. <cite>Uniform Resource
+Identifiers (URI): Generic Syntax and Semantics</cite>. 1997. (Work in progress;
+see updates to RFC1738.)</dd>
+<dt class="label"><a name="ABK"></a>Brüggemann-Klein</dt>
+<dd>Brüggemann-Klein, Anne. Formal Models in Document Processing. Habilitationsschrift.
+Faculty of Mathematics at the University of Freiburg, 1993. (See <a href="ftp://ftp.informatik.uni-freiburg.de/documents/papers/brueggem/habil.ps"
+>ftp://ftp.informatik.uni-freiburg.de/documents/papers/brueggem/habil.ps</a>.)</dd>
+<dt class="label"><a name="ABKDW"></a>Brüggemann-Klein and Wood</dt>
+<dd>Brüggemann-Klein, Anne, and Derick Wood. <cite>Deterministic Regular
+Languages</cite>. Universität Freiburg, Institut für Informatik,
+Bericht 38, Oktober 1991. Extended abstract in A. Finkel, M. Jantzen, Hrsg.,
+STACS 1992, S. 173-184. Springer-Verlag, Berlin 1992. Lecture Notes in Computer
+Science 577. Full version titled <cite>One-Unambiguous Regular Languages</cite>
+in Information and Computation 140 (2): 229-253, February 1998.</dd>
+<dt class="label"><a name="Clark"></a>Clark</dt>
+<dd>James Clark. Comparison of SGML and XML. See <a href="http://www.w3.org/TR/NOTE-sgml-xml-971215">http://www.w3.org/TR/NOTE-sgml-xml-971215</a
+>. </dd>
+<dt class="label"><a name="IANA-LANGCODES"></a>IANA-LANGCODES</dt>
+<dd>(Internet Assigned Numbers Authority) <cite>Registry of Language Tags</cite>,
+ed. Keld Simonsen et al. (See <a href="http://www.isi.edu/in-notes/iana/assignments/languages/">http://www.isi.edu/in-notes/iana/assignments/languages/</a
+>.)</dd>
+<dt class="label"><a name="RFC2141"></a>IETF RFC2141</dt>
+<dd>IETF (Internet Engineering Task Force). <em>RFC 2141: URN Syntax</em>,
+ed. R. Moats. 1997. (See <a href="http://www.ietf.org/rfc/rfc2141.txt">http://www.ietf.org/rfc/rfc2141.txt</a>.)</dd>
+<dt class="label"><a name="rfc2279"></a>IETF RFC 2279</dt>
+<dd>IETF (Internet Engineering Task Force). <cite>RFC 2279: UTF-8, a transformation
+format of ISO 10646</cite>, ed. F. Yergeau, 1998. (See <a href="http://www.ietf.org/rfc/rfc2279.txt">http://www.ietf.org/rfc/rfc2279.txt</a>.)</dd>
+<dt class="label"><a name="rfc2376"></a>IETF RFC 2376</dt>
+<dd>IETF (Internet Engineering Task Force). <cite>RFC 2376: XML Media Types</cite>.
+ed. E. Whitehead, M. Murata. 1998. (See <a href="http://www.ietf.org/rfc/rfc2376.txt">http://www.ietf.org/rfc/rfc2376.txt</a>.)</dd>
+<dt class="label"><a name="rfc2396"></a>IETF RFC 2396</dt>
+<dd>IETF (Internet Engineering Task Force). <cite>RFC 2396: Uniform Resource
+Identifiers (URI): Generic Syntax</cite>. T. Berners-Lee, R. Fielding, L.
+Masinter. 1998. (See <a href="http://www.ietf.org/rfc/rfc2396.txt">http://www.ietf.org/rfc/rfc2396.txt</a>.)</dd>
+<dt class="label"><a name="rfc2732"></a>IETF RFC 2732</dt>
+<dd>IETF (Internet Engineering Task Force). <cite>RFC 2732: Format for Literal
+IPv6 Addresses in URL's</cite>. R. Hinden, B. Carpenter, L. Masinter. 1999.
+ (See <a href="http://www.ietf.org/rfc/rfc2732.txt">http://www.ietf.org/rfc/rfc2732.txt</a>.)</dd>
+<dt class="label"><a name="rfc2781"></a>IETF RFC 2781</dt>
+<dd> IETF (Internet Engineering Task Force). <em>RFC 2781: UTF-16, an encoding
+of ISO 10646</em>, ed. P. Hoffman, F. Yergeau. 2000. (See <a href="http://www.ietf.org/rfc/rfc2781.txt">http://www.ietf.org/rfc/rfc2781.txt</a>.)</dd>
+<dt class="label"><a name="ISO639"></a>ISO 639</dt>
+<dd> (International Organization for Standardization). <cite>ISO 639:1988
+(E). Code for the representation of names of languages.</cite> [Geneva]: International
+Organization for Standardization, 1988.</dd>
+<dt class="label"><a name="ISO3166"></a>ISO 3166</dt>
+<dd> (International Organization for Standardization). <cite>ISO 3166-1:1997
+(E). Codes for the representation of names of countries and their subdivisions
+-- Part 1: Country codes</cite> [Geneva]: International Organization for Standardization,
+1997.</dd>
+<dt class="label"><a name="ISO8879"></a>ISO 8879</dt>
+<dd>ISO (International Organization for Standardization). <cite>ISO 8879:1986(E).
+Information processing -- Text and Office Systems -- Standard Generalized
+Markup Language (SGML).</cite> First edition -- 1986-10-15. [Geneva]: International
+Organization for Standardization, 1986. </dd>
+<dt class="label"><a name="ISO10744"></a>ISO/IEC 10744</dt>
+<dd>ISO (International Organization for Standardization). <cite>ISO/IEC 10744-1992
+(E). Information technology -- Hypermedia/Time-based Structuring Language
+(HyTime). </cite> [Geneva]: International Organization for Standardization,
+1992. <em>Extended Facilities Annexe.</em> [Geneva]: International Organization
+for Standardization, 1996. </dd>
+<dt class="label"><a name="websgml"></a>WEBSGML</dt>
+<dd>ISO (International Organization for Standardization). <cite>ISO 8879:1986
+TC2. Information technology -- Document Description and Processing Languages. </cite>
+[Geneva]: International Organization for Standardization, 1998. (See <a href="http://www.sgmlsource.com/8879rev/n0029.htm">http://www.sgmlsource.com/8879rev/n0029.htm</a
+>.)</dd>
+<dt class="label"><a name="xml-names"></a>XML Names</dt>
+<dd>Tim Bray, Dave Hollander, and Andrew Layman, editors. <cite>Namespaces
+in XML</cite>. Textuality, Hewlett-Packard, and Microsoft. World Wide Web
+Consortium, 1999. (See <a href="http://www.w3.org/TR/REC-xml-names/">http://www.w3.org/TR/REC-xml-names/</a>.)</dd>
+</dl></div> </div> <div class="div1"> <h2><a name="CharClasses"></a>B Character
+Classes</h2> <p>Following the characteristics defined in the Unicode standard,
+characters are classed as base characters (among others, these contain the
+alphabetic characters of the Latin alphabet), ideographic characters, and
+combining characters (among others, this class contains most diacritics) Digits
+and extenders are also distinguished.</p> <h5>Characters</h5><table class="scrap">
+<tbody>
+<tr valign="baseline">
+<td><a name="NT-Letter"></a>[84] </td>
+<td><code>Letter</code></td>
+<td> ::= </td>
+<td><code><a href="#NT-BaseChar">BaseChar</a> | <a href="#NT-Ideographic">Ideographic</a></code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-BaseChar"></a>[85] </td>
+<td><code>BaseChar</code></td>
+<td> ::= </td>
+<td><code>[#x0041-#x005A] | [#x0061-#x007A] | [#x00C0-#x00D6] | [#x00D8-#x00F6]
+| [#x00F8-#x00FF] | [#x0100-#x0131] | [#x0134-#x013E] | [#x0141-#x0148]
+| [#x014A-#x017E] | [#x0180-#x01C3] | [#x01CD-#x01F0] | [#x01F4-#x01F5]
+| [#x01FA-#x0217] | [#x0250-#x02A8] | [#x02BB-#x02C1] | #x0386
+| [#x0388-#x038A] | #x038C | [#x038E-#x03A1] | [#x03A3-#x03CE]
+| [#x03D0-#x03D6] | #x03DA | #x03DC | #x03DE | #x03E0
+| [#x03E2-#x03F3] | [#x0401-#x040C] | [#x040E-#x044F] | [#x0451-#x045C]
+| [#x045E-#x0481] | [#x0490-#x04C4] | [#x04C7-#x04C8] | [#x04CB-#x04CC]
+| [#x04D0-#x04EB] | [#x04EE-#x04F5] | [#x04F8-#x04F9] | [#x0531-#x0556]
+| #x0559 | [#x0561-#x0586] | [#x05D0-#x05EA] | [#x05F0-#x05F2]
+| [#x0621-#x063A] | [#x0641-#x064A] | [#x0671-#x06B7] | [#x06BA-#x06BE]
+| [#x06C0-#x06CE] | [#x06D0-#x06D3] | #x06D5 | [#x06E5-#x06E6]
+| [#x0905-#x0939] | #x093D | [#x0958-#x0961] | [#x0985-#x098C]
+| [#x098F-#x0990] | [#x0993-#x09A8] | [#x09AA-#x09B0] | #x09B2
+| [#x09B6-#x09B9] | [#x09DC-#x09DD] | [#x09DF-#x09E1] | [#x09F0-#x09F1]
+| [#x0A05-#x0A0A] | [#x0A0F-#x0A10] | [#x0A13-#x0A28] | [#x0A2A-#x0A30]
+| [#x0A32-#x0A33] | [#x0A35-#x0A36] | [#x0A38-#x0A39] | [#x0A59-#x0A5C]
+| #x0A5E | [#x0A72-#x0A74] | [#x0A85-#x0A8B] | #x0A8D
+| [#x0A8F-#x0A91] | [#x0A93-#x0AA8] | [#x0AAA-#x0AB0] | [#x0AB2-#x0AB3]
+| [#x0AB5-#x0AB9] | #x0ABD | #x0AE0 | [#x0B05-#x0B0C]
+| [#x0B0F-#x0B10] | [#x0B13-#x0B28] | [#x0B2A-#x0B30] | [#x0B32-#x0B33]
+| [#x0B36-#x0B39] | #x0B3D | [#x0B5C-#x0B5D] | [#x0B5F-#x0B61]
+| [#x0B85-#x0B8A] | [#x0B8E-#x0B90] | [#x0B92-#x0B95] | [#x0B99-#x0B9A]
+| #x0B9C | [#x0B9E-#x0B9F] | [#x0BA3-#x0BA4] | [#x0BA8-#x0BAA]
+| [#x0BAE-#x0BB5] | [#x0BB7-#x0BB9] | [#x0C05-#x0C0C] | [#x0C0E-#x0C10]
+| [#x0C12-#x0C28] | [#x0C2A-#x0C33] | [#x0C35-#x0C39] | [#x0C60-#x0C61]
+| [#x0C85-#x0C8C] | [#x0C8E-#x0C90] | [#x0C92-#x0CA8] | [#x0CAA-#x0CB3]
+| [#x0CB5-#x0CB9] | #x0CDE | [#x0CE0-#x0CE1] | [#x0D05-#x0D0C]
+| [#x0D0E-#x0D10] | [#x0D12-#x0D28] | [#x0D2A-#x0D39] | [#x0D60-#x0D61]
+| [#x0E01-#x0E2E] | #x0E30 | [#x0E32-#x0E33] | [#x0E40-#x0E45]
+| [#x0E81-#x0E82] | #x0E84 | [#x0E87-#x0E88] | #x0E8A
+| #x0E8D | [#x0E94-#x0E97] | [#x0E99-#x0E9F] | [#x0EA1-#x0EA3]
+| #x0EA5 | #x0EA7 | [#x0EAA-#x0EAB] | [#x0EAD-#x0EAE]
+| #x0EB0 | [#x0EB2-#x0EB3] | #x0EBD | [#x0EC0-#x0EC4]
+| [#x0F40-#x0F47] | [#x0F49-#x0F69] | [#x10A0-#x10C5] | [#x10D0-#x10F6]
+| #x1100 | [#x1102-#x1103] | [#x1105-#x1107] | #x1109
+| [#x110B-#x110C] | [#x110E-#x1112] | #x113C | #x113E
+| #x1140 | #x114C | #x114E | #x1150 | [#x1154-#x1155]
+| #x1159 | [#x115F-#x1161] | #x1163 | #x1165 | #x1167
+| #x1169 | [#x116D-#x116E] | [#x1172-#x1173] | #x1175
+| #x119E | #x11A8 | #x11AB | [#x11AE-#x11AF] | [#x11B7-#x11B8]
+| #x11BA | [#x11BC-#x11C2] | #x11EB | #x11F0 | #x11F9
+| [#x1E00-#x1E9B] | [#x1EA0-#x1EF9] | [#x1F00-#x1F15] | [#x1F18-#x1F1D]
+| [#x1F20-#x1F45] | [#x1F48-#x1F4D] | [#x1F50-#x1F57] | #x1F59
+| #x1F5B | #x1F5D | [#x1F5F-#x1F7D] | [#x1F80-#x1FB4]
+| [#x1FB6-#x1FBC] | #x1FBE | [#x1FC2-#x1FC4] | [#x1FC6-#x1FCC]
+| [#x1FD0-#x1FD3] | [#x1FD6-#x1FDB] | [#x1FE0-#x1FEC] | [#x1FF2-#x1FF4]
+| [#x1FF6-#x1FFC] | #x2126 | [#x212A-#x212B] | #x212E
+| [#x2180-#x2182] | [#x3041-#x3094] | [#x30A1-#x30FA] | [#x3105-#x312C]
+| [#xAC00-#xD7A3] </code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-Ideographic"></a>[86] </td>
+<td><code>Ideographic</code></td>
+<td> ::= </td>
+<td><code>[#x4E00-#x9FA5] | #x3007 | [#x3021-#x3029] </code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-CombiningChar"></a>[87] </td>
+<td><code>CombiningChar</code></td>
+<td> ::= </td>
+<td><code>[#x0300-#x0345] | [#x0360-#x0361] | [#x0483-#x0486] | [#x0591-#x05A1]
+| [#x05A3-#x05B9] | [#x05BB-#x05BD] | #x05BF | [#x05C1-#x05C2]
+| #x05C4 | [#x064B-#x0652] | #x0670 | [#x06D6-#x06DC]
+| [#x06DD-#x06DF] | [#x06E0-#x06E4] | [#x06E7-#x06E8] | [#x06EA-#x06ED]
+| [#x0901-#x0903] | #x093C | [#x093E-#x094C] | #x094D
+| [#x0951-#x0954] | [#x0962-#x0963] | [#x0981-#x0983] | #x09BC
+| #x09BE | #x09BF | [#x09C0-#x09C4] | [#x09C7-#x09C8]
+| [#x09CB-#x09CD] | #x09D7 | [#x09E2-#x09E3] | #x0A02
+| #x0A3C | #x0A3E | #x0A3F | [#x0A40-#x0A42] | [#x0A47-#x0A48]
+| [#x0A4B-#x0A4D] | [#x0A70-#x0A71] | [#x0A81-#x0A83] | #x0ABC
+| [#x0ABE-#x0AC5] | [#x0AC7-#x0AC9] | [#x0ACB-#x0ACD] | [#x0B01-#x0B03]
+| #x0B3C | [#x0B3E-#x0B43] | [#x0B47-#x0B48] | [#x0B4B-#x0B4D]
+| [#x0B56-#x0B57] | [#x0B82-#x0B83] | [#x0BBE-#x0BC2] | [#x0BC6-#x0BC8]
+| [#x0BCA-#x0BCD] | #x0BD7 | [#x0C01-#x0C03] | [#x0C3E-#x0C44]
+| [#x0C46-#x0C48] | [#x0C4A-#x0C4D] | [#x0C55-#x0C56] | [#x0C82-#x0C83]
+| [#x0CBE-#x0CC4] | [#x0CC6-#x0CC8] | [#x0CCA-#x0CCD] | [#x0CD5-#x0CD6]
+| [#x0D02-#x0D03] | [#x0D3E-#x0D43] | [#x0D46-#x0D48] | [#x0D4A-#x0D4D]
+| #x0D57 | #x0E31 | [#x0E34-#x0E3A] | [#x0E47-#x0E4E]
+| #x0EB1 | [#x0EB4-#x0EB9] | [#x0EBB-#x0EBC] | [#x0EC8-#x0ECD]
+| [#x0F18-#x0F19] | #x0F35 | #x0F37 | #x0F39 | #x0F3E
+| #x0F3F | [#x0F71-#x0F84] | [#x0F86-#x0F8B] | [#x0F90-#x0F95]
+| #x0F97 | [#x0F99-#x0FAD] | [#x0FB1-#x0FB7] | #x0FB9
+| [#x20D0-#x20DC] | #x20E1 | [#x302A-#x302F] | #x3099
+| #x309A </code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-Digit"></a>[88] </td>
+<td><code>Digit</code></td>
+<td> ::= </td>
+<td><code>[#x0030-#x0039] | [#x0660-#x0669] | [#x06F0-#x06F9] | [#x0966-#x096F]
+| [#x09E6-#x09EF] | [#x0A66-#x0A6F] | [#x0AE6-#x0AEF] | [#x0B66-#x0B6F]
+| [#x0BE7-#x0BEF] | [#x0C66-#x0C6F] | [#x0CE6-#x0CEF] | [#x0D66-#x0D6F]
+| [#x0E50-#x0E59] | [#x0ED0-#x0ED9] | [#x0F20-#x0F29] </code></td>
+</tr>
+<tr valign="baseline">
+<td><a name="NT-Extender"></a>[89] </td>
+<td><code>Extender</code></td>
+<td> ::= </td>
+<td><code>#x00B7 | #x02D0 | #x02D1 | #x0387 | #x0640 | #x0E46
+| #x0EC6 | #x3005 | [#x3031-#x3035] | [#x309D-#x309E]
+| [#x30FC-#x30FE] </code></td>
+</tr>
+</tbody></table> <p>The character classes defined here can be derived from
+the Unicode 2.0 character database as follows:</p> <ul>
+<li><p>Name start characters must have one of the categories Ll, Lu, Lo, Lt,
+Nl.</p></li>
+<li><p>Name characters other than Name-start characters must have one of the
+categories Mc, Me, Mn, Lm, or Nd.</p></li>
+<li><p>Characters in the compatibility area (i.e. with character code greater
+than #xF900 and less than #xFFFE) are not allowed in XML names.</p></li>
+<li><p>Characters which have a font or compatibility decomposition (i.e. those
+with a "compatibility formatting tag" in field 5 of the database -- marked
+by field 5 beginning with a "<") are not allowed.</p></li>
+<li><p>The following characters are treated as name-start characters rather
+than name characters, because the property file classifies them as Alphabetic:
+[#x02BB-#x02C1], #x0559, #x06E5, #x06E6.</p></li>
+<li><p>Characters #x20DD-#x20E0 are excluded (in accordance with Unicode 2.0,
+section 5.14).</p></li>
+<li><p>Character #x00B7 is classified as an extender, because the property
+list so identifies it.</p></li>
+<li><p>Character #x0387 is added as a name character, because #x00B7 is its
+canonical equivalent.</p></li>
+<li><p>Characters ':' and '_' are allowed as name-start characters.</p> </li>
+<li><p>Characters '-' and '.' are allowed as name characters.</p></li>
+</ul> </div> <div class="div1"> <h2><a name="sec-xml-and-sgml"></a>C XML and
+SGML (Non-Normative)</h2> <p>XML is designed to be a subset of SGML, in that
+every XML document should also be a conforming SGML document. For a detailed
+comparison of the additional restrictions that XML places on documents beyond
+those of SGML, see <a href="#Clark">[Clark]</a>.</p> </div> <div class="div1"> <h2><a
+name="sec-entexpand"></a>D Expansion of Entity and Character References (Non-Normative)</h2> <p>This
+appendix contains some examples illustrating the sequence of entity- and character-reference
+recognition and expansion, as specified in <a href="#entproc"><b>4.4 XML Processor
+Treatment of Entities and References</b></a>.</p> <p>If the DTD contains the
+declaration</p> <table class="eg" width="100%" border="1" cellpadding="5"
+bgcolor="#99ffff">
+<tr>
+<td><pre><!ENTITY example "<p>An ampersand (&#38;#38;) may be escaped
+numerically (&#38;#38;#38;) or with a general entity
+(&amp;amp;).</p>" ></pre></td>
+</tr>
+</table> <p>then the XML processor will recognize the character references
+when it parses the entity declaration, and resolve them before storing the
+following string as the value of the entity "<code>example</code>":</p> <table
+class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre><p>An ampersand (&#38;) may be escaped
+numerically (&#38;#38;) or with a general entity
+(&amp;amp;).</p></pre></td>
+</tr>
+</table> <p>A reference in the document to "<code>&example;</code>" will
+cause the text to be reparsed, at which time the start- and end-tags of the <code>p</code>
+element will be recognized and the three references will be recognized and
+expanded, resulting in a <code>p</code> element with the following content
+(all data, no delimiters or markup):</p> <table class="eg" width="100%" border="1"
+cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre>An ampersand (&) may be escaped
+numerically (&#38;) or with a general entity
+(&amp;).</pre></td>
+</tr>
+</table> <p>A more complex example will illustrate the rules and their effects
+fully. In the following example, the line numbers are solely for reference.</p> <table
+class="eg" width="100%" border="1" cellpadding="5" bgcolor="#99ffff">
+<tr>
+<td><pre>1 <?xml version='1.0'?>
+2 <!DOCTYPE test [
+3 <!ELEMENT test (#PCDATA) >
+4 <!ENTITY % xx '&#37;zz;'>
+5 <!ENTITY % zz '&#60;!ENTITY tricky "error-prone" >' >
+6 %xx;
+7 ]>
+8 <test>This sample shows a &tricky; method.</test></pre></td>
+</tr>
+</table> <p>This produces the following:</p> <ul>
+<li><p>in line 4, the reference to character 37 is expanded immediately, and
+the parameter entity "<code>xx</code>" is stored in the symbol table with
+the value "<code>%zz;</code>". Since the replacement text is not rescanned,
+the reference to parameter entity "<code>zz</code>" is not recognized. (And
+it would be an error if it were, since "<code>zz</code>" is not yet declared.)</p></li>
+<li><p>in line 5, the character reference "<code>&#60;</code>" is expanded
+immediately and the parameter entity "<code>zz</code>" is stored with the
+replacement text "<code><!ENTITY tricky "error-prone" ></code>", which
+is a well-formed entity declaration.</p></li>
+<li><p>in line 6, the reference to "<code>xx</code>" is recognized, and the
+replacement text of "<code>xx</code>" (namely "<code>%zz;</code>") is parsed.
+The reference to "<code>zz</code>" is recognized in its turn, and its replacement
+text ("<code><!ENTITY tricky "error-prone" ></code>") is parsed. The general
+entity "<code>tricky</code>" has now been declared, with the replacement text
+"<code>error-prone</code>".</p> </li>
+<li><p>in line 8, the reference to the general entity "<code>tricky</code>"
+is recognized, and it is expanded, so the full content of the <code>test</code>
+element is the self-describing (and ungrammatical) string <em>This sample
+shows a error-prone method.</em></p></li>
+</ul> </div> <div class="div1"> <h2><a name="determinism"></a>E Deterministic
+Content Models (Non-Normative)</h2> <p>As noted in <a href="#sec-element-content"><b>3.2.1
+Element Content</b></a>, it is required that content models in element type
+declarations be deterministic. This requirement is <a title="For Compatibility"
+href="#dt-compat">for compatibility</a> with SGML (which calls deterministic
+content models "unambiguous"); XML processors built using SGML systems may
+flag non-deterministic content models as errors.</p> <p>For example, the content
+model <code>((b, c) | (b, d))</code> is non-deterministic, because given an
+initial <code>b</code> the XML processor cannot know which <code>b</code>
+in the model is being matched without looking ahead to see which element follows
+the <code>b</code>. In this case, the two references to <code>b</code> can
+be collapsed into a single reference, making the model read <code>(b, (c |
+d))</code>. An initial <code>b</code> now clearly matches only a single name
+in the content model. The processor doesn't need to look ahead to see what
+follows; either <code>c</code> or <code>d</code> would be accepted.</p> <p>More
+formally: a finite state automaton may be constructed from the content model
+using the standard algorithms, e.g. algorithm 3.5 in section 3.9 of Aho, Sethi,
+and Ullman <a href="#Aho">[Aho/Ullman]</a>. In many such algorithms, a follow
+set is constructed for each position in the regular expression (i.e., each
+leaf node in the syntax tree for the regular expression); if any position
+has a follow set in which more than one following position is labeled with
+the same element type name, then the content model is in error and may be
+reported as an error.</p> <p>Algorithms exist which allow many but not all
+non-deterministic content models to be reduced automatically to equivalent
+deterministic models; see Brüggemann-Klein 1991 <a href="#ABK">[Brüggemann-Klein]</a>.</p> </div> <div
+class="div1"> <h2><a name="sec-guessing"></a>F Autodetection of Character
+Encodings (Non-Normative)</h2> <p>The XML encoding declaration functions as
+an internal label on each entity, indicating which character encoding is in
+use. Before an XML processor can read the internal label, however, it apparently
+has to know what character encoding is in use--which is what the internal
+label is trying to indicate. In the general case, this is a hopeless situation.
+It is not entirely hopeless in XML, however, because XML limits the general
+case in two ways: each implementation is assumed to support only a finite
+set of character encodings, and the XML encoding declaration is restricted
+in position and content in order to make it feasible to autodetect the character
+encoding in use in each entity in normal cases. Also, in many cases other
+sources of information are available in addition to the XML data stream itself.
+Two cases may be distinguished, depending on whether the XML entity is presented
+to the processor without, or with, any accompanying (external) information.
+We consider the first case first.</p> <div class="div2"> <h3><a name="sec-guessing-no-ext-info"></a>F.1
+Detection Without External Encoding Information</h3> <p>Because each XML entity
+not accompanied by external encoding information and not in UTF-8 or UTF-16
+encoding <em>must</em> begin with an XML encoding declaration, in which the
+first characters must be '<code><?xml</code>', any conforming processor
+can detect, after two to four octets of input, which of the following cases
+apply. In reading this list, it may help to know that in UCS-4, '<' is
+"<code>#x0000003C</code>" and '?' is "<code>#x0000003F</code>", and the Byte
+Order Mark required of UTF-16 data streams is "<code>#xFEFF</code>". The notation <var>##</var>
+is used to denote any byte value except that two consecutive <var>##</var>s
+cannot be both 00.</p> <p>With a Byte Order Mark:</p> <table border="1" frame="border">
+<tbody>
+<tr>
+<td rowspan="1" colspan="1"><code>00 00 FE FF</code></td>
+<td rowspan="1" colspan="1">UCS-4, big-endian machine (1234 order)</td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><code>FF FE 00 00</code></td>
+<td rowspan="1" colspan="1">UCS-4, little-endian machine (4321 order)</td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><code>00 00 FF FE</code></td>
+<td rowspan="1" colspan="1">UCS-4, unusual octet order (2143)</td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><code>FE FF 00 00</code></td>
+<td rowspan="1" colspan="1">UCS-4, unusual octet order (3412)</td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><code>FE FF ## ##</code></td>
+<td rowspan="1" colspan="1">UTF-16, big-endian</td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><code>FF FE ## ##</code></td>
+<td rowspan="1" colspan="1">UTF-16, little-endian</td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><code>EF BB BF</code></td>
+<td rowspan="1" colspan="1">UTF-8</td>
+</tr>
+</tbody></table> <p>Without a Byte Order Mark:</p> <table border="1" frame="border">
+<tbody>
+<tr>
+<td rowspan="1" colspan="1"><code>00 00 00 3C</code></td>
+<td rowspan="4" colspan="1">UCS-4 or other encoding with a 32-bit code unit
+and ASCII characters encoded as ASCII values, in respectively big-endian (1234),
+little-endian (4321) and two unusual byte orders (2143 and 3412). The encoding
+declaration must be read to determine which of UCS-4 or other supported 32-bit
+encodings applies.</td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><code>3C 00 00 00</code></td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><code>00 00 3C 00</code></td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><code>00 3C 00 00</code></td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><code>00 3C 00 3F</code></td>
+<td rowspan="1" colspan="1">UTF-16BE or big-endian ISO-10646-UCS-2 or other
+encoding with a 16-bit code unit in big-endian order and ASCII characters
+encoded as ASCII values (the encoding declaration must be read to determine
+which)</td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><code>3C 00 3F 00</code></td>
+<td rowspan="1" colspan="1">UTF-16LE or little-endian ISO-10646-UCS-2 or other
+encoding with a 16-bit code unit in little-endian order and ASCII characters
+encoded as ASCII values (the encoding declaration must be read to determine
+which)</td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><code>3C 3F 78 6D</code></td>
+<td rowspan="1" colspan="1">UTF-8, ISO 646, ASCII, some part of ISO 8859,
+Shift-JIS, EUC, or any other 7-bit, 8-bit, or mixed-width encoding which ensures
+that the characters of ASCII have their normal positions, width, and values;
+the actual encoding declaration must be read to detect which of these applies,
+but since all of these encodings use the same bit patterns for the relevant
+ASCII characters, the encoding declaration itself may be read reliably</td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1"><code>4C 6F A7 94</code></td>
+<td rowspan="1" colspan="1">EBCDIC (in some flavor; the full encoding declaration
+must be read to tell which code page is in use)</td>
+</tr>
+<tr>
+<td rowspan="1" colspan="1">Other</td>
+<td rowspan="1" colspan="1">UTF-8 without an encoding declaration, or else
+the data stream is mislabeled (lacking a required encoding declaration), corrupt,
+fragmentary, or enclosed in a wrapper of some kind</td>
+</tr>
+</tbody></table> <div class="note"><p class="prefix"><b>Note:</b></p> <p>In
+cases above which do not require reading the encoding declaration to determine
+the encoding, section 4.3.3 still requires that the encoding declaration,
+if present, be read and that the encoding name be checked to match the actual
+encoding of the entity. Also, it is possible that new character encodings
+will be invented that will make it necessary to use the encoding declaration
+to determine the encoding, in cases where this is not required at present.</p> </div> <p>This
+level of autodetection is enough to read the XML encoding declaration and
+parse the character-encoding identifier, which is still necessary to distinguish
+the individual members of each family of encodings (e.g. to tell UTF-8 from
+8859, and the parts of 8859 from each other, or to distinguish the specific
+EBCDIC code page in use, and so on).</p> <p>Because the contents of the encoding
+declaration are restricted to characters from the ASCII repertoire (however
+encoded), a processor can reliably read the entire encoding declaration as
+soon as it has detected which family of encodings is in use. Since in practice,
+all widely used character encodings fall into one of the categories above,
+the XML encoding declaration allows reasonably reliable in-band labeling of
+character encodings, even when external sources of information at the operating-system
+or transport-protocol level are unreliable. Character encodings such as UTF-7
+that make overloaded usage of ASCII-valued bytes may fail to be reliably detected.</p> <p>Once
+the processor has detected the character encoding in use, it can act appropriately,
+whether by invoking a separate input routine for each case, or by calling
+the proper conversion function on each character of input.</p> <p>Like any
+self-labeling system, the XML encoding declaration will not work if any software
+changes the entity's character set or encoding without updating the encoding
+declaration. Implementors of character-encoding routines should be careful
+to ensure the accuracy of the internal and external information used to label
+the entity.</p> </div> <div class="div2"> <h3><a name="sec-guessing-with-ext-info"></a>F.2
+Priorities in the Presence of External Encoding Information</h3> <p>The second
+possible case occurs when the XML entity is accompanied by encoding information,
+as in some file systems and some network protocols. When multiple sources
+of information are available, their relative priority and the preferred method
+of handling conflict should be specified as part of the higher-level protocol
+used to deliver XML. In particular, please refer to <a href="#rfc2376">[IETF
+RFC 2376]</a> or its successor, which defines the <code>text/xml</code> and <code>application/xml</code>
+MIME types and provides some useful guidance. In the interests of interoperability,
+however, the following rule is recommended.</p> <ul>
+<li><p>If an XML entity is in a file, the Byte-Order Mark and encoding declaration
+are used (if present) to determine the character encoding.</p> </li>
+</ul> </div> </div> <div class="div1"> <h2><a name="sec-xml-wg"></a>G W3C
+XML Working Group (Non-Normative)</h2> <p>This specification was prepared
+and approved for publication by the W3C XML Working Group (WG). WG approval
+of this specification does not necessarily imply that all WG members voted
+for its approval. The current and former members of the XML WG are:</p> <ul>
+<li>Jon Bosak, Sun (<i>Chair</i>) </li>
+<li>James Clark (<i>Technical Lead</i>) </li>
+<li>Tim Bray, Textuality and Netscape (<i>XML Co-editor</i>) </li>
+<li>Jean Paoli, Microsoft (<i>XML Co-editor</i>) </li>
+<li>C. M. Sperberg-McQueen, U. of Ill. (<i>XML Co-editor</i>) </li>
+<li>Dan Connolly, W3C (<i>W3C Liaison</i>) </li>
+<li>Paula Angerstein, Texcel</li>
+<li>Steve DeRose, INSO</li>
+<li>Dave Hollander, HP</li>
+<li>Eliot Kimber, ISOGEN</li>
+<li>Eve Maler, ArborText</li>
+<li>Tom Magliery, NCSA</li>
+<li>Murray Maloney, SoftQuad, Grif SA, Muzmo and Veo Systems</li>
+<li>MURATA Makoto (FAMILY Given), Fuji Xerox Information Systems</li>
+<li>Joel Nava, Adobe</li>
+<li>Conleth O'Connell, Vignette </li>
+<li>Peter Sharpe, SoftQuad</li>
+<li>John Tigue, DataChannel</li>
+</ul> </div> <div class="div1"> <h2><a name="sec-core-wg"></a>H W3C XML Core
+Group (Non-Normative)</h2> <p>The second edition of this specification was
+prepared by the W3C XML Core Working Group (WG). The members of the WG at
+the time of publication of this edition were:</p> <ul>
+<li>Paula Angerstein, Vignette</li>
+<li>Daniel Austin, Ask Jeeves</li>
+<li>Tim Boland</li>
+<li>Allen Brown, Microsoft</li>
+<li>Dan Connolly, W3C (<i>Staff Contact</i>) </li>
+<li>John Cowan, Reuters Limited </li>
+<li>John Evdemon, XMLSolutions Corporation </li>
+<li>Paul Grosso, Arbortext (<i>Co-Chair</i>) </li>
+<li>Arnaud Le Hors, IBM (<i>Co-Chair</i>) </li>
+<li>Eve Maler, Sun Microsystems (<i>Second Edition Editor</i>) </li>
+<li>Jonathan Marsh, Microsoft</li>
+<li>MURATA Makoto (FAMILY Given), IBM </li>
+<li>Mark Needleman, Data Research Associates </li>
+<li>David Orchard, Jamcracker</li>
+<li>Lew Shannon, NCR</li>
+<li>Richard Tobin, University of Edinburgh </li>
+<li>Daniel Veillard, W3C</li>
+<li>Dan Vint, Lexica</li>
+<li>Norman Walsh, Sun Microsystems </li>
+<li>François Yergeau, Alis Technologies (<i>Errata List Editor</i>) </li>
+<li>Kongyi Zhou, Oracle</li>
+</ul> </div> <div class="div1"> <h2><a name="b4d250b6c21"></a>I Production
+Notes (Non-Normative)</h2> <p>This Second Edition was encoded in the <a href="http://www.w3.org/XML/1998/06/xmlspec-v21.dtd">XMLspec
+DTD</a> (which has <a href="http://www.w3.org/XML/1998/06/xmlspec-report-v21.htm">documentation</a>
+available). The HTML versions were produced with a combination of the <a href="http://www.w3.org/XML/1998/06/xmlspec.xsl">xmlspec.xsl</a>, <a
+href="http://www.w3.org/XML/1998/06/diffspec.xsl">diffspec.xsl</a>, and <a
+href="http://www.w3.org/XML/1998/06/REC-xml-2e.xsl">REC-xml-2e.xsl</a> XSLT
+stylesheets. The PDF version was produced with the <a href="http://www.tdb.uu.se/~jan/html2ps.html">html2ps</a>
+facility and a distiller program.</p> </div> </div></body>
+</html>
diff --git a/samples/data/org/w3c/www/TR/xml-stylesheet.html b/samples/data/org/w3c/www/TR/xml-stylesheet.html
new file mode 100644
index 0000000..de8e119
--- /dev/null
+++ b/samples/data/org/w3c/www/TR/xml-stylesheet.html
@@ -0,0 +1,341 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
+<html>
+<head>
+<title>Associating Style Sheets with XML documents</title>
+<link rel="stylesheet" type="text/css" href="http://www.w3.org/StyleSheets/TR/W3C-REC">
+<style type="text/css">code { font-family: monospace }</style>
+</head>
+<body>
+<div class="head">
+<a href="http://www.w3.org/"><img src="http://www.w3.org/Icons/WWW/w3c_home" alt="W3C" height="48" width="72"></a>
+<h1>Associating Style Sheets with XML documents<br>Version 1.0</h1>
+<h2>W3C Recommendation 29 June 1999</h2>
+<dl>
+<dt>This version:</dt>
+<dd>
+<a href="http://www.w3.org/1999/06/REC-xml-stylesheet-19990629">http://www.w3.org/1999/06/REC-xml-stylesheet-19990629</a>
+<br>
+</dd>
+<dt>Latest version:</dt>
+<dd>
+<a href="http://www.w3.org/TR/xml-stylesheet">http://www.w3.org/TR/xml-stylesheet</a>
+<br>
+</dd>
+<dt>Previous version:</dt>
+<dd>
+<a href="http://www.w3.org/TR/1999/xml-stylesheet-19990428">http://www.w3.org/TR/1999/xml-stylesheet-19990428</a>
+<br>
+</dd>
+<dt>Editor:</dt>
+<dd>
+
+James Clark
+<a href="mailto:jjc@jclark.com"><jjc@jclark.com></a>
+<br>
+</dd>
+</dl>
+<p class="copyright">
+<a href="http://www.w3.org/Consortium/Legal/ipr-notice.html#Copyright">
+ Copyright</a> © 1999 <a href="http://www.w3.org">W3C</a>
+ (<a href="http://www.lcs.mit.edu">MIT</a>,
+ <a href="http://www.inria.fr/">INRIA</a>,
+ <a href="http://www.keio.ac.jp/">Keio</a> ), All Rights Reserved. W3C
+ <a href="http://www.w3.org/Consortium/Legal/ipr-notice.html#Legal Disclaimer">liability,</a><a href="http://www.w3.org/Consortium/Legal/ipr-notice.html#W3C Trademarks">trademark</a>,
+ <a href="http://www.w3.org/Consortium/Legal/copyright-documents.html">document use </a>and
+ <a href="http://www.w3.org/Consortium/Legal/copyright-software.html">software licensing </a>rules apply.
+ </p>
+<hr title="Separator for header">
+</div>
+<h2>
+<a name="abstract">Abstract</a>
+</h2>
+
+<p>This document allows a style sheet to be associated with an XML
+document by including one or more processing instructions with a
+target of <code>xml-stylesheet</code> in the document's prolog.</p>
+
+<h2>
+<a name="status">Status of this document</a>
+</h2>
+
+<p>This document has been reviewed by W3C Members and other interested
+parties and has been endorsed by the Director as a W3C <a href="http://www.w3.org/Consortium/Process/#RecsW3C">Recommendation</a>. It
+is a stable document and may be used as reference material or cited as
+a normative reference from other documents. W3C's role in making the
+Recommendation is to draw attention to the specification and to
+promote its widespread deployment. This enhances the functionality and
+interoperability of the Web.</p>
+
+<p>The list of known errors in this specifications is available at
+<a href="http://www.w3.org/1999/06/REC-xml-stylesheet-19990629/errata">http://www.w3.org/TR/1999/xml-stylesheet-19990629/errata</a>.</p>
+
+<p>Comments on this specification may be sent to <<a href="mailto:www-xml-stylesheet-comments@w3.org">www-xml-stylesheet-comments@w3.org</a>>. The archive of public
+comments is available at <a href="http://www.w3.org/Archives/Public/www-xml-stylesheet-comments">http://w3.org/Archives/Public/www-xml-stylesheet-comments</a>.</p>
+
+<p>A list of current W3C Recommendations and other technical documents
+can be found at <a href="http://www.w3.org/TR">http://www.w3.org/TR</a>.</p>
+
+<p>The Working Group expects additional mechanisms for linking style
+sheets to XML document to be defined in a future specification.</p>
+
+<p>The use of XML processing instructions in this specification should
+not be taken as a precedent. The W3C does not anticipate recommending
+the use of processing instructions in any future specification. The
+<a href="#rationale">Rationale</a> explains why they were used in
+this specification.</p>
+
+<p>This document was produced as part of the <a href="http://www.w3.org/XML/Activity">W3C XML Activity</a>.</p>
+
+
+<h2>
+<a name="contents">Table of contents</a>
+</h2>1 <a href="#The xml-stylesheet processing instruction">The xml-stylesheet processing instruction</a>
+<br>
+<h3>Appendices</h3>A <a href="#References">References</a>
+<br>B <a href="#rationale">Rationale</a>
+<br>
+<hr>
+
+<h2>
+<a name="The xml-stylesheet processing instruction"></a>1 The <code>xml-stylesheet</code> processing instruction</h2>
+
+<p>Style Sheets can be associated with an XML<a href="#XML">[XML10]</a>
+document by using a processing instruction whose target is
+<code>xml-stylesheet</code>. This processing instruction follows the
+behaviour of the HTML 4.0 <code><LINK
+REL="stylesheet"></code><a href="#HTML">[HTML40]</a>.</p>
+
+<p>The <code>xml-stylesheet</code> processing instruction is parsed in
+the same way as a start-tag, with the exception that entities other
+than predefined entities must not be referenced.</p>
+
+<p>The following grammar is given using the same notation as the
+grammar in the XML Recommendation<a href="#XML">[XML10]</a>. Symbols in the
+grammar that are not defined here are defined in the XML
+Recommendation.</p>
+
+<h5>xml-stylesheet processing instruction</h5>
+<table class="scrap">
+<tbody>
+<tr valign="baseline">
+<td>
+<a name="NT-StyleSheetPI"></a>[1] </td>
+<td>StyleSheetPI</td>
+<td> ::= </td>
+<td>'<?xml-stylesheet' (<a href="http://www.w3.org/TR/REC-xml#NT-S">S</a> <a href="#NT-PseudoAtt">PseudoAtt</a>)* <a href="http://www.w3.org/TR/REC-xml#NT-S">S</a>? '?>'</td>
+<td>
+</td>
+</tr>
+<tr valign="baseline">
+<td>
+<a name="NT-PseudoAtt"></a>[2] </td>
+<td>PseudoAtt</td>
+<td> ::= </td>
+<td>
+<a href="http://www.w3.org/TR/REC-xml#NT-Name">Name</a> <a href="http://www.w3.org/TR/REC-xml#NT-S">S</a>? '=' <a href="http://www.w3.org/TR/REC-xml#NT-S">S</a>? <a href="#NT-PseudoAttValue">PseudoAttValue</a>
+</td>
+<td>
+</td>
+</tr>
+<tr valign="baseline">
+<td>
+<a name="NT-PseudoAttValue"></a>[3] </td>
+<td>PseudoAttValue</td>
+<td> ::= </td>
+<td>('"' ([^"<&] | <a href="http://www.w3.org/TR/REC-xml#NT-CharRef">CharRef</a> | <a href="#NT-PredefEntityRef">PredefEntityRef</a>)* '"'</td>
+<td>
+</td>
+</tr>
+<tr valign="baseline">
+<td>
+</td>
+<td>
+</td>
+<td>
+</td>
+<td>| "'" ([^'<&] | <a href="http://www.w3.org/TR/REC-xml#NT-CharRef">CharRef</a> | <a href="#NT-PredefEntityRef">PredefEntityRef</a>)* "'")</td>
+<td>
+</td>
+</tr>
+<tr valign="baseline">
+<td>
+</td>
+<td>
+</td>
+<td>
+</td>
+<td>- (<a href="http://www.w3.org/TR/REC-xml#NT-Char">Char</a>* '?>' <a href="http://www.w3.org/TR/REC-xml#NT-Char">Char</a>*)</td>
+<td>
+</td>
+</tr>
+<tr valign="baseline">
+<td>
+<a name="NT-PredefEntityRef"></a>[4] </td>
+<td>PredefEntityRef</td>
+<td> ::= </td>
+<td>'&amp;' | '&lt;' | '&gt;' | '&quot;' | '&apos;'</td>
+<td>
+</td>
+</tr>
+</tbody>
+</table>
+
+<p>In <a href="#NT-PseudoAttValue">PseudoAttValue</a>, a <a href="http://www.w3.org/TR/REC-xml#NT-CharRef">CharRef</a> or a <a href="#NT-PredefEntityRef">PredefEntityRef</a> is interpreted in the
+same manner as in a normal XML attribute value. The actual value of
+the pseudo-attribute is the value after each reference is replaced by
+the character it references. This replacement is not performed
+automatically by an XML processor.</p>
+
+<p>The <code>xml-stylesheet</code> processing instruction is allowed
+only in the prolog of an XML document. The syntax of XML constrains
+where processing instructions are allowed in the prolog; the
+<code>xml-stylesheet</code> processing instruction is allowed anywhere
+in the prolog that meets these constraints.</p>
+
+<blockquote>
+<b>NOTE: </b>If the <code>xml-stylesheet</code> processing instruction
+occurs in the external DTD subset or in a parameter entity, it is
+possible that it may not be processed by a non-validating XML
+processor (see <a href="#XML">[XML10]</a>).</blockquote>
+
+<p>The following pseudo attributes are defined</p>
+
+<pre>href CDATA #REQUIRED
+type CDATA #REQUIRED
+title CDATA #IMPLIED
+media CDATA #IMPLIED
+charset CDATA #IMPLIED
+alternate (yes|no) "no"</pre>
+
+<p>The semantics of the pseudo-attributes are exactly as with
+<code><LINK REL="stylesheet"></code> in HTML 4.0, with the
+exception of the <code>alternate</code> pseudo-attribute. If
+<code>alternate="yes"</code> is specified, then the processing
+instruction has the semantics of <code><LINK REL="alternate
+stylesheet"></code> instead of <code><LINK
+REL="stylesheet"></code>.</p>
+
+<blockquote>
+<b>NOTE: </b>Since the value of the <code>href</code> attribute is a URI
+reference, it may be a relative URI and it may contain a fragment
+identifier. In particular the URI reference may contain only a
+fragment identifier. Such a URI reference is a reference to a part of
+the document containing the <code>xml-stylesheet</code> processing
+instruction (see <a href="#RFC2396">[RFC2396]</a>). The consequence is that the
+<code>xml-stylesheet</code> processing instruction allows style sheets
+to be embedded in the same document as the <code>xml-stylesheet</code>
+processing instruction.</blockquote>
+
+<p>In some cases, style sheets may be linked with an XML document by
+means external to the document. For example, earlier versions of HTTP
+<a href="#RFC2068">[RFC2068]</a> (section 19.6.2.4) allowed style sheets to be
+associated with XML documents by means of the <code>Link</code>
+header. Any links to style sheets that are specified externally to the
+document are considered to occur before the links specified by the
+<code>xml-stylesheet</code> processing instructions. This is the same
+as in HTML 4.0 (see <a href="http://www.w3.org/TR/REC-html40/present/styles.html#h-14.6">section
+14.6</a>).</p>
+
+<p>Here are some examples from HTML 4.0 with the corresponding
+processing instruction:</p>
+
+<pre><LINK href="mystyle.css" rel="style sheet" type="text/css">
+<?xml-stylesheet href="mystyle.css" type="text/css"?>
+
+<LINK href="mystyle.css" title="Compact" rel="stylesheet"
+type="text/css">
+<?xml-stylesheet href="mystyle.css" title="Compact" type="text/css"?>
+
+<LINK href="mystyle.css" title="Medium" rel="alternate stylesheet"
+type="text/css">
+<?xml-stylesheet alternate="yes" href="mystyle.css" title="Medium"
+type="text/css"?></pre>
+
+<p>Multiple <code>xml-stylesheet</code> processing instructions are
+also allowed with exactly the same semantics as with <code>LINK
+REL="stylesheet"</code>. For example,</p>
+
+<pre><LINK rel="alternate stylesheet" title="compact" href="small-base.css"
+type="text/css">
+<LINK rel="alternate stylesheet" title="compact" href="small-extras.css"
+type="text/css">
+<LINK rel="alternate stylesheet" title="big print" href="bigprint.css"
+type="text/css">
+<LINK rel="stylesheet" href="common.css" type="text/css"></pre>
+
+<p>would be equivalent to:</p>
+
+<pre><?xml-stylesheet alternate="yes" title="compact" href="small-base.css"
+type="text/css"?>
+<?xml-stylesheet alternate="yes" title="compact" href="small-extras.css"
+type="text/css"?>
+<?xml-stylesheet alternate="yes" title="big print" href="bigprint.css"
+type="text/css"?>
+<?xml-stylesheet href="common.css" type="text/css"?></pre>
+
+
+
+<hr title="Separator from footer">
+
+<h2>
+<a name="References"></a>A References</h2>
+
+<dl>
+
+<dt>
+<a name="HTML">HTML40</a>
+</dt>
+<dd>World Wide Web
+Consortium. <i>HTML 4.0 Specification.</i> W3C Recommendation. See
+<a href="http://www.w3.org/TR/REC-html40">http://www.w3.org/TR/REC-html40</a>
+</dd>
+
+<dt>
+<a name="RFC2068">RFC2068</a>
+</dt>
+<dd>R. Fielding, J. Gettys, J. Mogul,
+H. Frystyk Nielsen, and T. Berners-Lee. <i>Hypertext Transfer
+Protocol -- HTTP/1.1.</i>. IETF RFC 2068. See <a href="http://www.ietf.org/rfc/rfc2068.txt">http://www.ietf.org/rfc/rfc2068.txt</a>.</dd>
+
+<dt>
+<a name="RFC2396">RFC2396</a>
+</dt>
+<dd>T. Berners-Lee, R. Fielding, and
+L. Masinter. <i>Uniform Resource Identifiers (URI): Generic
+Syntax</i>. IETF RFC 2396. See <a href="http://www.ietf.org/rfc/rfc2396.txt">http://www.ietf.org/rfc/rfc2396.txt</a>.</dd>
+
+<dt>
+<a name="XML">XML10</a>
+</dt>
+<dd>World Wide Web Consortium. <i>Extensible
+Markup Language (XML) 1.0.</i> W3C Recommendation. See <a href="http://www.w3.org/TR/1998/REC-xml-19980210">http://www.w3.org/TR/1998/REC-xml-19980210</a>
+</dd>
+
+</dl>
+
+
+
+
+<h2>
+<a name="rationale"></a>B Rationale</h2>
+
+<p>There was an urgent requirement for a specification for style sheet
+linking that could be completed in time for the next release from
+major browser vendors. Only by choosing a simple mechanism closely
+based on a proven existing mechanism could the specification be
+completed in time to meet this requirement.</p>
+
+<p>Use of a processing instruction avoids polluting the main document
+structure with application specific processing information.</p>
+
+<p>The mechanism chosen for this version of the specification is not a
+constraint on the additional mechanisms planned for future versions.
+There is no expectation that these will use processing instructions;
+indeed they may not include the linking information in the source
+document.</p>
+
+
+
+
+</body>
+</html>
diff --git a/samples/data/xmldsig-core-schema.xsd b/samples/data/xmldsig-core-schema.xsd
new file mode 100644
index 0000000..df126b3
--- /dev/null
+++ b/samples/data/xmldsig-core-schema.xsd
@@ -0,0 +1,318 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!DOCTYPE schema
+ PUBLIC "-//W3C//DTD XMLSchema 200102//EN" "http://www.w3.org/2001/XMLSchema.dtd"
+ [
+ <!ATTLIST schema
+ xmlns:ds CDATA #FIXED "http://www.w3.org/2000/09/xmldsig#">
+ <!ENTITY dsig 'http://www.w3.org/2000/09/xmldsig#'>
+ <!ENTITY % p ''>
+ <!ENTITY % s ''>
+ ]>
+
+<!-- Schema for XML Signatures
+ http://www.w3.org/2000/09/xmldsig#
+ $Revision: 1.1 $ on $Date: 2002/02/08 20:32:26 $ by $Author: reagle $
+
+ Copyright 2001 The Internet Society and W3C (Massachusetts Institute
+ of Technology, Institut National de Recherche en Informatique et en
+ Automatique, Keio University). All Rights Reserved.
+ http://www.w3.org/Consortium/Legal/
+
+ This document is governed by the W3C Software License [1] as described
+ in the FAQ [2].
+
+ [1] http://www.w3.org/Consortium/Legal/copyright-software-19980720
+ [2] http://www.w3.org/Consortium/Legal/IPR-FAQ-20000620.html#DTD
+-->
+
+
+<schema xmlns="http://www.w3.org/2001/XMLSchema"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ targetNamespace="http://www.w3.org/2000/09/xmldsig#"
+ version="0.1" elementFormDefault="qualified">
+
+<!-- Basic Types Defined for Signatures -->
+
+<simpleType name="CryptoBinary">
+ <restriction base="base64Binary">
+ </restriction>
+</simpleType>
+
+<!-- Start Signature -->
+
+<element name="Signature" type="ds:SignatureType"/>
+<complexType name="SignatureType">
+ <sequence>
+ <element ref="ds:SignedInfo"/>
+ <element ref="ds:SignatureValue"/>
+ <element ref="ds:KeyInfo" minOccurs="0"/>
+ <element ref="ds:Object" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureValue" type="ds:SignatureValueType"/>
+ <complexType name="SignatureValueType">
+ <simpleContent>
+ <extension base="base64Binary">
+ <attribute name="Id" type="ID" use="optional"/>
+ </extension>
+ </simpleContent>
+ </complexType>
+
+<!-- Start SignedInfo -->
+
+<element name="SignedInfo" type="ds:SignedInfoType"/>
+<complexType name="SignedInfoType">
+ <sequence>
+ <element ref="ds:CanonicalizationMethod"/>
+ <element ref="ds:SignatureMethod"/>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="CanonicalizationMethod" type="ds:CanonicalizationMethodType"/>
+ <complexType name="CanonicalizationMethodType" mixed="true">
+ <sequence>
+ <any namespace="##any" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+ <element name="SignatureMethod" type="ds:SignatureMethodType"/>
+ <complexType name="SignatureMethodType" mixed="true">
+ <sequence>
+ <element name="HMACOutputLength" minOccurs="0" type="ds:HMACOutputLengthType"/>
+ <any namespace="##other" minOccurs="0" maxOccurs="unbounded"/>
+ <!-- (0,unbounded) elements from (1,1) external namespace -->
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- Start Reference -->
+
+<element name="Reference" type="ds:ReferenceType"/>
+<complexType name="ReferenceType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ <element ref="ds:DigestMethod"/>
+ <element ref="ds:DigestValue"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="URI" type="anyURI" use="optional"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+</complexType>
+
+ <element name="Transforms" type="ds:TransformsType"/>
+ <complexType name="TransformsType">
+ <sequence>
+ <element ref="ds:Transform" maxOccurs="unbounded"/>
+ </sequence>
+ </complexType>
+
+ <element name="Transform" type="ds:TransformType"/>
+ <complexType name="TransformType" mixed="true">
+ <choice minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ <element name="XPath" type="string"/>
+ </choice>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+ </complexType>
+
+<!-- End Reference -->
+
+<element name="DigestMethod" type="ds:DigestMethodType"/>
+<complexType name="DigestMethodType" mixed="true">
+ <sequence>
+ <any namespace="##other" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Algorithm" type="anyURI" use="required"/>
+</complexType>
+
+<element name="DigestValue" type="ds:DigestValueType"/>
+<simpleType name="DigestValueType">
+ <restriction base="base64Binary"/>
+</simpleType>
+
+<!-- End SignedInfo -->
+
+<!-- Start KeyInfo -->
+
+<element name="KeyInfo" type="ds:KeyInfoType"/>
+<complexType name="KeyInfoType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <element ref="ds:KeyName"/>
+ <element ref="ds:KeyValue"/>
+ <element ref="ds:RetrievalMethod"/>
+ <element ref="ds:X509Data"/>
+ <element ref="ds:PGPData"/>
+ <element ref="ds:SPKIData"/>
+ <element ref="ds:MgmtData"/>
+ <any processContents="lax" namespace="##other"/>
+ <!-- (1,1) elements from (0,unbounded) namespaces -->
+ </choice>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="KeyName" type="string"/>
+ <element name="MgmtData" type="string"/>
+
+ <element name="KeyValue" type="ds:KeyValueType"/>
+ <complexType name="KeyValueType" mixed="true">
+ <choice>
+ <element ref="ds:DSAKeyValue"/>
+ <element ref="ds:RSAKeyValue"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </complexType>
+
+ <element name="RetrievalMethod" type="ds:RetrievalMethodType"/>
+ <complexType name="RetrievalMethodType">
+ <sequence>
+ <element ref="ds:Transforms" minOccurs="0"/>
+ </sequence>
+ <attribute name="URI" type="anyURI"/>
+ <attribute name="Type" type="anyURI" use="optional"/>
+ </complexType>
+
+<!-- Start X509Data -->
+
+<element name="X509Data" type="ds:X509DataType"/>
+<complexType name="X509DataType">
+ <sequence maxOccurs="unbounded">
+ <choice>
+ <element name="X509IssuerSerial" type="ds:X509IssuerSerialType"/>
+ <element name="X509SKI" type="base64Binary"/>
+ <element name="X509SubjectName" type="string"/>
+ <element name="X509Certificate" type="base64Binary"/>
+ <element name="X509CRL" type="base64Binary"/>
+ <any namespace="##other" processContents="lax"/>
+ </choice>
+ </sequence>
+</complexType>
+
+<complexType name="X509IssuerSerialType">
+ <sequence>
+ <element name="X509IssuerName" type="string"/>
+ <element name="X509SerialNumber" type="integer"/>
+ </sequence>
+</complexType>
+
+<!-- End X509Data -->
+
+<!-- Begin PGPData -->
+
+<element name="PGPData" type="ds:PGPDataType"/>
+<complexType name="PGPDataType">
+ <choice>
+ <sequence>
+ <element name="PGPKeyID" type="base64Binary"/>
+ <element name="PGPKeyPacket" type="base64Binary" minOccurs="0"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ <sequence>
+ <element name="PGPKeyPacket" type="base64Binary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </sequence>
+ </choice>
+</complexType>
+
+<!-- End PGPData -->
+
+<!-- Begin SPKIData -->
+
+<element name="SPKIData" type="ds:SPKIDataType"/>
+<complexType name="SPKIDataType">
+ <sequence maxOccurs="unbounded">
+ <element name="SPKISexp" type="base64Binary"/>
+ <any namespace="##other" processContents="lax" minOccurs="0"/>
+ </sequence>
+</complexType>
+
+<!-- End SPKIData -->
+
+<!-- End KeyInfo -->
+
+<!-- Start Object (Manifest, SignatureProperty) -->
+
+<element name="Object" type="ds:ObjectType"/>
+<complexType name="ObjectType" mixed="true">
+ <sequence minOccurs="0" maxOccurs="unbounded">
+ <any namespace="##any" processContents="lax"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+ <attribute name="MimeType" type="string" use="optional"/> <!-- add a grep facet -->
+ <attribute name="Encoding" type="anyURI" use="optional"/>
+</complexType>
+
+<element name="Manifest" type="ds:ManifestType"/>
+<complexType name="ManifestType">
+ <sequence>
+ <element ref="ds:Reference" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+<element name="SignatureProperties" type="ds:SignaturePropertiesType"/>
+<complexType name="SignaturePropertiesType">
+ <sequence>
+ <element ref="ds:SignatureProperty" maxOccurs="unbounded"/>
+ </sequence>
+ <attribute name="Id" type="ID" use="optional"/>
+</complexType>
+
+ <element name="SignatureProperty" type="ds:SignaturePropertyType"/>
+ <complexType name="SignaturePropertyType" mixed="true">
+ <choice maxOccurs="unbounded">
+ <any namespace="##other" processContents="lax"/>
+ <!-- (1,1) elements from (1,unbounded) namespaces -->
+ </choice>
+ <attribute name="Target" type="anyURI" use="required"/>
+ <attribute name="Id" type="ID" use="optional"/>
+ </complexType>
+
+<!-- End Object (Manifest, SignatureProperty) -->
+
+<!-- Start Algorithm Parameters -->
+
+<simpleType name="HMACOutputLengthType">
+ <restriction base="integer"/>
+</simpleType>
+
+<!-- Start KeyValue Element-types -->
+
+<element name="DSAKeyValue" type="ds:DSAKeyValueType"/>
+<complexType name="DSAKeyValueType">
+ <sequence>
+ <sequence minOccurs="0">
+ <element name="P" type="ds:CryptoBinary"/>
+ <element name="Q" type="ds:CryptoBinary"/>
+ </sequence>
+ <element name="G" type="ds:CryptoBinary" minOccurs="0"/>
+ <element name="Y" type="ds:CryptoBinary"/>
+ <element name="J" type="ds:CryptoBinary" minOccurs="0"/>
+ <sequence minOccurs="0">
+ <element name="Seed" type="ds:CryptoBinary"/>
+ <element name="PgenCounter" type="ds:CryptoBinary"/>
+ </sequence>
+ </sequence>
+</complexType>
+
+<element name="RSAKeyValue" type="ds:RSAKeyValueType"/>
+<complexType name="RSAKeyValueType">
+ <sequence>
+ <element name="Modulus" type="ds:CryptoBinary"/>
+ <element name="Exponent" type="ds:CryptoBinary"/>
+ </sequence>
+</complexType>
+
+<!-- End KeyValue Element-types -->
+
+<!-- End Signature -->
+
+</schema>
diff --git a/samples/javax/xml/crypto/dsig/samples/GenDetached.java b/samples/javax/xml/crypto/dsig/samples/GenDetached.java
new file mode 100644
index 0000000..42c2e2c
--- /dev/null
+++ b/samples/javax/xml/crypto/dsig/samples/GenDetached.java
@@ -0,0 +1,157 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package javax.xml.crypto.dsig.samples;
+
+import javax.xml.crypto.*;
+import javax.xml.crypto.dsig.*;
+import javax.xml.crypto.dom.*;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.keyinfo.*;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
+import java.security.*;
+import java.util.Collections;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.*;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import org.w3c.dom.Document;
+
+/**
+ * This is a simple example of generating a Detached XML
+ * Signature using the JSR 105 API. The resulting signature will look
+ * like (key and signature values will be different):
+ *
+ * <pre><code>
+ * <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ * <SignedInfo>
+ * <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315"/>
+ * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+ * <Reference URI="http://www.w3.org/TR/xml-stylesheet">
+ * <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ * <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>
+ * </Reference>
+ * </SignedInfo>
+ * <SignatureValue>
+ * DpEylhQoiUKBoKWmYfajXO7LZxiDYgVtUtCNyTgwZgoChzorA2nhkQ==
+ * </SignatureValue>
+ * <KeyInfo>
+ * <KeyValue>
+ * <DSAKeyValue>
+ * <P>
+ * rFto8uPQM6y34FLPmDh40BLJ1rVrC8VeRquuhPZ6jYNFkQuwxnu/wCvIAMhukPBL
+ * FET8bJf/b2ef+oqxZajEb+88zlZoyG8g/wMfDBHTxz+CnowLahnCCTYBp5kt7G8q
+ * UobJuvjylwj1st7V9Lsu03iXMXtbiriUjFa5gURasN8=
+ * </P>
+ * <Q>
+ * kEjAFpCe4lcUOdwphpzf+tBaUds=
+ * </Q>
+ * <G>
+ * oe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOWtKXeNK9FS7dWStreDxo2
+ * SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTELh98mEocsLXkNh24HcH4
+ * BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqw=
+ * </G>
+ * <Y>
+ * pA5NnZvcd574WRXuOA7ZfC/7Lqt4cB0MRLWtHubtJoVOao9ib5ry4rTk0r6ddnOv
+ * AIGKktutzK3ymvKleS3DOrwZQgJ+/BDWDW8kO9R66o6rdjiSobBi/0c2V1+dkqOg
+ * jFmKz395mvCOZGhC7fqAVhHat2EjGPMfgSZyABa7+1k=
+ * </Y>
+ * </DSAKeyValue>
+ * </KeyValue>
+ * </KeyInfo>
+ * </Signature>
+ * </code></pre>
+ */
+public class GenDetached {
+
+ //
+ // Synopsis: java GenDetached [output]
+ //
+ // where output is the name of the file that will contain the detached
+ // signature. If not specified, standard output is used.
+ //
+ public static void main(String[] args) throws Exception {
+
+ // First, create a DOM XMLSignatureFactory that will be used to
+ // generate the XMLSignature and marshal it to DOM.
+ String providerName = System.getProperty
+ ("jsr105Provider", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
+ XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",
+ (Provider) Class.forName(providerName).newInstance());
+
+ // Create a Reference to an external URI that will be digested
+ // using the SHA1 digest algorithm
+ Reference ref =
+ fac.newReference(
+ "http://www.w3.org/TR/xml-stylesheet",
+ fac.newDigestMethod(DigestMethod.SHA1, null)
+ );
+
+ // Create the SignedInfo
+ SignedInfo si = fac.newSignedInfo(
+ fac.newCanonicalizationMethod
+ (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
+ (C14NMethodParameterSpec) null),
+ fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
+ Collections.singletonList(ref));
+
+ // Create a DSA KeyPair
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
+ kpg.initialize(512);
+ KeyPair kp = kpg.generateKeyPair();
+
+ // Create a KeyValue containing the DSA PublicKey that was generated
+ KeyInfoFactory kif = fac.getKeyInfoFactory();
+ KeyValue kv = kif.newKeyValue(kp.getPublic());
+
+ // Create a KeyInfo and add the KeyValue to it
+ KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
+
+ // Create the XMLSignature (but don't sign it yet)
+ XMLSignature signature = fac.newXMLSignature(si, ki);
+
+ // Create the Document that will hold the resulting XMLSignature
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true); // must be set
+ Document doc = dbf.newDocumentBuilder().newDocument();
+
+ // Create a DOMSignContext and set the signing Key to the DSA
+ // PrivateKey and specify where the XMLSignature should be inserted
+ // in the target document (in this case, the document root)
+ DOMSignContext signContext = new DOMSignContext(kp.getPrivate(), doc);
+
+ // Marshal, generate (and sign) the detached XMLSignature. The DOM
+ // Document will contain the XML Signature if this method returns
+ // successfully.
+ signature.sign(signContext);
+
+ // output the resulting document
+ OutputStream os;
+ if (args.length > 0) {
+ os = new FileOutputStream(args[0]);
+ } else {
+ os = System.out;
+ }
+
+ TransformerFactory tf = TransformerFactory.newInstance();
+ Transformer trans = tf.newTransformer();
+ trans.transform(new DOMSource(doc), new StreamResult(os));
+ }
+}
diff --git a/samples/javax/xml/crypto/dsig/samples/GenEnveloped.java b/samples/javax/xml/crypto/dsig/samples/GenEnveloped.java
new file mode 100644
index 0000000..1c5b76e
--- /dev/null
+++ b/samples/javax/xml/crypto/dsig/samples/GenEnveloped.java
@@ -0,0 +1,167 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package javax.xml.crypto.dsig.samples;
+
+import javax.xml.crypto.*;
+import javax.xml.crypto.dsig.*;
+import javax.xml.crypto.dom.*;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.keyinfo.*;
+import javax.xml.crypto.dsig.spec.*;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
+import java.security.*;
+import java.util.Collections;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.*;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import org.w3c.dom.Document;
+
+/**
+ * This is a simple example of generating an Enveloped XML
+ * Signature using the JSR 105 API. The resulting signature will look
+ * like (key and signature values will be different):
+ *
+ * <pre><code>
+ *<Envelope xmlns="urn:envelope">
+ * <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ * <SignedInfo>
+ * <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n
+-20010315"/>
+ * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+ * <Reference URI="">
+ * <Transforms>
+ * <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/>
+ * </Transforms>
+ * <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ * <DigestValue>K8M/lPbKnuMDsO0Uzuj75lQtzQI=<DigestValue>
+ * </Reference>
+ * </SignedInfo>
+ * <SignatureValue>
+ * DpEylhQoiUKBoKWmYfajXO7LZxiDYgVtUtCNyTgwZgoChzorA2nhkQ==
+ * </SignatureValue>
+ * <KeyInfo>
+ * <KeyValue>
+ * <DSAKeyValue>
+ * <P>
+ * rFto8uPQM6y34FLPmDh40BLJ1rVrC8VeRquuhPZ6jYNFkQuwxnu/wCvIAMhukPBL
+ * FET8bJf/b2ef+oqxZajEb+88zlZoyG8g/wMfDBHTxz+CnowLahnCCTYBp5kt7G8q
+ * UobJuvjylwj1st7V9Lsu03iXMXtbiriUjFa5gURasN8=
+ * </P>
+ * <Q>
+ * kEjAFpCe4lcUOdwphpzf+tBaUds=
+ * </Q>
+ * <G>
+ * oe14R2OtyKx+s+60O5BRNMOYpIg2TU/f15N3bsDErKOWtKXeNK9FS7dWStreDxo2
+ * SSgOonqAd4FuJ/4uva7GgNL4ULIqY7E+mW5iwJ7n/WTELh98mEocsLXkNh24HcH4
+ * BZfSCTruuzmCyjdV1KSqX/Eux04HfCWYmdxN3SQ/qqw=
+ * </G>
+ * <Y>
+ * pA5NnZvcd574WRXuOA7ZfC/7Lqt4cB0MRLWtHubtJoVOao9ib5ry4rTk0r6ddnOv
+ * AIGKktutzK3ymvKleS3DOrwZQgJ+/BDWDW8kO9R66o6rdjiSobBi/0c2V1+dkqOg
+ * jFmKz395mvCOZGhC7fqAVhHat2EjGPMfgSZyABa7+1k=
+ * </Y>
+ * </DSAKeyValue>
+ * </KeyValue>
+ * </KeyInfo>
+ * </Signature>
+ *</Envelope>
+ * </code></pre>
+ */
+public class GenEnveloped {
+
+ //
+ // Synopsis: java GenEnveloped [document] [output]
+ //
+ // where "document" is the name of a file containing the XML document
+ // to be signed, and "output" is the name of the file to store the
+ // signed document. The 2nd argument is optional - if not specified,
+ // standard output will be used.
+ //
+ public static void main(String[] args) throws Exception {
+
+ // Create a DOM XMLSignatureFactory that will be used to generate the
+ // enveloped signature
+ String providerName = System.getProperty
+ ("jsr105Provider", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
+ XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",
+ (Provider) Class.forName(providerName).newInstance());
+
+ // Create a Reference to the enveloped document (in this case we are
+ // signing the whole document, so a URI of "" signifies that) and
+ // also specify the SHA1 digest algorithm and the ENVELOPED Transform.
+ Reference ref = fac.newReference
+ ("", fac.newDigestMethod(DigestMethod.SHA1, null),
+ Collections.singletonList
+ (fac.newTransform
+ (Transform.ENVELOPED, (TransformParameterSpec) null)),
+ null, null);
+
+ // Create the SignedInfo
+ SignedInfo si = fac.newSignedInfo
+ (fac.newCanonicalizationMethod
+ (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
+ (C14NMethodParameterSpec) null),
+ fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
+ Collections.singletonList(ref));
+
+ // Create a DSA KeyPair
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
+ kpg.initialize(512);
+ KeyPair kp = kpg.generateKeyPair();
+
+ // Create a KeyValue containing the DSA PublicKey that was generated
+ KeyInfoFactory kif = fac.getKeyInfoFactory();
+ KeyValue kv = kif.newKeyValue(kp.getPublic());
+
+ // Create a KeyInfo and add the KeyValue to it
+ KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
+
+ // Instantiate the document to be signed
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ Document doc =
+ dbf.newDocumentBuilder().parse(new FileInputStream(args[0]));
+
+ // Create a DOMSignContext and specify the DSA PrivateKey and
+ // location of the resulting XMLSignature's parent element
+ DOMSignContext dsc = new DOMSignContext
+ (kp.getPrivate(), doc.getDocumentElement());
+
+ // Create the XMLSignature (but don't sign it yet)
+ XMLSignature signature = fac.newXMLSignature(si, ki);
+
+ // Marshal, generate (and sign) the enveloped signature
+ signature.sign(dsc);
+
+ // output the resulting document
+ OutputStream os;
+ if (args.length > 1) {
+ os = new FileOutputStream(args[1]);
+ } else {
+ os = System.out;
+ }
+
+ TransformerFactory tf = TransformerFactory.newInstance();
+ Transformer trans = tf.newTransformer();
+ trans.transform(new DOMSource(doc), new StreamResult(os));
+ }
+}
diff --git a/samples/javax/xml/crypto/dsig/samples/GenEnveloping.java b/samples/javax/xml/crypto/dsig/samples/GenEnveloping.java
new file mode 100644
index 0000000..5289ffb
--- /dev/null
+++ b/samples/javax/xml/crypto/dsig/samples/GenEnveloping.java
@@ -0,0 +1,160 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package javax.xml.crypto.dsig.samples;
+
+import javax.xml.crypto.*;
+import javax.xml.crypto.dsig.*;
+import javax.xml.crypto.dom.*;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.keyinfo.*;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.OutputStream;
+import java.security.*;
+import java.util.Collections;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.*;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+
+/**
+ * This is a simple example of generating an Enveloping XML
+ * Signature using the JSR 105 API. The signature in this case references a
+ * local URI that points to an Object element.
+ * The resulting signature will look like (certificate and
+ * signature values will be different):
+ *
+ * <pre><code>
+ * <Signature xmlns="http://www.w3.org/2000/09/xmldsig#">
+ * <SignedInfo>
+ * <CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments"/>
+ * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1"/>
+ * <Reference URI="#object">
+ * <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
+ * <DigestValue>7/XTsHaBSOnJ/jXD5v0zL6VKYsk=</DigestValue>
+ * </Reference>
+ * </SignedInfo>
+ * <SignatureValue>
+ * RpMRbtMHLa0siSS+BwUpLIEmTfh/0fsld2JYQWZzCzfa5kBTz25+XA==
+ * </SignatureValue>
+ * <KeyInfo>
+ * <KeyValue>
+ * <DSAKeyValue>
+ * <P>
+ * /KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0Imbz
+ * RMqzVDZkVG9xD7nN1kuFw==
+ * </P>
+ * <Q>
+ * li7dzDacuo67Jg7mtqEm2TRuOMU=
+ * </Q>
+ * <G>
+ * Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMOH
+ * CBiNU0NogpsQW5QvnlMpA==
+ * </G>
+ * <Y>
+ * wbEUaCgHZXqK4qLvbdYrAc6+Do0XVcsziCJqxzn4cJJRxwc3E1xnEXHscVgr1Cql9
+ * i5fanOKQbFXzmb+bChqig==
+ * </Y>
+ * </DSAKeyValue>
+ * </KeyValue>
+ * </KeyInfo>
+ * <Object Id="object">some text</Object>
+ * </Signature>
+ *
+ * </code></pre>
+ */
+public class GenEnveloping {
+
+ //
+ // Synopis: java GenEnveloping [output]
+ //
+ // where "output" is the name of a file that will contain the
+ // generated signature. If not specified, standard ouput will be used.
+ //
+ public static void main(String[] args) throws Exception {
+
+ // First, create the DOM XMLSignatureFactory that will be used to
+ // generate the XMLSignature
+ String providerName = System.getProperty
+ ("jsr105Provider", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
+ XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",
+ (Provider) Class.forName(providerName).newInstance());
+
+ // Next, create a Reference to a same-document URI that is an Object
+ // element and specify the SHA1 digest algorithm
+ Reference ref = fac.newReference("#object",
+ fac.newDigestMethod(DigestMethod.SHA1, null));
+
+ // Next, create the referenced Object
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ Document doc = dbf.newDocumentBuilder().newDocument();
+ Node text = doc.createTextNode("some text");
+ XMLStructure content = new DOMStructure(text);
+ XMLObject obj = fac.newXMLObject
+ (Collections.singletonList(content), "object", null, null);
+
+ // Create the SignedInfo
+ SignedInfo si = fac.newSignedInfo(
+ fac.newCanonicalizationMethod
+ (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
+ (C14NMethodParameterSpec) null),
+ fac.newSignatureMethod(SignatureMethod.DSA_SHA1, null),
+ Collections.singletonList(ref));
+
+ // Create a DSA KeyPair
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
+ kpg.initialize(512);
+ KeyPair kp = kpg.generateKeyPair();
+
+ // Create a KeyValue containing the DSA PublicKey that was generated
+ KeyInfoFactory kif = fac.getKeyInfoFactory();
+ KeyValue kv = kif.newKeyValue(kp.getPublic());
+
+ // Create a KeyInfo and add the KeyValue to it
+ KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
+
+ // Create the XMLSignature (but don't sign it yet)
+ XMLSignature signature = fac.newXMLSignature(si, ki,
+ Collections.singletonList(obj), null, null);
+
+ // Create a DOMSignContext and specify the DSA PrivateKey for signing
+ // and the document location of the XMLSignature
+ DOMSignContext dsc = new DOMSignContext(kp.getPrivate(), doc);
+
+ // Lastly, generate the enveloping signature using the PrivateKey
+ signature.sign(dsc);
+
+ // output the resulting document
+ OutputStream os;
+ if (args.length > 0) {
+ os = new FileOutputStream(args[0]);
+ } else {
+ os = System.out;
+ }
+
+ TransformerFactory tf = TransformerFactory.newInstance();
+ Transformer trans = tf.newTransformer();
+ trans.transform(new DOMSource(doc), new StreamResult(os));
+ }
+}
diff --git a/samples/javax/xml/crypto/dsig/samples/Validate.java b/samples/javax/xml/crypto/dsig/samples/Validate.java
new file mode 100644
index 0000000..40d68ba
--- /dev/null
+++ b/samples/javax/xml/crypto/dsig/samples/Validate.java
@@ -0,0 +1,159 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package javax.xml.crypto.dsig.samples;
+
+import javax.xml.crypto.*;
+import javax.xml.crypto.dsig.*;
+import javax.xml.crypto.dom.*;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.dsig.keyinfo.*;
+import java.io.FileInputStream;
+import java.security.*;
+import java.util.Iterator;
+import java.util.List;
+import javax.xml.parsers.DocumentBuilderFactory;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+
+/**
+ * This is a simple example of validating an XML
+ * Signature using the JSR 105 API. It assumes the key needed to
+ * validate the signature is contained in a KeyValue KeyInfo.
+ */
+public class Validate {
+
+ //
+ // Synopsis: java Validate [document]
+ //
+ // where "document" is the name of a file containing the XML document
+ // to be validated.
+ //
+ public static void main(String[] args) throws Exception {
+
+ // Instantiate the document to be validated
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ Document doc =
+ dbf.newDocumentBuilder().parse(new FileInputStream(args[0]));
+
+ // Find Signature element
+ NodeList nl =
+ doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
+ if (nl.getLength() == 0) {
+ throw new Exception("Cannot find Signature element");
+ }
+
+ // Create a DOM XMLSignatureFactory that will be used to unmarshal the
+ // document containing the XMLSignature
+ String providerName = System.getProperty
+ ("jsr105Provider", "org.apache.jcp.xml.dsig.internal.dom.XMLDSigRI");
+ XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM",
+ (Provider) Class.forName(providerName).newInstance());
+
+ // Create a DOMValidateContext and specify a KeyValue KeySelector
+ // and document context
+ DOMValidateContext valContext = new DOMValidateContext
+ (new KeyValueKeySelector(), nl.item(0));
+
+ // unmarshal the XMLSignature
+ XMLSignature signature = fac.unmarshalXMLSignature(valContext);
+
+ // Validate the XMLSignature (generated above)
+ boolean coreValidity = signature.validate(valContext);
+
+ // Check core validation status
+ if (coreValidity == false) {
+ System.err.println("Signature failed core validation");
+ boolean sv = signature.getSignatureValue().validate(valContext);
+ System.out.println("signature validation status: " + sv);
+ // check the validation status of each Reference
+ Iterator i = signature.getSignedInfo().getReferences().iterator();
+ for (int j = 0; i.hasNext(); j++) {
+ boolean refValid =
+ ((Reference) i.next()).validate(valContext);
+ System.out.println("ref[" + j + "] validity status: " + refValid);
+ }
+ } else {
+ System.out.println("Signature passed core validation");
+ }
+ }
+
+ /**
+ * KeySelector which retrieves the public key out of the
+ * KeyValue element and returns it.
+ * NOTE: If the key algorithm doesn't match signature algorithm,
+ * then the public key will be ignored.
+ */
+ private static class KeyValueKeySelector extends KeySelector {
+ public KeySelectorResult select(KeyInfo keyInfo,
+ KeySelector.Purpose purpose,
+ AlgorithmMethod method,
+ XMLCryptoContext context)
+ throws KeySelectorException {
+ if (keyInfo == null) {
+ throw new KeySelectorException("Null KeyInfo object!");
+ }
+ SignatureMethod sm = (SignatureMethod) method;
+ List list = keyInfo.getContent();
+
+ for (int i = 0; i < list.size(); i++) {
+ XMLStructure xmlStructure = (XMLStructure) list.get(i);
+ if (xmlStructure instanceof KeyValue) {
+ PublicKey pk = null;
+ try {
+ pk = ((KeyValue)xmlStructure).getPublicKey();
+ } catch (KeyException ke) {
+ throw new KeySelectorException(ke);
+ }
+ // make sure algorithm is compatible with method
+ if (algEquals(sm.getAlgorithm(), pk.getAlgorithm())) {
+ return new SimpleKeySelectorResult(pk);
+ }
+ }
+ }
+ throw new KeySelectorException("No KeyValue element found!");
+ }
+
+ //@@@FIXME: this should also work for key types other than DSA/RSA
+ static boolean algEquals(String algURI, String algName) {
+ if (algName.equalsIgnoreCase("DSA") &&
+ algURI.equalsIgnoreCase(SignatureMethod.DSA_SHA1)) {
+ return true;
+ } else if (algName.equalsIgnoreCase("RSA") &&
+ algURI.equalsIgnoreCase(SignatureMethod.RSA_SHA1)) {
+ return true;
+ } else if (algName.equalsIgnoreCase("EC") &&
+ algURI.equalsIgnoreCase("http://www.w3.org/2001/04/xmldsig-more#ecdsa-sha256")) {
+ return true;
+ } else {
+ return false;
+ }
+ }
+ }
+
+ private static class SimpleKeySelectorResult implements KeySelectorResult {
+ private PublicKey pk;
+ SimpleKeySelectorResult(PublicKey pk) {
+ this.pk = pk;
+ }
+
+ public Key getKey() { return pk; }
+ }
+}
diff --git a/samples/javax/xml/crypto/dsig/samples/envelope.xml b/samples/javax/xml/crypto/dsig/samples/envelope.xml
new file mode 100644
index 0000000..d02d43c
--- /dev/null
+++ b/samples/javax/xml/crypto/dsig/samples/envelope.xml
@@ -0,0 +1,2 @@
+<Envelope xmlns="urn:envelope">
+</Envelope>
diff --git a/samples/javax/xml/crypto/dsig/samples/envelopedSignature.xml b/samples/javax/xml/crypto/dsig/samples/envelopedSignature.xml
new file mode 100644
index 0000000..9e204a3
--- /dev/null
+++ b/samples/javax/xml/crypto/dsig/samples/envelopedSignature.xml
@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<Envelope xmlns="urn:envelope">
+<Signature xmlns="http://www.w3.org/2000/09/xmldsig#"><SignedInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><CanonicalizationMethod Algorithm="http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments" xmlns="http://www.w3.org/2000/09/xmldsig#"/><SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#dsa-sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/><Reference URI="" xmlns="http://www.w3.org/2000/09/xmldsig#"><Transforms xmlns="http://www.w3.org/2000/09/xmldsig#"><Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" xmlns="http://www.w3.org/2000/09/xmldsig#"/></Transforms><DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" xmlns="http://www.w3.org/2000/09/xmldsig#"/><DigestValue xmlns="http://www.w3.org/2000/09/xmldsig#">uooqbWYa5VCqcJCbuymBKqm17vY=</DigestValue></Reference></SignedInfo><SignatureValue xmlns="http://www.w3.org/2000/09/xmldsig#">eO7K1BdC0kzNvr1HpMf4hKoWsvl+oI04nMw55GO+Z5hyI6By3Oihow==</SignatureValue><KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"><KeyValue xmlns="http://www.w3.org/2000/09/xmldsig#"><DSAKeyValue xmlns="http://www.w3.org/2000/09/xmldsig#"><P xmlns="http://www.w3.org/2000/09/xmldsig#">/KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQTxeEu0ImbzRMqzVDZkVG9
+xD7nN1kuFw==</P><Q xmlns="http://www.w3.org/2000/09/xmldsig#">li7dzDacuo67Jg7mtqEm2TRuOMU=</Q><G xmlns="http://www.w3.org/2000/09/xmldsig#">Z4Rxsnqc9E7pGknFFH2xqaryRPBaQ01khpMdLRQnG541Awtx/XPaF5Bpsy4pNWMOHCBiNU0Nogps
+QW5QvnlMpA==</G><Y xmlns="http://www.w3.org/2000/09/xmldsig#">OqFi0sGpvroi6Ut3m154QNWc6gavH3j2ZoRPDW7qVBbgk7XompuKvZe1owz0yvxq+1K+mWbL7ST+
+t5nr6UFBCg==</Y></DSAKeyValue></KeyValue></KeyInfo></Signature></Envelope>
\ No newline at end of file
diff --git a/samples/org/apache/xml/security/samples/AxisSigner.java b/samples/org/apache/xml/security/samples/AxisSigner.java
new file mode 100644
index 0000000..b439972
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/AxisSigner.java
@@ -0,0 +1,142 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+/**
+ * @author $Author$
+ */
+public class AxisSigner {
+
+ /** Field AXIS_SIGNATURE_FILENAME */
+ public static final String AXIS_SIGNATURE_FILENAME = "build/axisSignature.xml";
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String unused[]) throws Exception {
+
+ org.apache.xml.security.Init.init();
+
+ String keystoreType = "JKS";
+ String keystoreFile = "samples/data/keystore.jks";
+ String keystorePass = "xmlsecurity";
+ String privateKeyAlias = "test";
+ String privateKeyPass = "xmlsecurity";
+ String certificateAlias = "test";
+ File signatureFile = new File(AXIS_SIGNATURE_FILENAME);
+
+ KeyStore ks = KeyStore.getInstance(keystoreType);
+ FileInputStream fis = new FileInputStream(keystoreFile);
+
+ ks.load(fis, keystorePass.toCharArray());
+
+ PrivateKey privateKey =
+ (PrivateKey) ks.getKey(privateKeyAlias, privateKeyPass.toCharArray());
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.newDocument();
+
+ /*
+ * Start SOAP infrastructure code. This is to be made compatible with Axis.
+ *
+ */
+ String soapNS = "http://www.w3.org/2001/12/soap-envelope";
+ String SOAPSECNS = "http://schemas.xmlsoap.org/soap/security/2000-12";
+
+ Element envelopeElement = doc.createElementNS(soapNS, "env:Envelope");
+
+ envelopeElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:env", soapNS);
+ doc.appendChild(envelopeElement);
+
+ Element headerElem = doc.createElementNS(soapNS, "env:Header");
+ Element bodyElem = doc.createElementNS(soapNS, "env:Body");
+
+ envelopeElement.appendChild(doc.createTextNode("\n"));
+ envelopeElement.appendChild(headerElem);
+ envelopeElement.appendChild(doc.createTextNode("\n"));
+ envelopeElement.appendChild(bodyElem);
+ envelopeElement.appendChild(doc.createTextNode("\n"));
+ bodyElem.appendChild(
+ doc.createTextNode("This is signed together with it's Body ancestor")
+ );
+
+ bodyElem.setAttributeNS(SOAPSECNS, "SOAP-SEC:id", "Body");
+ bodyElem.setIdAttributeNS(SOAPSECNS, "id", true);
+
+ Element soapSignatureElem = doc.createElementNS(SOAPSECNS, "SOAP-SEC:Signature");
+
+ envelopeElement.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:SOAP-SEC", SOAPSECNS);
+ envelopeElement.setAttributeNS(null, "actor", "some-uri");
+ envelopeElement.setAttributeNS(null, "mustUnderstand", "1");
+ envelopeElement.appendChild(doc.createTextNode("\n"));
+ headerElem.appendChild(soapSignatureElem);
+
+ /*
+ *
+ * End SOAP infrastructure code. This is to be made compatible with Axis.
+ */
+ String BaseURI = signatureFile.toURI().toURL().toString();
+ XMLSignature sig = new XMLSignature(doc, BaseURI, XMLSignature.ALGO_ID_SIGNATURE_DSA);
+
+ soapSignatureElem.appendChild(sig.getElement());
+
+ {
+ sig.addDocument("#Body");
+ }
+
+ {
+ X509Certificate cert =
+ (X509Certificate) ks.getCertificate(certificateAlias);
+
+ sig.addKeyInfo(cert);
+ sig.addKeyInfo(cert.getPublicKey());
+ sig.sign(privateKey);
+ }
+
+ FileOutputStream f = new FileOutputStream(signatureFile);
+
+ XMLUtils.outputDOMc14nWithComments(doc, f);
+ f.close();
+ System.out.println("Wrote signature to " + BaseURI);
+
+ for (int i = 0; i < sig.getSignedInfo().getSignedContentLength(); i++) {
+ System.out.println("--- Signed Content follows ---");
+ System.out.println(new String(sig.getSignedInfo().getSignedContentItem(i)));
+ }
+ }
+}
diff --git a/samples/org/apache/xml/security/samples/AxisVerifier.java b/samples/org/apache/xml/security/samples/AxisVerifier.java
new file mode 100644
index 0000000..07fb3ce
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/AxisVerifier.java
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples;
+
+import java.io.File;
+import java.io.FileInputStream;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.utils.Constants;
+import org.w3c.dom.Element;
+
+/**
+ * @author $Author$
+ */
+public class AxisVerifier {
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String unused[]) throws Exception {
+
+ org.apache.xml.security.Init.init();
+
+ File signatureFile = new File(AxisSigner.AXIS_SIGNATURE_FILENAME);
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.parse(new FileInputStream(signatureFile));
+ String BaseURI = signatureFile.toURI().toURL().toString();
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ DSNamespaceContext context = new DSNamespaceContext();
+ xpath.setNamespaceContext(context);
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ expression = "//env:Body[1]";
+ context.putPrefix("env", "http://www.w3.org/2001/12/soap-envelope");
+ Element bodyElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+ bodyElement.setIdAttributeNS("http://schemas.xmlsoap.org/soap/security/2000-12", "id", true);
+
+ XMLSignature sig = new XMLSignature(sigElement, BaseURI);
+ boolean verify = sig.checkSignatureValue(sig.getKeyInfo().getPublicKey());
+
+ System.out.println("The signature is" + (verify ? " " : " not ") + "valid");
+
+ for (int i = 0; i < sig.getSignedInfo().getSignedContentLength(); i++) {
+ boolean thisOneWasSigned =
+ sig.getSignedInfo().getVerificationResult(i);
+
+ if (thisOneWasSigned) {
+ System.out.println("--- Signed Content follows ---");
+ System.out.println(new String(sig.getSignedInfo().getSignedContentItem(i)));
+ }
+ }
+
+ System.out.println("");
+ System.out.println("Prior transforms");
+ System.out.println(
+ new String(sig.getSignedInfo().getReferencedContentBeforeTransformsItem(0).getBytes())
+ );
+ }
+}
diff --git a/samples/org/apache/xml/security/samples/DSNamespaceContext.java b/samples/org/apache/xml/security/samples/DSNamespaceContext.java
new file mode 100644
index 0000000..45ccdae
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/DSNamespaceContext.java
@@ -0,0 +1,66 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples;
+
+import java.util.ArrayList;
+import java.util.HashMap;
+import java.util.Iterator;
+import java.util.Map;
+
+import javax.xml.namespace.NamespaceContext;
+
+/**
+ * A NamespaceContext implementation for digital signatures
+ */
+public class DSNamespaceContext implements NamespaceContext {
+
+ private Map<String, String> namespaceMap =
+ new HashMap<String, String>();
+
+ public DSNamespaceContext() {
+ namespaceMap.put("ds", "http://www.w3.org/2000/09/xmldsig#");
+ }
+
+ public DSNamespaceContext(Map<String, String> namespaces) {
+ this();
+ namespaceMap.putAll(namespaces);
+ }
+
+ public String getNamespaceURI(String arg0) {
+ return namespaceMap.get(arg0);
+ }
+
+ public void putPrefix(String prefix, String namespace) {
+ namespaceMap.put(prefix, namespace);
+ }
+
+ public String getPrefix(String arg0) {
+ for (String key : namespaceMap.keySet()) {
+ String value = namespaceMap.get(key);
+ if (value.equals(arg0)) {
+ return key;
+ }
+ }
+ return null;
+ }
+
+ public Iterator<String> getPrefixes(String arg0) {
+ return namespaceMap.keySet().iterator();
+ }
+}
diff --git a/samples/org/apache/xml/security/samples/MyResolver.java b/samples/org/apache/xml/security/samples/MyResolver.java
new file mode 100644
index 0000000..f8987bd
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/MyResolver.java
@@ -0,0 +1,56 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples;
+
+import java.io.ByteArrayInputStream;
+
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
+import org.w3c.dom.Attr;
+
+/**
+ * @author $Author$
+ */
+public class MyResolver extends ResourceResolverSpi {
+
+ /**
+ * Method engineResolve
+ * @inheritDoc
+ * @param uri
+ * @param BaseURI
+ *
+ */
+ public XMLSignatureInput engineResolve(Attr uri, String BaseURI) {
+ ByteArrayInputStream is =
+ new ByteArrayInputStream("string".getBytes());
+ return new XMLSignatureInput(is);
+ }
+
+ /**
+ * Method engineCanResolve
+ * @inheritDoc
+ * @param uri
+ * @param BaseURI
+ *
+ */
+ public boolean engineCanResolve(Attr uri, String BaseURI) {
+ return true;
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/SampleUtils.java b/samples/org/apache/xml/security/samples/SampleUtils.java
new file mode 100644
index 0000000..92256c9
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/SampleUtils.java
@@ -0,0 +1,49 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples;
+
+import org.apache.xml.security.utils.Constants;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+public class SampleUtils {
+
+ /**
+ * Method createDSctx
+ *
+ * @param doc
+ * @param prefix
+ * @param namespace
+ * @return the element.
+ */
+ public static Element createDSctx
+ (Document doc, String prefix, String namespace) {
+
+ if ((prefix == null) || (prefix.trim().length() == 0)) {
+ throw new IllegalArgumentException("You must supply a prefix");
+ }
+
+ Element ctx = doc.createElementNS(null, "namespaceContext");
+
+ ctx.setAttributeNS
+ (Constants.NamespaceSpecNS, "xmlns:" + prefix.trim(), namespace);
+
+ return ctx;
+ }
+}
diff --git a/samples/org/apache/xml/security/samples/algorithms/HMacSHA1RoundTrip.java b/samples/org/apache/xml/security/samples/algorithms/HMacSHA1RoundTrip.java
new file mode 100644
index 0000000..5b4d65a
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/algorithms/HMacSHA1RoundTrip.java
@@ -0,0 +1,158 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.algorithms;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.security.algorithms.SignatureAlgorithm;
+import org.apache.xml.security.utils.Base64;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Document;
+
+/**
+ *
+ * @author $Author$
+ */
+public class HMacSHA1RoundTrip {
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String unused[]) throws Exception {
+ String keystoreType = "JKS";
+ String keystoreFile = "samples/data/keystore.jks";
+ String keystorePass = "xmlsecurity";
+ String privateKeyAlias = "test";
+ String privateKeyPass = "xmlsecurity";
+ String certificateAlias = "test";
+ File signatureFile = new File("signature.xml");
+
+ KeyStore ks = KeyStore.getInstance(keystoreType);
+ FileInputStream fis = new FileInputStream(keystoreFile);
+
+ ks.load(fis, keystorePass.toCharArray());
+
+ PrivateKey privateKey =
+ (PrivateKey) ks.getKey(privateKeyAlias, privateKeyPass.toCharArray());
+ X509Certificate cert =
+ (X509Certificate) ks.getCertificate(certificateAlias);
+ PublicKey publicKey = cert.getPublicKey();
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ Document doc = db.newDocument();
+
+ SignatureAlgorithm sa =
+ new SignatureAlgorithm(doc, "http://www.w3.org/2000/09/xmldsig#dsa-sha1");
+
+ sa.initSign(privateKey);
+ sa.update("sdjhfkjashkjf".getBytes());
+
+ byte signatureValue[] = sa.sign();
+
+ System.out.println(Base64.encode(signatureValue));
+ doc.appendChild(sa.getElement());
+ XMLUtils.outputDOM(doc, System.out);
+ System.out.println("");
+ System.out.println("");
+
+ SignatureAlgorithm verifier =
+ new SignatureAlgorithm(doc.getDocumentElement(), "file:");
+
+ verifier.initVerify(publicKey);
+ verifier.update("sdjhfkjashkjf".getBytes());
+
+ boolean result = verifier.verify(signatureValue);
+
+ if (result) {
+ System.out.println("It verified");
+ } else {
+ System.out.println("It failed");
+ }
+ }
+
+ /**
+ * Method mainSha1
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void mainSha1(String unused[]) throws Exception {
+
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ Document doc = db.newDocument();
+
+ SignatureAlgorithm sa =
+ new SignatureAlgorithm(doc, "http://www.w3.org/2000/09/xmldsig#hmac-sha1", 33);
+
+ byte keybytes[] = "01234567890123456789".getBytes();
+ SecretKey sk = new SecretKeySpec(keybytes, sa.getJCEAlgorithmString());
+
+ sa.initSign(sk);
+ sa.update("sdjhfkjashkjf".getBytes());
+
+ byte signatureValue[] = sa.sign();
+
+ System.out.println(Base64.encode(signatureValue));
+ doc.appendChild(sa.getElement());
+ XMLUtils.outputDOM(doc, System.out);
+ System.out.println("");
+ System.out.println("");
+
+ javax.crypto.Mac a;
+ SignatureAlgorithm verifier =
+ new SignatureAlgorithm(doc.getDocumentElement(), "file:");
+ SecretKey pk =
+ new SecretKeySpec("01234567890123456789".getBytes(), verifier.getJCEAlgorithmString());
+
+ verifier.initVerify(pk);
+ verifier.update("sdjhfkjashkjf".getBytes());
+
+ boolean result = verifier.verify(signatureValue);
+
+ if (result) {
+ System.out.println("It verified");
+ } else {
+ System.out.println("It failed");
+ }
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/canonicalization/CanonByTransform.java b/samples/org/apache/xml/security/samples/canonicalization/CanonByTransform.java
new file mode 100644
index 0000000..6753050
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/canonicalization/CanonByTransform.java
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.canonicalization;
+
+import java.io.ByteArrayInputStream;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.transforms.Transforms;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+
+/**
+ * @author Christian Geuer-Pollmann
+ */
+public class CanonByTransform {
+ static String input = ""
+ + "<!DOCTYPE doc [<!ATTLIST e9 attr CDATA \"default\">]>\n"
+ + "<!-- Comment 2 --><doc><!-- comment inside -->\n"
+ + " <e1 />\n"
+ + " <e2 ></e2>\n"
+ + " <e3 name = \"elem3\" id=\"elem3\" />\n"
+ + " <e4 name=\"elem4\" id=\"elem4\" ></e4>\n"
+ + " <e5 a:attr=\"out\" b:attr=\"sorted\" attr2=\"all\" attr=\"I'm\"\n"
+ + " xmlns:b=\"http://www.ietf.org\"\n"
+ + " xmlns:a=\"http://www.w3.org\"\n"
+ + " xmlns=\"http://example.org\"/>\n"
+ + " <e6 xmlns=\"\" xmlns:a=\"http://www.w3.org\">\n"
+ + " <e7 xmlns=\"http://www.ietf.org\">\n"
+ + " <e8 xmlns=\"\" xmlns:a=\"http://www.w3.org\">\n"
+ + " <e9 xmlns=\"\" xmlns:a=\"http://www.ietf.org\"/>\n"
+ + " <text>©</text>\n"
+ + " </e8>\n"
+ + " </e7>\n"
+ + " </e6>\n"
+ + "</doc><!-- Comment 3 -->\n"
+ ;
+
+ /**
+ * Method main
+ *
+ * @param args
+ * @throws Exception
+ */
+ public static void main(String args[]) throws Exception {
+ org.apache.xml.security.Init.init();
+
+ DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
+
+ dfactory.setNamespaceAware(true);
+ dfactory.setValidating(true);
+
+ DocumentBuilder documentBuilder = dfactory.newDocumentBuilder();
+
+ // this is to throw away all validation warnings
+ documentBuilder.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
+
+ byte inputBytes[] = input.getBytes();
+ Document inputDoc =
+ documentBuilder.parse(new ByteArrayInputStream(inputBytes));
+
+ // after playing around, we have our document now
+ XMLSignatureInput signatureInput = new XMLSignatureInput((Node) inputDoc);
+ Document transformDoc = documentBuilder.newDocument();
+
+ Transforms c14nTrans = new Transforms(transformDoc);
+ transformDoc.appendChild(c14nTrans.getElement());
+ c14nTrans.addTransform("http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
+ XMLSignatureInput c14nResult = c14nTrans.performTransforms(signatureInput);
+ byte outputBytes[] = c14nResult.getBytes();
+
+ System.out.println(new String(outputBytes));
+ }
+}
diff --git a/samples/org/apache/xml/security/samples/canonicalization/CanonDirect.java b/samples/org/apache/xml/security/samples/canonicalization/CanonDirect.java
new file mode 100644
index 0000000..67b59dd
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/canonicalization/CanonDirect.java
@@ -0,0 +1,87 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.canonicalization;
+
+import java.io.ByteArrayInputStream;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.w3c.dom.Document;
+
+/**
+ *
+ *
+ * @author Christian Geuer-Pollmann
+ */
+public class CanonDirect {
+ static String input = ""
+ + "<!DOCTYPE doc [<!ATTLIST e9 attr CDATA \"default\">]>\n"
+ + "<!-- Comment 2 --><doc>\n"
+ + " <e1 />\n"
+ + " <e2 ></e2>\n"
+ + " <e3 name = \"elem3\" id=\"elem3\" />\n"
+ + " <e4 name=\"elem4\" id=\"elem4\" ></e4>\n"
+ + " <e5 a:attr=\"out\" b:attr=\"sorted\" attr2=\"all\" attr=\"I'm\"\n"
+ + " xmlns:b=\"http://www.ietf.org\"\n"
+ + " xmlns:a=\"http://www.w3.org\"\n"
+ + " xmlns=\"http://example.org\"/>\n"
+ + " <e6 xmlns=\"\" xmlns:a=\"http://www.w3.org\">\n"
+ + " <e7 xmlns=\"http://www.ietf.org\">\n"
+ + " <e8 xmlns=\"\" xmlns:a=\"http://www.w3.org\">\n"
+ + " <e9 xmlns=\"\" xmlns:a=\"http://www.ietf.org\"/>\n"
+ + " <text>©</text>\n"
+ + " </e8>\n"
+ + " </e7>\n"
+ + " </e6>\n"
+ + "</doc><!-- Comment 3 -->\n"
+ ;
+
+ /**
+ * Method main
+ *
+ * @param args
+ * @throws Exception
+ */
+ public static void main(String args[]) throws Exception {
+ org.apache.xml.security.Init.init();
+
+ DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
+
+ dfactory.setNamespaceAware(true);
+ dfactory.setValidating(true);
+
+ DocumentBuilder documentBuilder = dfactory.newDocumentBuilder();
+
+ // this is to throw away all validation warnings
+ documentBuilder.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
+
+ byte inputBytes[] = input.getBytes();
+ Document doc =
+ documentBuilder.parse(new ByteArrayInputStream(inputBytes));
+
+ // after playing around, we have our document now
+ Canonicalizer c14n = Canonicalizer.getInstance(
+ "http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments");
+ byte outputBytes[] = c14n.canonicalizeSubtree(doc);
+
+ System.out.println(new String(outputBytes));
+ }
+}
diff --git a/samples/org/apache/xml/security/samples/canonicalization/CanonSubTree.java b/samples/org/apache/xml/security/samples/canonicalization/CanonSubTree.java
new file mode 100644
index 0000000..498fea8
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/canonicalization/CanonSubTree.java
@@ -0,0 +1,104 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.canonicalization;
+
+import java.io.ByteArrayInputStream;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.samples.DSNamespaceContext;
+import org.apache.xml.security.samples.SampleUtils;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+/**
+ *
+ * @author Christian Geuer-Pollmann
+ */
+public class CanonSubTree {
+ static String input = ""
+ + "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+ + "<Signature xmlns=\"http://www.w3.org/2000/09/xmldsig#\">\n"
+ + " <SignedInfo><!-- comment inside -->\n"
+ + " <CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\" />\n"
+ + " <SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\" />\n"
+ + " <Reference URI=\"http://www.w3.org/TR/xml-stylesheet\">\n"
+ + " <DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\" />\n"
+ + " <DigestValue>60NvZvtdTB+7UnlLp/H24p7h4bs=</DigestValue>\n"
+ + " </Reference>\n"
+ + " </SignedInfo>\n"
+ + " <SignatureValue>\n"
+ + " fKMmy9GYF2s8rLFrZdVugTOFuWx19ccX7jh5HqFd4vMOY7LWAj52ykjSdvtW3fNY\n"
+ + " PPYGC4MFL19oPSId5GEsMtFMpGXB3XaCtoKjMCHQsN3+kom8YnGf7Ge1JNRcGty5\n"
+ + " 0UsoP6Asj47+QR7QECT64uoziha4WRDVyXjDrg24W+U=\n"
+ + " </SignatureValue>\n"
+ + " <KeyInfo>\n"
+ + " <KeyName>Lugh</KeyName>\n"
+ + " </KeyInfo>\n"
+ + "</Signature>\n"
+ ;
+
+ /**
+ * Method main
+ *
+ * @param args
+ * @throws Exception
+ */
+ public static void main(String args[]) throws Exception {
+ org.apache.xml.security.Init.init();
+
+ DocumentBuilderFactory dfactory = DocumentBuilderFactory.newInstance();
+
+ dfactory.setNamespaceAware(true);
+ dfactory.setValidating(true);
+
+ DocumentBuilder documentBuilder = dfactory.newDocumentBuilder();
+
+ // this is to throw away all validation warnings
+ documentBuilder.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
+
+ byte inputBytes[] = input.getBytes();
+ Document doc =
+ documentBuilder.parse(new ByteArrayInputStream(inputBytes));
+ Canonicalizer c14n =
+ Canonicalizer
+ .getInstance("http://www.w3.org/TR/2001/REC-xml-c14n-20010315");
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:SignedInfo[1]";
+ Element signedInfo =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+ byte outputBytes[] = c14n.canonicalizeSubtree(signedInfo);
+
+ if (outputBytes != null) {
+ System.out.println(new String(outputBytes));
+ }
+ }
+}
diff --git a/samples/org/apache/xml/security/samples/encryption/Decrypter.java b/samples/org/apache/xml/security/samples/encryption/Decrypter.java
new file mode 100755
index 0000000..262e264
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/encryption/Decrypter.java
@@ -0,0 +1,139 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.encryption;
+
+import java.io.File;
+import java.io.FileOutputStream;
+
+import java.security.Key;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.DESedeKeySpec;
+
+import org.apache.xml.security.encryption.XMLCipher;
+import org.apache.xml.security.utils.JavaUtils;
+import org.apache.xml.security.utils.EncryptionConstants;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.transform.OutputKeys;
+
+/**
+ * This sample demonstrates how to decrypt data inside an xml document.
+ *
+ * @author Vishal Mahajan (Sun Microsystems)
+ */
+public class Decrypter {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(
+ Decrypter.class.getName());
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ private static Document loadEncryptionDocument() throws Exception {
+ String fileName = "build/encryptedInfo.xml";
+ File encryptionFile = new File(fileName);
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ Document document = db.parse(encryptionFile);
+ System.out.println(
+ "Encryption document loaded from " + encryptionFile.toURI().toURL().toString()
+ );
+ return document;
+ }
+
+ private static SecretKey loadKeyEncryptionKey() throws Exception {
+ String fileName = "build/kek";
+ String jceAlgorithmName = "DESede";
+
+ File kekFile = new File(fileName);
+
+ DESedeKeySpec keySpec =
+ new DESedeKeySpec(JavaUtils.getBytesFromFile(fileName));
+ SecretKeyFactory skf =
+ SecretKeyFactory.getInstance(jceAlgorithmName);
+ SecretKey key = skf.generateSecret(keySpec);
+
+ System.out.println(
+ "Key encryption key loaded from " + kekFile.toURI().toURL().toString()
+ );
+ return key;
+ }
+
+ private static void outputDocToFile(Document doc, String fileName) throws Exception {
+ File encryptionFile = new File(fileName);
+ FileOutputStream f = new FileOutputStream(encryptionFile);
+
+ TransformerFactory factory = TransformerFactory.newInstance();
+ Transformer transformer = factory.newTransformer();
+ transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+ DOMSource source = new DOMSource(doc);
+ StreamResult result = new StreamResult(f);
+ transformer.transform(source, result);
+
+ f.close();
+ System.out.println(
+ "Wrote document containing decrypted data to " + encryptionFile.toURI().toURL().toString()
+ );
+ }
+
+ public static void main(String unused[]) throws Exception {
+ Document document = loadEncryptionDocument();
+
+ Element encryptedDataElement =
+ (Element) document.getElementsByTagNameNS(
+ EncryptionConstants.EncryptionSpecNS,
+ EncryptionConstants._TAG_ENCRYPTEDDATA).item(0);
+
+ /*
+ * Load the key to be used for decrypting the xml data
+ * encryption key.
+ */
+ Key kek = loadKeyEncryptionKey();
+
+ String providerName = "BC";
+
+ XMLCipher xmlCipher =
+ XMLCipher.getInstance();
+ /*
+ * The key to be used for decrypting xml data would be obtained
+ * from the keyinfo of the EncrypteData using the kek.
+ */
+ xmlCipher.init(XMLCipher.DECRYPT_MODE, null);
+ xmlCipher.setKEK(kek);
+ /*
+ * The following doFinal call replaces the encrypted data with
+ * decrypted contents in the document.
+ */
+ xmlCipher.doFinal(document, encryptedDataElement);
+
+ outputDocToFile(document, "build/decryptedInfo.xml");
+ }
+}
diff --git a/samples/org/apache/xml/security/samples/encryption/Encrypter.java b/samples/org/apache/xml/security/samples/encryption/Encrypter.java
new file mode 100755
index 0000000..893d32d
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/encryption/Encrypter.java
@@ -0,0 +1,193 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.encryption;
+
+import java.io.File;
+import java.io.FileOutputStream;
+
+import java.security.Key;
+
+import javax.crypto.SecretKey;
+import javax.crypto.KeyGenerator;
+
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.encryption.XMLCipher;
+import org.apache.xml.security.encryption.EncryptedData;
+import org.apache.xml.security.encryption.EncryptedKey;
+import org.apache.xml.security.utils.Constants;
+
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.transform.OutputKeys;
+
+/**
+ * This sample demonstrates how to encrypt data inside an xml document.
+ *
+ * @author Vishal Mahajan (Sun Microsystems)
+ */
+public class Encrypter {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(
+ Encrypter.class.getName());
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ private static Document createSampleDocument() throws Exception {
+
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+ dbf.setNamespaceAware(true);
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ Document document = db.newDocument();
+
+ /**
+ * Build a sample document. It will look something like:
+ *
+ * <apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1">
+ * <apache:foo>Some simple text</apache:foo>
+ * </apache:RootElement>
+ */
+ Element root =
+ document.createElementNS("http://www.apache.org/ns/#app1", "apache:RootElement");
+ root.setAttributeNS(
+ Constants.NamespaceSpecNS, "xmlns:apache", "http://www.apache.org/ns/#app1"
+ );
+ document.appendChild(root);
+
+ root.appendChild(document.createTextNode("\n"));
+
+ Element childElement =
+ document.createElementNS("http://www.apache.org/ns/#app1", "apache:foo");
+ childElement.appendChild(
+ document.createTextNode("Some simple text"));
+ root.appendChild(childElement);
+
+ root.appendChild(document.createTextNode("\n"));
+
+ return document;
+ }
+
+ private static SecretKey GenerateAndStoreKeyEncryptionKey() throws Exception {
+ String jceAlgorithmName = "DESede";
+ KeyGenerator keyGenerator =
+ KeyGenerator.getInstance(jceAlgorithmName);
+ SecretKey kek = keyGenerator.generateKey();
+
+ byte[] keyBytes = kek.getEncoded();
+ File kekFile = new File("build/kek");
+ FileOutputStream f = new FileOutputStream(kekFile);
+ f.write(keyBytes);
+ f.close();
+ System.out.println("Key encryption key stored in " + kekFile.toURI().toURL().toString());
+
+ return kek;
+ }
+
+ private static SecretKey GenerateDataEncryptionKey() throws Exception {
+ String jceAlgorithmName = "AES";
+ KeyGenerator keyGenerator =
+ KeyGenerator.getInstance(jceAlgorithmName);
+ keyGenerator.init(128);
+ return keyGenerator.generateKey();
+ }
+
+ private static void outputDocToFile(Document doc, String fileName) throws Exception {
+ File encryptionFile = new File(fileName);
+ FileOutputStream f = new FileOutputStream(encryptionFile);
+
+ TransformerFactory factory = TransformerFactory.newInstance();
+ Transformer transformer = factory.newTransformer();
+ transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+ DOMSource source = new DOMSource(doc);
+ StreamResult result = new StreamResult(f);
+ transformer.transform(source, result);
+
+ f.close();
+ System.out.println(
+ "Wrote document containing encrypted data to " + encryptionFile.toURI().toURL().toString()
+ );
+ }
+
+ public static void main(String unused[]) throws Exception {
+
+ Document document = createSampleDocument();
+
+ /*
+ * Get a key to be used for encrypting the element.
+ * Here we are generating an AES key.
+ */
+ Key symmetricKey = GenerateDataEncryptionKey();
+
+ /*
+ * Get a key to be used for encrypting the symmetric key.
+ * Here we are generating a DESede key.
+ */
+ Key kek = GenerateAndStoreKeyEncryptionKey();
+
+ String algorithmURI = XMLCipher.TRIPLEDES_KeyWrap;
+
+ XMLCipher keyCipher =
+ XMLCipher.getInstance(algorithmURI);
+ keyCipher.init(XMLCipher.WRAP_MODE, kek);
+ EncryptedKey encryptedKey =
+ keyCipher.encryptKey(document, symmetricKey);
+
+ /*
+ * Let us encrypt the contents of the document element.
+ */
+ Element rootElement = document.getDocumentElement();
+
+ algorithmURI = XMLCipher.AES_128;
+
+ XMLCipher xmlCipher =
+ XMLCipher.getInstance(algorithmURI);
+ xmlCipher.init(XMLCipher.ENCRYPT_MODE, symmetricKey);
+
+ /*
+ * Setting keyinfo inside the encrypted data being prepared.
+ */
+ EncryptedData encryptedData = xmlCipher.getEncryptedData();
+ KeyInfo keyInfo = new KeyInfo(document);
+ keyInfo.add(encryptedKey);
+ encryptedData.setKeyInfo(keyInfo);
+
+ /*
+ * doFinal -
+ * "true" below indicates that we want to encrypt element's content
+ * and not the element itself. Also, the doFinal method would
+ * modify the document by replacing the EncrypteData element
+ * for the data to be encrypted.
+ */
+ xmlCipher.doFinal(document, rootElement, true);
+
+ /*
+ * Output the document containing the encrypted information into
+ * a file.
+ */
+ outputDocToFile(document, "build/encryptedInfo.xml");
+ }
+}
diff --git a/samples/org/apache/xml/security/samples/iaik/IAIKInterOp.java b/samples/org/apache/xml/security/samples/iaik/IAIKInterOp.java
new file mode 100644
index 0000000..c1e6ad3
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/iaik/IAIKInterOp.java
@@ -0,0 +1,206 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.iaik;
+
+import java.io.File;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.samples.DSNamespaceContext;
+import org.apache.xml.security.samples.SampleUtils;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
+import org.apache.xml.security.utils.resolver.implementations.ResolverAnonymous;
+import org.w3c.dom.Element;
+
+/**
+ * @author $Author$
+ */
+public class IAIKInterOp {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(IAIKInterOp.class);
+
+ /** Field schemaValidate */
+ static final boolean schemaValidate = false;
+
+ /** Field signatureSchemaFile */
+ static final String signatureSchemaFile = "samples/data/xmldsig-core-schema.xsd";
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ */
+ public static void main(String unused[]) {
+
+ if (schemaValidate) {
+ System.out.println("We do schema-validation");
+ } else {
+ System.out.println("We do not schema-validation");
+ }
+
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ if (IAIKInterOp.schemaValidate) {
+ dbf.setAttribute("http://apache.org/xml/features/validation/schema", Boolean.TRUE);
+ dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansion", Boolean.TRUE);
+ dbf.setValidating(true);
+ dbf.setAttribute("http://xml.org/sax/features/validation", Boolean.TRUE);
+ dbf.setAttribute("http://apache.org/xml/properties/schema/external-schemaLocation",
+ Constants.SignatureSpecNS + " " + IAIKInterOp.signatureSchemaFile);
+ }
+
+ dbf.setNamespaceAware(true);
+ dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
+
+ String gregorsDir = "samples/data/at/iaik/ixsil/";
+ String filenames[] = {
+ gregorsDir + "signatureAlgorithms/signatures/hMACSignature.xml"
+ ,gregorsDir + "signatureAlgorithms/signatures/hMACShortSignature.xml"
+ ,gregorsDir + "signatureAlgorithms/signatures/dSASignature.xml"
+ ,gregorsDir + "signatureAlgorithms/signatures/rSASignature.xml"
+ ,gregorsDir + "transforms/signatures/base64DecodeSignature.xml"
+ ,gregorsDir + "transforms/signatures/c14nSignature.xml"
+ ,gregorsDir + "coreFeatures/signatures/manifestSignature.xml"
+ ,gregorsDir + "transforms/signatures/xPathSignature.xml"
+ ,gregorsDir + "coreFeatures/signatures/signatureTypesSignature.xml"
+ ,gregorsDir + "transforms/signatures/envelopedSignatureSignature.xml"
+ };
+ verifyAnonymous(gregorsDir, dbf);
+
+ for (int i = 0; i < 2; i++) {
+ String signatureFileName = filenames[i];
+
+ try {
+ org.apache.xml.security.samples.signature
+ .VerifyMerlinsExamplesFifteen.verifyHMAC(dbf, signatureFileName);
+ } catch (Exception ex) {
+ System.out.println("The XML signature in file "
+ + signatureFileName + " crashed the application (bad)");
+ ex.printStackTrace();
+ System.out.println();
+ }
+ }
+
+ for (int i = 2; i < filenames.length; i++) {
+ String signatureFileName = filenames[i];
+
+ try {
+ org.apache.xml.security.samples.signature
+ .VerifyMerlinsExamplesSixteen.verify(dbf, signatureFileName);
+ } catch (Exception ex) {
+ System.out.println("The XML signature in file "
+ + signatureFileName + " crashed the application (bad)");
+ ex.printStackTrace();
+ System.out.println();
+ }
+ }
+
+ for (int i = 2; i < filenames.length; i++) {
+ String signatureFileName = filenames[i];
+
+ try {
+ org.apache.xml.security.samples.signature
+ .VerifyMerlinsExamplesTwentyThree.verify(dbf, signatureFileName);
+ } catch (Exception ex) {
+ System.out.println("The XML signature in file "
+ + signatureFileName + " crashed the application (bad)");
+ ex.printStackTrace();
+ System.out.println();
+ }
+ }
+ }
+
+ public static void verifyAnonymous(String gregorsDir, DocumentBuilderFactory dbf) {
+ String filename =
+ gregorsDir + "coreFeatures/signatures/anonymousReferenceSignature.xml";
+ try {
+ String anonymousRef =
+ gregorsDir + "coreFeatures/samples/anonymousReferenceContent.xml";
+ ResourceResolverSpi resolver = new ResolverAnonymous(anonymousRef);
+ File f = new File(filename);
+
+ System.out.println("Try to verify " + f.toURI().toURL().toString());
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.parse(new java.io.FileInputStream(f));
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ XMLSignature signature = new XMLSignature(sigElement, f.toURI().toURL().toString());
+
+ signature.setFollowNestedManifests(false);
+ signature.addResourceResolver(resolver);
+
+ KeyInfo ki = signature.getKeyInfo();
+
+ if (ki != null) {
+ X509Certificate cert = signature.getKeyInfo().getX509Certificate();
+
+ if (cert != null) {
+ System.out.println(
+ "The XML signature in file " + f.toURI().toURL().toString() + " is "
+ + (signature.checkSignatureValue(cert) ? "valid (good)"
+ : "invalid !!!!! (bad)")
+ );
+ } else {
+ PublicKey pk = signature.getKeyInfo().getPublicKey();
+
+ if (pk != null) {
+ System.out.println(
+ "The XML signature in file " + f.toURI().toURL().toString() + " is "
+ + (signature.checkSignatureValue(pk) ? "valid (good)"
+ : "invalid !!!!! (bad)")
+ );
+ } else {
+ System.out.println("Did not find a public key, so I can't check the signature");
+ }
+ }
+ } else {
+ System.out.println("Did not find a KeyInfo");
+ }
+ } catch (Exception ex) {
+ System.out.println("The XML signature in file "
+ + filename + " crashed the application (bad)");
+ ex.printStackTrace();
+ System.out.println();
+ }
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/keys/CreateKeyInfo.java b/samples/org/apache/xml/security/samples/keys/CreateKeyInfo.java
new file mode 100644
index 0000000..f295a0f
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/keys/CreateKeyInfo.java
@@ -0,0 +1,80 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.keys;
+
+import java.io.FileInputStream;
+import java.math.BigInteger;
+import java.security.KeyStore;
+import java.security.cert.X509Certificate;
+
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.keys.content.X509Data;
+import org.apache.xml.security.keys.content.keyvalues.RSAKeyValue;
+import org.apache.xml.security.utils.XMLUtils;
+
+/**
+ * Class CreateKeyInfo
+ *
+ * @author $Author$
+ * @version $Revision$
+ */
+public class CreateKeyInfo {
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String unused[]) throws Exception {
+
+ KeyStore ks = KeyStore.getInstance("JKS");
+ FileInputStream fis = new FileInputStream(
+ "samples/data/keystore.jks");
+
+ ks.load(fis, "xmlsecurity".toCharArray());
+
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.newDocument();
+ KeyInfo ki = new KeyInfo(doc);
+
+ doc.appendChild(ki.getElement());
+ ki.setId("myKI");
+ ki.addKeyName("A simple key");
+
+ X509Certificate cert = (X509Certificate) ks.getCertificate("test");
+
+ ki.addKeyValue(cert.getPublicKey());
+
+ X509Data x509Data = new X509Data(doc);
+
+ ki.add(x509Data);
+ x509Data.addCertificate(cert);
+ x509Data.addSubjectName("Subject name");
+ x509Data.addIssuerSerial("Subject nfsdfhs", 6786);
+ ki.add(new RSAKeyValue(doc, new BigInteger("678"), new BigInteger("6870")));
+ XMLUtils.outputDOMc14nWithComments(doc, System.out);
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/CreateCollectableSignature.java b/samples/org/apache/xml/security/samples/signature/CreateCollectableSignature.java
new file mode 100644
index 0000000..f160771
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/CreateCollectableSignature.java
@@ -0,0 +1,150 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+import java.io.File;
+import java.io.FileOutputStream;
+
+import org.apache.xml.security.keys.content.KeyName;
+import org.apache.xml.security.signature.SignedInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.transforms.params.XPathContainer;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+/**
+ * These ones can be used to create Signatures which can be collected
+ * using your text editors cut-and-paste feature to create a file wich
+ * contains multiple signatures which remain valid after cut-and-paste.
+ *
+ * This program creates a Signature which can be used for cut-and-paste to be
+ * put into a larger document.
+ *
+ * @author $Author$
+ */
+public class CreateCollectableSignature {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(CreateCollectableSignature.class);
+
+ /** Field passphrase */
+ public static final String passphrase =
+ "The super-mega-secret public static passphrase";
+
+ static {
+ org.apache.xml.security.Init.init();
+
+ // org.apache.xml.security.utils.Constants.setSignatureSpecNSprefix("");
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String unused[]) throws Exception {
+ File signatureFile = new File("build/collectableSignature.xml");
+ String BaseURI = signatureFile.toURI().toURL().toString();
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.newDocument();
+ Element rootElement = doc.createElementNS(null, "root");
+
+ doc.appendChild(rootElement);
+
+ Element signedResourceElement = doc.createElementNS(null, "signedContent");
+
+ signedResourceElement.appendChild(doc.createTextNode("Signed Text\n"));
+ rootElement.appendChild(signedResourceElement);
+
+ XMLSignature sig =
+ new XMLSignature(doc, BaseURI, XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+
+ signedResourceElement.appendChild(sig.getElement());
+
+ {
+ String rootnamespace = signedResourceElement.getNamespaceURI();
+ boolean rootprefixed = (rootnamespace != null) && (rootnamespace.length() > 0);
+ String rootlocalname = signedResourceElement.getNodeName();
+ Transforms transforms = new Transforms(doc);
+ XPathContainer xpath = new XPathContainer(doc);
+
+ xpath.setXPathNamespaceContext("ds", Constants.SignatureSpecNS);
+
+ if (rootprefixed) {
+ xpath.setXPathNamespaceContext("root", rootnamespace);
+ }
+
+ String xpathStr = "\n"
+ + "count( " + "\n"
+ + " ancestor-or-self::" + (rootprefixed ? "root:" : "") + rootlocalname + "" + "\n"
+ + " | " + "\n"
+ + " here()/ancestor::" + (rootprefixed ? "root:" : "") + rootlocalname + "[1] " + "\n"
+ + ") <= count( " + "\n"
+ + " ancestor-or-self::" + (rootprefixed ? "root:" : "") + rootlocalname + "" + "\n"
+ + ") " + "\n"
+ + " and " + "\n"
+ + "count( " + "\n"
+ + " ancestor-or-self::ds:Signature " + "\n"
+ + " | " + "\n"
+ + " here()/ancestor::ds:Signature[1] " + "\n"
+ + ") > count( " + "\n"
+ + " ancestor-or-self::ds:Signature " + "\n"
+ + ") " + "\n"
+
+
+
+ ;
+ xpath.setXPath(xpathStr);
+ transforms.addTransform(Transforms.TRANSFORM_XPATH,
+ xpath.getElementPlusReturns());
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ sig.getKeyInfo().add(new KeyName(doc, CreateCollectableSignature.passphrase));
+ System.out.println("Start signing");
+ sig.sign(sig.createSecretKey(CreateCollectableSignature.passphrase.getBytes()));
+ System.out.println("Finished signing");
+ }
+
+ FileOutputStream f = new FileOutputStream(signatureFile);
+
+ XMLUtils.outputDOMc14nWithComments(doc, f);
+ f.close();
+ System.out.println("Wrote signature to " + BaseURI);
+
+ SignedInfo s = sig.getSignedInfo();
+
+ for (int i = 0; i < s.getSignedContentLength(); i++) {
+ System.out.println("################ Signed Resource " + i
+ + " ################");
+ System.out.println(new String(s.getSignedContentItem(i)));
+ System.out.println();
+ }
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/CreateEnvelopingSignature.java b/samples/org/apache/xml/security/samples/signature/CreateEnvelopingSignature.java
new file mode 100644
index 0000000..ab15d71
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/CreateEnvelopingSignature.java
@@ -0,0 +1,123 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import org.apache.xml.security.signature.ObjectContainer;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+/**
+ * @author $Author$
+ */
+public class CreateEnvelopingSignature {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(CreateSignature.class);
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String unused[]) throws Exception {
+ String keystoreType = "JKS";
+ String keystoreFile = "samples/data/keystore.jks";
+ String keystorePass = "xmlsecurity";
+ String privateKeyAlias = "test";
+ String privateKeyPass = "xmlsecurity";
+ String certificateAlias = "test";
+ File signatureFile = new File("build/signature.xml");
+
+ KeyStore ks = KeyStore.getInstance(keystoreType);
+ FileInputStream fis = new FileInputStream(keystoreFile);
+
+ ks.load(fis, keystorePass.toCharArray());
+
+ PrivateKey privateKey =
+ (PrivateKey) ks.getKey(privateKeyAlias, privateKeyPass.toCharArray());
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.newDocument();
+ String BaseURI = signatureFile.toURI().toURL().toString();
+ XMLSignature sig =
+ new XMLSignature(doc, BaseURI, XMLSignature.ALGO_ID_SIGNATURE_DSA);
+
+ doc.appendChild(sig.getElement());
+
+ {
+ ObjectContainer obj = new ObjectContainer(doc);
+ Element anElement = doc.createElementNS(null, "InsideObject");
+
+ anElement.appendChild(doc.createTextNode("A text in a box"));
+ obj.appendChild(anElement);
+
+ String Id = "TheFirstObject";
+
+ obj.setId(Id);
+ sig.appendObject(obj);
+
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ sig.addDocument("#" + Id, transforms, Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ X509Certificate cert =
+ (X509Certificate) ks.getCertificate(certificateAlias);
+
+ sig.addKeyInfo(cert);
+ sig.addKeyInfo(cert.getPublicKey());
+ System.out.println("Start signing");
+ sig.sign(privateKey);
+ System.out.println("Finished signing");
+ }
+
+ FileOutputStream f = new FileOutputStream(signatureFile);
+
+ XMLUtils.outputDOMc14nWithComments(doc, f);
+ f.close();
+ System.out.println("Wrote signature to " + BaseURI);
+
+ for (int i = 0; i < sig.getSignedInfo().getSignedContentLength(); i++) {
+ System.out.println("--- Signed Content follows ---");
+ System.out.println(new String(sig.getSignedInfo().getSignedContentItem(i)));
+ }
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleSixteen.java b/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleSixteen.java
new file mode 100644
index 0000000..e4132e5
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleSixteen.java
@@ -0,0 +1,479 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import org.apache.xml.security.keys.content.RetrievalMethod;
+import org.apache.xml.security.keys.content.X509Data;
+import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
+import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
+import org.apache.xml.security.keys.content.x509.XMLX509SubjectName;
+import org.apache.xml.security.samples.utils.resolver.OfflineResolver;
+import org.apache.xml.security.signature.Manifest;
+import org.apache.xml.security.signature.ObjectContainer;
+import org.apache.xml.security.signature.Reference;
+import org.apache.xml.security.signature.SignatureProperties;
+import org.apache.xml.security.signature.SignatureProperty;
+import org.apache.xml.security.signature.SignedInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.transforms.params.XPathContainer;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.ElementProxy;
+import org.apache.xml.security.utils.JavaUtils;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+/**
+ *
+ * @author $Author$
+ */
+public class CreateMerlinsExampleSixteen {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(CreateMerlinsExampleSixteen.class);
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String unused[]) throws Exception {
+ ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, "ds");
+ String keystoreType = "JKS";
+ String keystoreFile = "samples/data/keystore.jks";
+ String keystorePass = "xmlsecurity";
+ String privateKeyAlias = "test";
+ String privateKeyPass = "xmlsecurity";
+ String certificateAlias = "test";
+ File signatureFile = new File("build/merlinsSixteenRecreatedNoRetrievalMethod.xml");
+
+ KeyStore ks = KeyStore.getInstance(keystoreType);
+ FileInputStream fis = new FileInputStream(keystoreFile);
+
+ ks.load(fis, keystorePass.toCharArray());
+
+ PrivateKey privateKey =
+ (PrivateKey) ks.getKey(privateKeyAlias, privateKeyPass.toCharArray());
+
+ if (privateKey == null) {
+ throw new RuntimeException("Private key is null");
+ }
+
+ X509Certificate cert =
+ (X509Certificate) ks.getCertificate(certificateAlias);
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.newDocument();
+
+ //////////////////////////////////////////////////
+ Element envelope = doc.createElementNS("http://www.usps.gov/", "Envelope");
+
+ envelope.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "http://www.usps.gov/");
+ envelope.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:foo", "http://www.usps.gov/foo");
+ envelope.appendChild(doc.createTextNode("\n"));
+ doc.appendChild(doc.createComment(" Preamble "));
+ doc.appendChild(envelope);
+ doc.appendChild(doc.createComment(" Postamble "));
+
+ Element dearSir = doc.createElementNS("http://www.usps.gov/", "DearSir");
+
+ dearSir.appendChild(doc.createTextNode("foo"));
+ envelope.appendChild(dearSir);
+ envelope.appendChild(doc.createTextNode("\n"));
+
+ Element body = doc.createElementNS("http://www.usps.gov/", "Body");
+
+ body.appendChild(doc.createTextNode("bar"));
+ envelope.appendChild(body);
+ envelope.appendChild(doc.createTextNode("\n"));
+
+ Element YoursSincerely = doc.createElementNS("http://www.usps.gov/", "YoursSincerely");
+ YoursSincerely.appendChild(doc.createTextNode("\n"));
+
+ envelope.appendChild(YoursSincerely);
+
+ Element PostScript = doc.createElementNS("http://www.usps.gov/", "PostScript");
+
+ PostScript.appendChild(doc.createTextNode("bar"));
+ envelope.appendChild(PostScript);
+
+ Element Notaries = doc.createElementNS(null, "Notaries");
+
+ Notaries.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "");
+ Notaries.setAttributeNS(null, "Id", "notaries");
+ Notaries.setIdAttributeNS(null, "Id", true);
+
+ {
+ Element Notary = doc.createElementNS(null, "Notary");
+
+ Notary.setAttributeNS(null, "name", "Great, A. T.");
+ Notaries.appendChild(Notary);
+ }
+
+ {
+ Element Notary = doc.createElementNS(null, "Notary");
+
+ Notary.setAttributeNS(null, "name", "Hun, A. T.");
+ Notaries.appendChild(Notary);
+ }
+
+ envelope.appendChild(Notaries);
+ envelope.appendChild(doc.createComment(" Commentary "));
+
+ //////////////////////////////////////////////////
+ String BaseURI = signatureFile.toURI().toURL().toString();
+ XMLSignature sig =
+ new XMLSignature(doc, BaseURI, XMLSignature.ALGO_ID_SIGNATURE_DSA);
+
+ YoursSincerely.appendChild(sig.getElement());
+ sig.setId("signature");
+
+ /*
+ * Add the Objects
+ */
+
+ // object-1
+ {
+ ObjectContainer object1 = new ObjectContainer(doc);
+
+ object1.setId("object-1");
+ object1.setMimeType("text/plain");
+ object1.appendChild(doc.createTextNode("I am the text."));
+ sig.appendObject(object1);
+ }
+
+ // object-2
+ {
+ ObjectContainer object2 = new ObjectContainer(doc);
+
+ object2.setId("object-2");
+ object2.setMimeType("text/plain");
+ object2.setEncoding("http://www.w3.org/2000/09/xmldsig#base64");
+ object2.appendChild(doc.createTextNode("SSBhbSB0aGUgdGV4dC4="));
+ sig.appendObject(object2);
+ }
+
+ // object-3
+ {
+ ObjectContainer object = new ObjectContainer(doc);
+
+ object.setId("object-3");
+
+ Element nonc = doc.createElementNS(null, "NonCommentandus");
+
+ nonc.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "");
+ nonc.appendChild(doc.createComment(" Commentandum "));
+ object.appendChild(doc.createTextNode("\n "));
+ object.appendChild(nonc);
+ object.appendChild(doc.createTextNode("\n "));
+ sig.appendObject(object);
+ }
+
+ // object number 4
+ {
+ ObjectContainer object = new ObjectContainer(doc);
+
+ object.appendChild(createObject4(sig));
+ sig.appendObject(object);
+ }
+
+ // object number 4
+ {
+ ObjectContainer object = new ObjectContainer(doc);
+ SignatureProperties sps = new SignatureProperties(doc);
+
+ sps.setId("signature-properties-1");
+
+ SignatureProperty sp = new SignatureProperty(doc, "#signature");
+ Element signedAdress = doc.createElementNS("urn:demo",
+ "SignedAddress");
+
+ signedAdress.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "urn:demo");
+
+ Element IP = doc.createElementNS("urn:demo", "IP");
+
+ IP.appendChild(doc.createTextNode("192.168.21.138"));
+ signedAdress.appendChild(IP);
+ sp.appendChild(signedAdress);
+ sps.addSignatureProperty(sp);
+ object.appendChild(sps.getElement());
+ sig.appendObject(object);
+ }
+
+ {
+ ObjectContainer object = new ObjectContainer(doc);
+
+ object.setId("object-4");
+
+ X509Data x509data = new X509Data(doc);
+
+ x509data.add(new XMLX509SubjectName(doc, cert));
+ x509data.add(new XMLX509IssuerSerial(doc, cert));
+ x509data.add(new XMLX509Certificate(doc, cert));
+ object.appendChild(x509data.getElement());
+ sig.appendObject(object);
+ }
+
+ /*
+ * Add References
+ */
+ sig.getSignedInfo().addResourceResolver(
+ new org.apache.xml.security.samples.utils.resolver.OfflineResolver());
+ sig.addDocument("http://www.w3.org/TR/xml-stylesheet");
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
+ sig.addDocument("http://xmldsig.pothole.com/xml-stylesheet.txt",
+ transforms, Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+ XPathContainer xpathC = new XPathContainer(doc);
+
+ xpathC.setXPath("self::text()");
+ transforms.addTransform(Transforms.TRANSFORM_XPATH,
+ xpathC.getElementPlusReturns());
+ sig.addDocument("#object-1", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Object");
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
+ sig.addDocument("#object-2", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Object");
+ }
+
+ sig.addDocument("#manifest-1", null, Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Manifest");
+ sig.addDocument("#signature-properties-1", null,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#SignatureProperties");
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
+ sig.addDocument("#xpointer(/)", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ sig.addDocument("#xpointer(/)", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ sig.addDocument("#object-3", null, Constants.ALGO_ID_DIGEST_SHA1,
+ null, "http://www.w3.org/2000/09/xmldsig#Object");
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ sig.addDocument("#object-3", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Object");
+ }
+
+ {
+ sig.addDocument("#xpointer(id('object-3'))", null,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Object");
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ sig.addDocument("#xpointer(id('object-3'))", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Object");
+ }
+
+ {
+ sig.addDocument("#manifest-reference-1", null,
+ Constants.ALGO_ID_DIGEST_SHA1, "reference-1",
+ "http://www.w3.org/2000/09/xmldsig#Reference");
+ }
+
+ {
+ sig.addDocument("#reference-1", null,
+ Constants.ALGO_ID_DIGEST_SHA1, "reference-2",
+ "http://www.w3.org/2000/09/xmldsig#Reference");
+ }
+
+ {
+ sig.addDocument("#reference-2", null,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Reference");
+ }
+
+ /*
+ * Add KeyInfo and sign()
+ */
+ {
+ Transforms retrievalTransforms = new Transforms(doc);
+ XPathContainer xpathC = new XPathContainer(doc);
+
+ xpathC.setXPathNamespaceContext("ds", Constants.SignatureSpecNS);
+ xpathC.setXPath("ancestor-or-self::ds:X509Data");
+ retrievalTransforms.addTransform(Transforms.TRANSFORM_XPATH, xpathC.getElement());
+ sig.getKeyInfo().add(
+ new RetrievalMethod(
+ doc, "#object-4", retrievalTransforms, "http://www.w3.org/2000/09/xmldsig#X509Data"));
+
+ System.out.println("Start signing");
+ sig.sign(privateKey);
+ System.out.println("Finished signing");
+ }
+
+ FileOutputStream f = new FileOutputStream(signatureFile);
+
+ XMLUtils.outputDOMc14nWithComments(doc, f);
+ f.close();
+ System.out.println("Wrote signature to " + BaseURI);
+
+ SignedInfo s = sig.getSignedInfo();
+ for (int i = 0; i < s.getLength(); i++) {
+ Reference r = s.item(i);
+ String fn = "build/merlin16_"+i+".html";
+ System.out.println("Wrote Reference " + i + " to file " + fn);
+ JavaUtils.writeBytesToFilename(fn, r.getHTMLRepresentation().getBytes());
+ }
+
+ }
+
+ /**
+ * Method createObject4
+ *
+ * @param sig
+ *
+ * @throws Exception
+ */
+ public static Element createObject4(XMLSignature sig) throws Exception {
+
+ Document doc = sig.getElement().getOwnerDocument();
+ String BaseURI = sig.getBaseURI();
+ Manifest manifest = new Manifest(doc);
+ manifest.addResourceResolver(new OfflineResolver());
+
+ manifest.setId("manifest-1");
+ manifest.addDocument(BaseURI, "http://www.w3.org/TR/xml-stylesheet",
+ null, Constants.ALGO_ID_DIGEST_SHA1,
+ "manifest-reference-1", null);
+ manifest.addDocument(BaseURI, "#reference-1", null,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Reference");
+
+ String xslt = ""
+ + "<xsl:stylesheet xmlns:xsl='http://www.w3.org/1999/XSL/Transform'\n"
+ + " xmlns='http://www.w3.org/TR/xhtml1/strict' \n"
+ + " exclude-result-prefixes='foo' \n"
+ + " version='1.0'>\n"
+ + " <xsl:output encoding='UTF-8' \n"
+ + " indent='no' \n"
+ + " method='xml' />\n"
+ + " <xsl:template match='/'>\n"
+ + " <html>\n"
+ + " <head>\n"
+ + " <title>Notaries</title>\n"
+ + " </head>\n"
+ + " <body>\n"
+ + " <table>\n"
+ + " <xsl:for-each select='Notaries/Notary'>\n"
+ + " <tr>\n"
+ + " <th>\n"
+ + " <xsl:value-of select='@name' />\n"
+ + " </th>\n"
+ + " </tr>\n"
+ + " </xsl:for-each>\n"
+ + " </table>\n"
+ + " </body>\n"
+ + " </html>\n"
+ + " </xsl:template>\n"
+ + "</xsl:stylesheet>\n"
+ ;
+
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document docxslt =
+ db.parse(new ByteArrayInputStream(xslt.getBytes()));
+ Node xslElem = docxslt.getDocumentElement();
+ Node xslElemImported = doc.importNode(xslElem, true);
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_XSLT,
+ (Element) xslElemImported);
+ manifest.addDocument(BaseURI, "#notaries", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1, null, null);
+
+ return manifest.getElement();
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleTwentyThree.java b/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleTwentyThree.java
new file mode 100644
index 0000000..f667a37
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/CreateMerlinsExampleTwentyThree.java
@@ -0,0 +1,479 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import org.apache.xml.security.keys.content.RetrievalMethod;
+import org.apache.xml.security.keys.content.X509Data;
+import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
+import org.apache.xml.security.keys.content.x509.XMLX509IssuerSerial;
+import org.apache.xml.security.keys.content.x509.XMLX509SubjectName;
+import org.apache.xml.security.samples.utils.resolver.OfflineResolver;
+import org.apache.xml.security.signature.Manifest;
+import org.apache.xml.security.signature.ObjectContainer;
+import org.apache.xml.security.signature.Reference;
+import org.apache.xml.security.signature.SignatureProperties;
+import org.apache.xml.security.signature.SignatureProperty;
+import org.apache.xml.security.signature.SignedInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.transforms.params.XPathContainer;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.ElementProxy;
+import org.apache.xml.security.utils.JavaUtils;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+/**
+ *
+ * @author $Author$
+ */
+public class CreateMerlinsExampleTwentyThree {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(CreateMerlinsExampleTwentyThree.class);
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String unused[]) throws Exception {
+ ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, "ds");
+
+ String keystoreType = "JKS";
+ String keystoreFile = "samples/data/keystore.jks";
+ String keystorePass = "xmlsecurity";
+ String privateKeyAlias = "test";
+ String privateKeyPass = "xmlsecurity";
+ String certificateAlias = "test";
+ File signatureFile = new File("build/merlinsTwentyThreeRecreatedNoRetrievalMethod.xml");
+
+ KeyStore ks = KeyStore.getInstance(keystoreType);
+ FileInputStream fis = new FileInputStream(keystoreFile);
+
+ ks.load(fis, keystorePass.toCharArray());
+
+ PrivateKey privateKey =
+ (PrivateKey) ks.getKey(privateKeyAlias, privateKeyPass.toCharArray());
+
+ if (privateKey == null) {
+ throw new RuntimeException("Private key is null");
+ }
+
+ X509Certificate cert =
+ (X509Certificate) ks.getCertificate(certificateAlias);
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.newDocument();
+
+ //////////////////////////////////////////////////
+ Element envelope = doc.createElementNS("http://www.usps.gov/", "Envelope");
+
+ envelope.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "http://www.usps.gov/");
+ envelope.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:foo", "http://www.usps.gov/foo");
+ envelope.appendChild(doc.createTextNode("\n"));
+ doc.appendChild(doc.createComment(" Preamble "));
+ doc.appendChild(envelope);
+ doc.appendChild(doc.createComment(" Postamble "));
+
+ Element dearSir = doc.createElementNS("http://www.usps.gov/", "DearSir");
+
+ dearSir.appendChild(doc.createTextNode("foo"));
+ envelope.appendChild(dearSir);
+ envelope.appendChild(doc.createTextNode("\n"));
+
+ Element body = doc.createElementNS("http://www.usps.gov/", "Body");
+
+ body.appendChild(doc.createTextNode("bar"));
+ envelope.appendChild(body);
+ envelope.appendChild(doc.createTextNode("\n"));
+
+ Element YoursSincerely = doc.createElementNS("http://www.usps.gov/", "YoursSincerely");
+ YoursSincerely.appendChild(doc.createTextNode("\n"));
+
+ envelope.appendChild(YoursSincerely);
+
+ Element PostScript = doc.createElementNS("http://www.usps.gov/", "PostScript");
+
+ PostScript.appendChild(doc.createTextNode("bar"));
+ envelope.appendChild(PostScript);
+
+ Element Notaries = doc.createElementNS(null, "Notaries");
+
+ Notaries.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "");
+ Notaries.setAttributeNS(null, "Id", "notaries");
+ Notaries.setIdAttributeNS(null, "Id", true);
+
+ {
+ Element Notary = doc.createElementNS(null, "Notary");
+
+ Notary.setAttributeNS(null, "name", "Great, A. T.");
+ Notaries.appendChild(Notary);
+ }
+
+ {
+ Element Notary = doc.createElementNS(null, "Notary");
+
+ Notary.setAttributeNS(null, "name", "Hun, A. T.");
+ Notaries.appendChild(Notary);
+ }
+
+ envelope.appendChild(Notaries);
+ envelope.appendChild(doc.createComment(" Commentary "));
+
+ //////////////////////////////////////////////////
+ String BaseURI = signatureFile.toURI().toURL().toString();
+ XMLSignature sig = new XMLSignature(doc, BaseURI, XMLSignature.ALGO_ID_SIGNATURE_DSA);
+
+ YoursSincerely.appendChild(sig.getElement());
+ sig.setId("signature");
+
+ /*
+ * Add the Objects
+ */
+
+ // object-1
+ {
+ ObjectContainer object1 = new ObjectContainer(doc);
+
+ object1.setId("object-1");
+ object1.setMimeType("text/plain");
+ object1.appendChild(doc.createTextNode("I am the text."));
+ sig.appendObject(object1);
+ }
+
+ // object-2
+ {
+ ObjectContainer object2 = new ObjectContainer(doc);
+
+ object2.setId("object-2");
+ object2.setMimeType("text/plain");
+ object2.setEncoding("http://www.w3.org/2000/09/xmldsig#base64");
+ object2.appendChild(doc.createTextNode("SSBhbSB0aGUgdGV4dC4="));
+ sig.appendObject(object2);
+ }
+
+ // object-3
+ {
+ ObjectContainer object = new ObjectContainer(doc);
+
+ object.setId("object-3");
+
+ Element nonc = doc.createElementNS(null, "NonCommentandus");
+
+ nonc.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "");
+ nonc.appendChild(doc.createComment(" Commentandum "));
+ object.appendChild(doc.createTextNode("\n "));
+ object.appendChild(nonc);
+ object.appendChild(doc.createTextNode("\n "));
+ sig.appendObject(object);
+ }
+
+ // object number 4
+ {
+ ObjectContainer object = new ObjectContainer(doc);
+
+ object.appendChild(createObject4(sig));
+ sig.appendObject(object);
+ }
+
+ // object number 4
+ {
+ ObjectContainer object = new ObjectContainer(doc);
+ SignatureProperties sps = new SignatureProperties(doc);
+
+ sps.setId("signature-properties-1");
+
+ SignatureProperty sp = new SignatureProperty(doc, "#signature");
+ Element signedAdress = doc.createElementNS("urn:demo", "SignedAddress");
+
+ signedAdress.setAttributeNS(Constants.NamespaceSpecNS, "xmlns", "urn:demo");
+
+ Element IP = doc.createElementNS("urn:demo", "IP");
+
+ IP.appendChild(doc.createTextNode("192.168.21.138"));
+ signedAdress.appendChild(IP);
+ sp.appendChild(signedAdress);
+ sps.addSignatureProperty(sp);
+ object.appendChild(sps.getElement());
+ sig.appendObject(object);
+ }
+
+ {
+ ObjectContainer object = new ObjectContainer(doc);
+
+ object.setId("object-4");
+
+ X509Data x509data = new X509Data(doc);
+
+ x509data.add(new XMLX509SubjectName(doc, cert));
+ x509data.add(new XMLX509IssuerSerial(doc, cert));
+ x509data.add(new XMLX509Certificate(doc, cert));
+ object.appendChild(x509data.getElement());
+ sig.appendObject(object);
+ }
+
+ /*
+ * Add References
+ */
+ sig.getSignedInfo().addResourceResolver(
+ new org.apache.xml.security.samples.utils.resolver.OfflineResolver());
+ sig.addDocument("http://www.w3.org/TR/xml-stylesheet");
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
+ sig.addDocument("http://xmldsig.pothole.com/xml-stylesheet.txt",
+ transforms, Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+ XPathContainer xpathC = new XPathContainer(doc);
+
+ xpathC.setXPath("self::text()");
+ transforms.addTransform(Transforms.TRANSFORM_XPATH,
+ xpathC.getElementPlusReturns());
+ sig.addDocument("#object-1", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Object");
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_BASE64_DECODE);
+ sig.addDocument("#object-2", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Object");
+ }
+
+ sig.addDocument("#manifest-1", null, Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Manifest");
+ sig.addDocument("#signature-properties-1", null,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#SignatureProperties");
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
+ sig.addDocument("#xpointer(/)", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ sig.addDocument("#xpointer(/)", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ sig.addDocument("#object-3", null, Constants.ALGO_ID_DIGEST_SHA1,
+ null, "http://www.w3.org/2000/09/xmldsig#Object");
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ sig.addDocument("#object-3", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Object");
+ }
+
+ {
+ sig.addDocument("#xpointer(id('object-3'))", null,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Object");
+ }
+
+ {
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ sig.addDocument("#xpointer(id('object-3'))", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Object");
+ }
+
+ {
+ sig.addDocument("#manifest-reference-1", null,
+ Constants.ALGO_ID_DIGEST_SHA1, "reference-1",
+ "http://www.w3.org/2000/09/xmldsig#Reference");
+ }
+
+ {
+ sig.addDocument("#reference-1", null,
+ Constants.ALGO_ID_DIGEST_SHA1, "reference-2",
+ "http://www.w3.org/2000/09/xmldsig#Reference");
+ }
+
+ {
+ sig.addDocument("#reference-2", null,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Reference");
+ }
+
+ /*
+ * Add KeyInfo and sign()
+ */
+ {
+ Transforms retrievalTransforms = new Transforms(doc);
+ XPathContainer xpathC = new XPathContainer(doc);
+
+ xpathC.setXPathNamespaceContext("ds", Constants.SignatureSpecNS);
+ xpathC.setXPath("ancestor-or-self::ds:X509Data");
+ retrievalTransforms.addTransform(Transforms.TRANSFORM_XPATH,
+ xpathC.getElement());
+ sig.getKeyInfo().add(
+ new RetrievalMethod(
+ doc, "#object-4", retrievalTransforms, "http://www.w3.org/2000/09/xmldsig#X509Data"));
+
+ System.out.println("Start signing");
+ sig.sign(privateKey);
+ System.out.println("Finished signing");
+ }
+
+ FileOutputStream f = new FileOutputStream(signatureFile);
+
+ XMLUtils.outputDOMc14nWithComments(doc, f);
+ f.close();
+ System.out.println("Wrote signature to " + BaseURI);
+
+ SignedInfo s = sig.getSignedInfo();
+ for (int i = 0; i < s.getLength(); i++) {
+ Reference r = s.item(i);
+ String fn = "build/merlin16_"+i+".html";
+ System.out.println("Wrote Reference " + i + " to file " + fn);
+ JavaUtils.writeBytesToFilename(fn, r.getHTMLRepresentation().getBytes());
+ }
+
+ }
+
+ /**
+ * Method createObject4
+ *
+ * @param sig
+ *
+ * @throws Exception
+ */
+ public static Element createObject4(XMLSignature sig) throws Exception {
+
+ Document doc = sig.getElement().getOwnerDocument();
+ String BaseURI = sig.getBaseURI();
+ Manifest manifest = new Manifest(doc);
+ manifest.addResourceResolver(new OfflineResolver());
+
+ manifest.setId("manifest-1");
+ manifest.addDocument(BaseURI, "http://www.w3.org/TR/xml-stylesheet",
+ null, Constants.ALGO_ID_DIGEST_SHA1,
+ "manifest-reference-1", null);
+ manifest.addDocument(BaseURI, "#reference-1", null,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "http://www.w3.org/2000/09/xmldsig#Reference");
+
+ String xslt = ""
+ + "<xsl:stylesheet xmlns:xsl='http://www.w3.org/1999/XSL/Transform'\n"
+ + " xmlns='http://www.w3.org/TR/xhtml1/strict' \n"
+ + " exclude-result-prefixes='foo' \n"
+ + " version='1.0'>\n"
+ + " <xsl:output encoding='UTF-8' \n"
+ + " indent='no' \n"
+ + " method='xml' />\n"
+ + " <xsl:template match='/'>\n"
+ + " <html>\n"
+ + " <head>\n"
+ + " <title>Notaries</title>\n"
+ + " </head>\n"
+ + " <body>\n"
+ + " <table>\n"
+ + " <xsl:for-each select='Notaries/Notary'>\n"
+ + " <tr>\n"
+ + " <th>\n"
+ + " <xsl:value-of select='@name' />\n"
+ + " </th>\n"
+ + " </tr>\n"
+ + " </xsl:for-each>\n"
+ + " </table>\n"
+ + " </body>\n"
+ + " </html>\n"
+ + " </xsl:template>\n"
+ + "</xsl:stylesheet>\n"
+ ;
+
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document docxslt =
+ db.parse(new ByteArrayInputStream(xslt.getBytes()));
+ Node xslElem = docxslt.getDocumentElement();
+ Node xslElemImported = doc.importNode(xslElem, true);
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_XSLT,
+ (Element) xslElemImported);
+ manifest.addDocument(BaseURI, "#notaries", transforms,
+ Constants.ALGO_ID_DIGEST_SHA1, null, null);
+
+ return manifest.getElement();
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/CreateSignature.java b/samples/org/apache/xml/security/samples/signature/CreateSignature.java
new file mode 100644
index 0000000..bf0b7a6
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/CreateSignature.java
@@ -0,0 +1,172 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.ElementProxy;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+
+/**
+ * @author $Author$
+ */
+public class CreateSignature {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(CreateSignature.class);
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String unused[]) throws Exception {
+ ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, "ds");
+
+ //All the parameters for the keystore
+ String keystoreType = "JKS";
+ String keystoreFile = "samples/data/keystore.jks";
+ String keystorePass = "xmlsecurity";
+ String privateKeyAlias = "test";
+ String privateKeyPass = "xmlsecurity";
+ String certificateAlias = "test";
+ File signatureFile = new File("build/signature.xml");
+
+ KeyStore ks = KeyStore.getInstance(keystoreType);
+ FileInputStream fis = new FileInputStream(keystoreFile);
+
+ //load the keystore
+ ks.load(fis, keystorePass.toCharArray());
+
+ //get the private key for signing.
+ PrivateKey privateKey =
+ (PrivateKey) ks.getKey(privateKeyAlias, privateKeyPass.toCharArray());
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ //XML Signature needs to be namespace aware
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.newDocument();
+
+ //Build a sample document. It will look something like:
+ //<!-- Comment before -->
+ //<apache:RootElement xmlns:apache="http://www.apache.org/ns/#app1">Some simple text
+ //</apache:RootElement>
+ //<!-- Comment after -->
+ doc.appendChild(doc.createComment(" Comment before "));
+
+ Element root =
+ doc.createElementNS("http://www.apache.org/ns/#app1", "apache:RootElement");
+
+ root.setAttributeNS(null, "attr1", "test1");
+ root.setAttributeNS(null, "attr2", "test2");
+ root.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:foo", "http://example.org/#foo");
+ root.setAttributeNS("http://example.org/#foo", "foo:attr1", "foo's test");
+
+
+
+ root.setAttributeNS(Constants.NamespaceSpecNS, "xmlns:apache", "http://www.apache.org/ns/#app1");
+ doc.appendChild(root);
+ root.appendChild(doc.createTextNode("Some simple text\n"));
+
+ //The BaseURI is the URI that's used to prepend to relative URIs
+ String BaseURI = signatureFile.toURI().toURL().toString();
+ //Create an XML Signature object from the document, BaseURI and
+ //signature algorithm (in this case DSA)
+ XMLSignature sig =
+ new XMLSignature(doc, BaseURI, XMLSignature.ALGO_ID_SIGNATURE_DSA);
+
+
+ //Append the signature element to the root element before signing because
+ //this is going to be an enveloped signature.
+ //This means the signature is going to be enveloped by the document.
+ //Two other possible forms are enveloping where the document is inside the
+ //signature and detached where they are seperate.
+ //Note that they can be mixed in 1 signature with seperate references as
+ //shown below.
+ root.appendChild(sig.getElement());
+ doc.appendChild(doc.createComment(" Comment after "));
+ sig.getSignedInfo().addResourceResolver(
+ new org.apache.xml.security.samples.utils.resolver.OfflineResolver()
+ );
+
+ {
+ //create the transforms object for the Document/Reference
+ Transforms transforms = new Transforms(doc);
+
+ //First we have to strip away the signature element (it's not part of the
+ //signature calculations). The enveloped transform can be used for this.
+ transforms.addTransform(Transforms.TRANSFORM_ENVELOPED_SIGNATURE);
+ //Part of the signature element needs to be canonicalized. It is a kind
+ //of normalizing algorithm for XML. For more information please take a
+ //look at the W3C XML Digital Signature webpage.
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ //Add the above Document/Reference
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ //Add in 2 external URIs. This is a detached Reference.
+ //
+ // When sign() is called, two network connections are made. -- well,
+ // not really, as we use the OfflineResolver which acts as a proxy for
+ // these two resouces ;-))
+ //
+ sig.addDocument("http://www.w3.org/TR/xml-stylesheet");
+ sig.addDocument("http://www.nue.et-inf.uni-siegen.de/index.html");
+ }
+
+ {
+ //Add in the KeyInfo for the certificate that we used the private key of
+ X509Certificate cert =
+ (X509Certificate) ks.getCertificate(certificateAlias);
+
+ sig.addKeyInfo(cert);
+ sig.addKeyInfo(cert.getPublicKey());
+ System.out.println("Start signing");
+ sig.sign(privateKey);
+ System.out.println("Finished signing");
+ }
+
+ FileOutputStream f = new FileOutputStream(signatureFile);
+
+ XMLUtils.outputDOMc14nWithComments(doc, f);
+
+ f.close();
+ System.out.println("Wrote signature to " + BaseURI);
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/HereSigner.java b/samples/org/apache/xml/security/samples/signature/HereSigner.java
new file mode 100644
index 0000000..7103da4
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/HereSigner.java
@@ -0,0 +1,147 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.X509Certificate;
+
+import org.apache.xml.security.signature.ObjectContainer;
+import org.apache.xml.security.signature.SignedInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.transforms.params.XPathContainer;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.ElementProxy;
+import org.apache.xml.security.utils.HelperNodeList;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+/**
+ * @author $Author$
+ */
+public class HereSigner {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(HereSigner.class);
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String unused[]) throws Exception {
+ String keystoreType = "JKS";
+ String keystoreFile = "samples/data/keystore.jks";
+ String keystorePass = "xmlsecurity";
+ String privateKeyAlias = "test";
+ String privateKeyPass = "xmlsecurity";
+ String certificateAlias = "test";
+ File signatureFile = new File("build/hereSignature.xml");
+
+ KeyStore ks = KeyStore.getInstance(keystoreType);
+ FileInputStream fis = new FileInputStream(keystoreFile);
+
+ ks.load(fis, keystorePass.toCharArray());
+
+ PrivateKey privateKey =
+ (PrivateKey) ks.getKey(privateKeyAlias, privateKeyPass.toCharArray());
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.newDocument();
+
+ String BaseURI = signatureFile.toURI().toURL().toString();
+ ElementProxy.setDefaultPrefix(Constants.SignatureSpecNS, "prof");
+ XMLSignature sig =
+ new XMLSignature(doc, BaseURI, XMLSignature.ALGO_ID_SIGNATURE_DSA);
+
+ doc.appendChild(sig.getElement());
+ sig.getSignedInfo()
+ .addResourceResolver(new org.apache.xml.security.samples.utils.resolver.OfflineResolver());
+
+ {
+ ObjectContainer ob1 = new ObjectContainer(doc);
+ ob1.setId("object-1");
+ ob1.appendChild(doc.createTextNode("\nSigned Text\n"));
+ Element c = doc.createElementNS(null, "element");
+ c.setAttributeNS(null, "name", "val");
+ ob1.appendChild(c);
+ sig.appendObject(ob1);
+
+ Transforms transforms = new Transforms(doc);
+ XPathContainer xc = new XPathContainer(doc);
+ xc.setXPathNamespaceContext("prof", Constants.SignatureSpecNS);
+
+ String xpath = "\n"
+ + "count(" + "\n"
+ + " ancestor-or-self::prof:Object " + "\n"
+ + " | " + "\n"
+ + " here()/ancestor::prof:Signature[1]/child::prof:Object[@Id='object-1']" + "\n"
+ + ") <= count(" + "\n"
+ + " ancestor-or-self::prof:Object" + "\n"
+ + ") " + "\n";
+
+ xc.setXPath(xpath);
+ HelperNodeList nl = new HelperNodeList();
+ nl.appendChild(doc.createTextNode("\n"));
+ nl.appendChild(xc.getElement());
+ nl.appendChild(doc.createTextNode("\n"));
+
+ transforms.addTransform(Transforms.TRANSFORM_XPATH, nl);
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ X509Certificate cert =
+ (X509Certificate) ks.getCertificate(certificateAlias);
+
+ sig.addKeyInfo(cert);
+ sig.addKeyInfo(cert.getPublicKey());
+ System.out.println("Start signing");
+ sig.sign(privateKey);
+ System.out.println("Finished signing");
+ }
+
+ SignedInfo s = sig.getSignedInfo();
+ for (int i = 0; i < s.getSignedContentLength(); i++) {
+ System.out.println(new String(s.getSignedContentItem(i)));
+ }
+
+ FileOutputStream f = new FileOutputStream(signatureFile);
+
+ XMLUtils.outputDOMc14nWithComments(doc, f);
+
+ f.close();
+ System.out.println("Wrote signature to " + BaseURI);
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/NullURIReferenceResolver.java b/samples/org/apache/xml/security/samples/signature/NullURIReferenceResolver.java
new file mode 100644
index 0000000..54340ce
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/NullURIReferenceResolver.java
@@ -0,0 +1,139 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.utils.resolver.ResourceResolverException;
+import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
+import org.w3c.dom.Attr;
+
+/**
+ * This is a sample ResourceResolver who demonstrated how References without
+ * URI attribuet could be handled.
+ *
+ * @author $Author$
+ */
+public class NullURIReferenceResolver extends ResourceResolverSpi {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(NullURIReferenceResolver.class);
+
+ /** Field _data[] */
+ byte _data[] = null;
+
+ /** Field _data2[][] */
+ byte _data2[][] = null;
+
+ /** Field _count */
+ int _count = -1;
+
+ /**
+ * Constructor NullURIReferenceResolver
+ *
+ * @param data
+ */
+ public NullURIReferenceResolver(byte[] data) {
+ _data = data;
+ _count = -1;
+ }
+
+ /**
+ * Constructor NullURIReferenceResolver
+ *
+ * @param data
+ */
+ public NullURIReferenceResolver(byte[][] data) {
+ _data2 = data;
+ _count = 0;
+ }
+
+ /**
+ * Method engineResolve
+ *
+ * @param uri
+ * @param BaseURI
+ *
+ * @throws ResourceResolverException
+ */
+ public XMLSignatureInput engineResolve(Attr uri, String BaseURI)
+ throws ResourceResolverException {
+
+ XMLSignatureInput result = null;
+
+ if ((this._data != null) && (this._count == -1)) {
+
+ // we always return the same stuff;
+ result = new XMLSignatureInput(this._data);
+
+ result.setSourceURI("memory://null");
+ result.setMIMEType("text/txt");
+ } else if ((this._data == null) && (this._count != -1)) {
+ if (this._count < this._data2.length) {
+ result = new XMLSignatureInput(this._data2[this._count]);
+
+ result.setSourceURI("memory://" + this._count);
+
+ this._count++;
+
+ result.setMIMEType("text/txt");
+ } else {
+ String errMsg = "You did not supply enough data!!! There are only "
+ + (this._data2.length) + " byte[] arrays";
+ Object exArgs[] = { errMsg };
+
+ throw new ResourceResolverException("empty", exArgs, uri, BaseURI);
+ }
+ } else {
+ Object exArgs[] = { "You did not supply data !!!" };
+
+ throw new ResourceResolverException("empty", exArgs, uri, BaseURI);
+ }
+
+ return result;
+ }
+
+ /**
+ * Method engineCanResolve
+ *
+ * @param uri
+ * @param BaseURI
+ *
+ */
+ public boolean engineCanResolve(Attr uri, String BaseURI) {
+
+ if (uri == null) {
+ if ((this._data != null) && (this._count == -1)) {
+ return true;
+ } else if ((this._data == null) && (this._count != -1)) {
+ return true;
+ }
+ }
+
+ return false;
+ }
+
+ /**
+ * Method engineGetPropertyKeys
+ *
+ *
+ */
+ public String[] engineGetPropertyKeys() {
+ return null;
+ }
+}
diff --git a/samples/org/apache/xml/security/samples/signature/SignaturePropertiesSample.java b/samples/org/apache/xml/security/samples/signature/SignaturePropertiesSample.java
new file mode 100644
index 0000000..938d5a1
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/SignaturePropertiesSample.java
@@ -0,0 +1,93 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.signature.ObjectContainer;
+import org.apache.xml.security.signature.SignatureProperties;
+import org.apache.xml.security.signature.SignatureProperty;
+import org.apache.xml.security.signature.XMLSignature;
+import org.w3c.dom.Document;
+
+/**
+ * Class SignaturePropertiesSample
+ *
+ * @author $Author$
+ */
+public class SignaturePropertiesSample {
+
+ /**
+ * Method main
+ *
+ * @param args
+ * @throws Exception
+ */
+ public static void main(String args[]) throws Exception {
+
+ org.apache.xml.security.Init.init();
+
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ Document doc = db.newDocument();
+ XMLSignature sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+
+ doc.appendChild(sig.getElement());
+
+ SignatureProperty prop1 =
+ new SignatureProperty(doc, "http://www.xmlsecurity.org/#target", "prop1");
+
+ prop1.getElement().appendChild(doc.createTextNode("\n some data for this property\n"));
+
+ SignatureProperties props = new SignatureProperties(doc);
+
+ props.addSignatureProperty(prop1);
+
+ ObjectContainer object = new ObjectContainer(doc);
+
+ object.appendChild(doc.createTextNode("\n"));
+ object.appendChild(props.getElement());
+ object.appendChild(doc.createTextNode("\n"));
+ sig.appendObject(object);
+ sig.addDocument("#prop1");
+
+ String secretKey = "secret";
+
+ sig.getKeyInfo().addKeyName("The UTF-8 octets of \"" + secretKey
+ + "\" are used for signing ("
+ + secretKey.length() + " octets)");
+ sig.sign(sig.createSecretKey(secretKey.getBytes()));
+
+ Canonicalizer c14n =
+ Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
+
+ System.out.println("---------------------------------------");
+ System.out.println(new String(c14n.canonicalizeSubtree(doc)));
+ System.out.println("---------------------------------------");
+ System.out.println(new String(sig.getSignedInfo().item(0).getTransformsOutput().getBytes()));
+ System.out.println("---------------------------------------");
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/TestSignature.java b/samples/org/apache/xml/security/samples/signature/TestSignature.java
new file mode 100644
index 0000000..7346dc8
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/TestSignature.java
@@ -0,0 +1,149 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+import java.io.File;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.keys.storage.StorageResolver;
+import org.apache.xml.security.samples.utils.resolver.OfflineResolver;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.samples.DSNamespaceContext;
+import org.apache.xml.security.samples.SampleUtils;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+/**
+ * Class TestSignature
+ *
+ * @author $Author$
+ */
+public class TestSignature {
+
+ /**
+ * Method main
+ *
+ * @param unused
+ */
+ public static void main(String unused[]) {
+
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ String merlinsDir =
+ "samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-eighteen/";
+ String ourDir =
+ "samples/data/org/apache/xml/security/temp/key/";
+ String filenames[] = { merlinsDir +
+ /* 0 */ "signature-keyname.xml",
+ merlinsDir +
+ /* 1 */ "signature-retrievalmethod-rawx509crt.xml",
+ merlinsDir +
+ /* 2 */ "signature-x509-crt-crl.xml",
+ merlinsDir +
+ /* 3 */ "signature-x509-crt.xml",
+ merlinsDir +
+ /* 4 */ "signature-x509-is.xml",
+ merlinsDir +
+ /* 5 */ "signature-x509-ski.xml",
+ merlinsDir +
+ /* 6 */ "signature-x509-sn.xml",
+ ourDir +
+ /* 7 */ "signature-retrievalmethod-x509data.xml"
+ };
+ int start = 0;
+ int end = filenames.length;
+
+ // int end = filenames.length;
+ for (int file_to_verify = start; file_to_verify < end; file_to_verify++) {
+ try {
+ String filename = filenames[file_to_verify];
+ File f = new File(filename);
+
+ System.out.println("");
+ System.out.println("#########################################################");
+ System.out.println("Try to verify " + f.toURL().toString());
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc =
+ db.parse(new java.io.FileInputStream(filename));
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ //Creates a XMLSignature from the element and uses the filename as
+ //the baseURI. That URI is prepended to all relative URIs.
+ XMLSignature signature =
+ new XMLSignature(sigElement, (new File(filename)).toURI().toURL().toString());
+
+ signature.addResourceResolver(new OfflineResolver());
+
+ //Get the KeyInfo object, which might contain some clues as to what
+ //key was used to create the signature. It might also contain the
+ //full cert.
+ KeyInfo ki = signature.getKeyInfo();
+
+ ki.addStorageResolver(
+ new StorageResolver(
+ new org.apache.xml.security.keys.storage.implementations
+ .CertsInFilesystemDirectoryResolver(merlinsDir + "certs")));
+
+ if (ki != null) {
+ //First try to see if it is an X509Cert
+ X509Certificate cert =
+ signature.getKeyInfo().getX509Certificate();
+
+ if (cert != null) {
+ //check if the signature is valid using the cert
+ System.out.println("Check: " + signature.checkSignatureValue(cert));
+ } else {
+ //Maybe it's a public key
+ PublicKey pk = signature.getKeyInfo().getPublicKey();
+ if (pk != null) {
+ //check if the signature is valid using the public key
+ System.out.println("Check: " + signature.checkSignatureValue(pk));
+ } else {
+ //No X509Cert or PublicKey could be found.
+ System.out.println("Could not find Certificate or PublicKey");
+ }
+ }
+ } else {
+ //If the signature did not contain any KeyInfo element
+ System.out.println("Could not find ds:KeyInfo");
+ }
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+ }
+}
diff --git a/samples/org/apache/xml/security/samples/signature/VerifyCollectableSignature.java b/samples/org/apache/xml/security/samples/signature/VerifyCollectableSignature.java
new file mode 100644
index 0000000..a949cd9
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/VerifyCollectableSignature.java
@@ -0,0 +1,113 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+
+import java.io.File;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.signature.SignedInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.samples.DSNamespaceContext;
+import org.apache.xml.security.samples.SampleUtils;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+/**
+ *
+ * @author $Author$
+ */
+public class VerifyCollectableSignature {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(VerifyCollectableSignature.class);
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String unused[]) throws Exception {
+
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+ dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
+
+ try {
+ File signatureFile = new File("build/collectableSignature.xml");
+ String BaseURI = signatureFile.toURI().toURL().toString();
+
+ System.out.println("Try to verify "
+ + signatureFile.toURI().toURL().toString());
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+
+ db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
+
+ org.w3c.dom.Document doc =
+ db.parse(new java.io.FileInputStream(signatureFile));
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ NodeList signatureElems =
+ (NodeList) xpath.evaluate(expression, doc, XPathConstants.NODESET);
+
+ for (int i = 0; i < signatureElems.getLength(); i++) {
+ Element sigElement = (Element) signatureElems.item(i);
+ XMLSignature signature = new XMLSignature(sigElement, BaseURI);
+ byte[] secretKey = "secretValue".getBytes();
+
+ System.out.println(
+ "The XML signature number " + i + " in file " + BaseURI + " is "
+ + (signature.checkSignatureValue(
+ signature.createSecretKey(
+ CreateCollectableSignature.passphrase.getBytes()
+ )
+ ) ? "valid (good)" : "invalid !!!!! (bad)"));
+
+ SignedInfo s = signature.getSignedInfo();
+
+ for (int j = 0; j < s.getSignedContentLength(); j++) {
+ System.out.println("################ Signed Resource " + i + "/" + j
+ + " ################");
+ System.out.println(new String(s.getSignedContentItem(j)));
+ System.out.println();
+ }
+ }
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/VerifyMerlinsExamplesFifteen.java b/samples/org/apache/xml/security/samples/signature/VerifyMerlinsExamplesFifteen.java
new file mode 100644
index 0000000..74122d8
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/VerifyMerlinsExamplesFifteen.java
@@ -0,0 +1,177 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.samples.DSNamespaceContext;
+import org.apache.xml.security.samples.SampleUtils;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+/**
+ *
+ * @author $Author$
+ */
+public class VerifyMerlinsExamplesFifteen {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(VerifyMerlinsExamplesFifteen.class);
+
+ /** Field schemaValidate */
+ static final boolean schemaValidate = false;
+
+ /** Field signatureSchemaFile */
+ static final String signatureSchemaFile = "samples/data/xmldsig-core-schema.xsd";
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ */
+ public static void main(String unused[]) {
+
+ if (schemaValidate) {
+ System.out.println("We do schema-validation");
+ } else {
+ System.out.println("We do not schema-validation");
+ }
+
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ if (VerifyMerlinsExamplesSixteen.schemaValidate) {
+ dbf.setAttribute("http://apache.org/xml/features/validation/schema",
+ Boolean.TRUE);
+ dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansion",
+ Boolean.TRUE);
+ dbf.setValidating(true);
+ dbf.setAttribute("http://xml.org/sax/features/validation",
+ Boolean.TRUE);
+ dbf.setAttribute("http://apache.org/xml/properties/schema/external-schemaLocation",
+ Constants.SignatureSpecNS + " "
+ + VerifyMerlinsExamplesSixteen.signatureSchemaFile);
+ }
+
+ dbf.setNamespaceAware(true);
+ dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
+
+ String merlinsDir =
+ "samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-fifteen/";
+ String filenames[] = { merlinsDir + "signature-enveloping-hmac-sha1.xml",
+ merlinsDir + "signature-enveloped-dsa.xml",
+ merlinsDir + "signature-enveloping-b64-dsa.xml",
+ merlinsDir + "signature-enveloping-dsa.xml",
+ merlinsDir + "signature-enveloping-rsa.xml",
+ merlinsDir + "signature-external-b64-dsa.xml",
+ merlinsDir + "signature-external-dsa.xml"
+ };
+
+ try {
+ verifyHMAC(dbf, filenames[0]);
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+
+ for (int i = 1; i < filenames.length; i++) {
+ String signatureFileName = filenames[i];
+
+ try {
+ VerifyMerlinsExamplesSixteen.verify(dbf, signatureFileName);
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+ }
+
+ /**
+ * Method verify
+ *
+ * @param dbf
+ * @param filename
+ * @throws Exception
+ */
+ public static void verifyHMAC(DocumentBuilderFactory dbf, String filename)
+ throws Exception {
+
+ File f = new File(filename);
+
+ System.out.println("Try to verify " + f.toURI().toURL().toString());
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+
+ if (VerifyMerlinsExamplesSixteen.schemaValidate) {
+ db.setErrorHandler(new org.apache.xml.security.utils
+ .IgnoreAllErrorHandler());
+ db.setEntityResolver(new org.xml.sax.EntityResolver() {
+
+ public org.xml.sax.InputSource resolveEntity(String publicId, String systemId)
+ throws org.xml.sax.SAXException {
+
+ if (systemId.endsWith("xmldsig-core-schema.xsd")) {
+ try {
+ return new org.xml.sax.InputSource(new FileInputStream(signatureSchemaFile));
+ } catch (FileNotFoundException ex) {
+ throw new org.xml.sax.SAXException(ex);
+ }
+ } else {
+ return null;
+ }
+ }
+ });
+ }
+
+ org.w3c.dom.Document doc = db.parse(new java.io.FileInputStream(f));
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+ XMLSignature signature =
+ new XMLSignature(sigElement, f.toURI().toURL().toString());
+
+ // signature.addResourceResolver(new OfflineResolver());
+
+ byte keybytes[] = "secret".getBytes("ASCII");
+ javax.crypto.SecretKey sk = signature.createSecretKey(keybytes);
+
+ System.out.println("The XML signature in file "
+ + f.toURI().toURL().toString() + " is "
+ + (signature.checkSignatureValue(sk)
+ ? "valid (good)" : "invalid !!!!! (bad)"));
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/VerifyMerlinsExamplesSixteen.java b/samples/org/apache/xml/security/samples/signature/VerifyMerlinsExamplesSixteen.java
new file mode 100644
index 0000000..274a75f
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/VerifyMerlinsExamplesSixteen.java
@@ -0,0 +1,191 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.samples.DSNamespaceContext;
+import org.apache.xml.security.samples.SampleUtils;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+/**
+ *
+ * @author $Author$
+ */
+public class VerifyMerlinsExamplesSixteen {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(VerifyMerlinsExamplesSixteen.class);
+
+ /** Field schemaValidate */
+ static final boolean schemaValidate = false;
+
+ /** Field signatureSchemaFile */
+ static final String signatureSchemaFile = "samples/data/xmldsig-core-schema.xsd";
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ */
+ public static void main(String unused[]) {
+
+ if (schemaValidate) {
+ System.out.println("We do schema-validation");
+ } else {
+ System.out.println("We do not schema-validation");
+ }
+
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ if (VerifyMerlinsExamplesSixteen.schemaValidate) {
+ dbf.setAttribute("http://apache.org/xml/features/validation/schema",
+ Boolean.TRUE);
+ dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansion",
+ Boolean.TRUE);
+ dbf.setValidating(true);
+ dbf.setAttribute("http://xml.org/sax/features/validation",
+ Boolean.TRUE);
+ dbf.setAttribute("http://apache.org/xml/properties/schema/external-schemaLocation",
+ Constants.SignatureSpecNS + " "
+ + VerifyMerlinsExamplesSixteen.signatureSchemaFile);
+ }
+
+ dbf.setNamespaceAware(true);
+ dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
+
+ String filenames[] = {
+ "samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-sixteen/signature.xml"
+ };
+ int start = 0;
+ int end = filenames.length;
+
+ for (int i = start; i < end; i++) {
+ String signatureFileName = filenames[i];
+
+ try {
+ verify(dbf, signatureFileName);
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+ }
+
+ /**
+ * Method verify
+ *
+ * @param dbf
+ * @param filename
+ * @throws Exception
+ */
+ public static void verify(DocumentBuilderFactory dbf, String filename)
+ throws Exception {
+
+ File f = new File(filename);
+
+ System.out.println("Try to verify " + f.toURL().toString());
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+
+ if (VerifyMerlinsExamplesSixteen.schemaValidate) {
+ db.setErrorHandler(new org.apache.xml.security.utils
+ .IgnoreAllErrorHandler());
+ db.setEntityResolver(new org.xml.sax.EntityResolver() {
+
+ public org.xml.sax.InputSource resolveEntity(String publicId, String systemId)
+ throws org.xml.sax.SAXException {
+
+ if (systemId.endsWith("xmldsig-core-schema.xsd")) {
+ try {
+ return new org.xml.sax.InputSource(new FileInputStream(signatureSchemaFile));
+ } catch (FileNotFoundException ex) {
+ throw new org.xml.sax.SAXException(ex);
+ }
+ } else {
+ return null;
+ }
+ }
+ });
+ }
+
+ org.w3c.dom.Document doc = db.parse(new java.io.FileInputStream(f));
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+ XMLSignature signature =
+ new XMLSignature(sigElement, f.toURI().toURL().toString());
+
+ signature.getSignedInfo().addResourceResolver(
+ new org.apache.xml.security.samples.utils.resolver.OfflineResolver()
+ );
+
+ signature.setFollowNestedManifests(false);
+
+ KeyInfo ki = signature.getKeyInfo();
+
+ if (ki != null) {
+ X509Certificate cert = signature.getKeyInfo().getX509Certificate();
+
+ if (cert != null) {
+ System.out.println("The XML signature in file "
+ + f.toURI().toURL().toString() + " is "
+ + (signature.checkSignatureValue(cert)
+ ? "valid (good)" : "invalid !!!!! (bad)"));
+ } else {
+ PublicKey pk = signature.getKeyInfo().getPublicKey();
+
+ if (pk != null) {
+ System.out.println("The XML signature in file "
+ + f.toURI().toURL().toString() + " is "
+ + (signature.checkSignatureValue(pk)
+ ? "valid (good)" : "invalid !!!!! (bad)"));
+ } else {
+ System.out.println(
+ "Did not find a public key, so I can't check the signature");
+ }
+ }
+ } else {
+ System.out.println("Did not find a KeyInfo");
+ }
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/VerifyMerlinsExamplesTwentyThree.java b/samples/org/apache/xml/security/samples/signature/VerifyMerlinsExamplesTwentyThree.java
new file mode 100644
index 0000000..0139c9e
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/VerifyMerlinsExamplesTwentyThree.java
@@ -0,0 +1,200 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.samples.DSNamespaceContext;
+import org.apache.xml.security.samples.SampleUtils;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+/**
+ *
+ * @author $Author$
+ */
+public class VerifyMerlinsExamplesTwentyThree {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(VerifyMerlinsExamplesTwentyThree.class);
+
+ /** Field schemaValidate */
+ static final boolean schemaValidate = false;
+
+ /** Field signatureSchemaFile */
+ static final String signatureSchemaFile = "samples/data/xmldsig-core-schema.xsd";
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ */
+ public static void main(String unused[]) {
+
+ if (schemaValidate) {
+ System.out.println("We do schema-validation");
+ } else {
+ System.out.println("We do not schema-validation");
+ }
+
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ if (VerifyMerlinsExamplesTwentyThree.schemaValidate) {
+ dbf.setAttribute("http://apache.org/xml/features/validation/schema",
+ Boolean.TRUE);
+ dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansion",
+ Boolean.TRUE);
+ dbf.setValidating(true);
+ dbf.setAttribute("http://xml.org/sax/features/validation",
+ Boolean.TRUE);
+ dbf.setAttribute("http://apache.org/xml/properties/schema/external-schemaLocation",
+ Constants.SignatureSpecNS + " "
+ + VerifyMerlinsExamplesTwentyThree.signatureSchemaFile);
+ }
+
+ dbf.setNamespaceAware(true);
+ dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
+
+ String merlinsDir =
+ "samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/";
+ String filenames[] = { // "23signature.xml"
+ // "merlinsTwentyThreeRecreated.xml"
+ merlinsDir + "signature.xml",
+ merlinsDir + "signature-enveloped-dsa.xml",
+ merlinsDir + "signature-enveloping-b64-dsa.xml",
+ merlinsDir + "signature-enveloping-dsa.xml",
+ merlinsDir + "signature-enveloping-hmac-sha1.xml",
+ merlinsDir + "signature-enveloping-rsa.xml",
+ merlinsDir + "signature-external-b64-dsa.xml",
+ merlinsDir + "signature-external-dsa.xml"
+ };
+ int start = 0;
+ int end = filenames.length;
+
+ for (int i = start; i < end; i++) {
+ String signatureFileName = filenames[i];
+
+ try {
+ verify(dbf, signatureFileName);
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+ }
+
+ /**
+ * Method verify
+ *
+ * @param dbf
+ * @param filename
+ * @throws Exception
+ */
+ public static void verify(DocumentBuilderFactory dbf, String filename)
+ throws Exception {
+
+ File f = new File(filename);
+
+ System.out.println("Try to verify " + f.toURI().toURL().toString());
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+
+ if (VerifyMerlinsExamplesTwentyThree.schemaValidate) {
+ db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
+ db.setEntityResolver(new org.xml.sax.EntityResolver() {
+
+ public org.xml.sax.InputSource resolveEntity(String publicId, String systemId)
+ throws org.xml.sax.SAXException {
+
+ if (systemId.endsWith("xmldsig-core-schema.xsd")) {
+ try {
+ return new org.xml.sax.InputSource(new FileInputStream(signatureSchemaFile));
+ } catch (FileNotFoundException ex) {
+ throw new org.xml.sax.SAXException(ex);
+ }
+ } else {
+ return null;
+ }
+ }
+ });
+ }
+
+ org.w3c.dom.Document doc = db.parse(new java.io.FileInputStream(f));
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+ XMLSignature signature =
+ new XMLSignature(sigElement, f.toURI().toURL().toString());
+
+ signature.getSignedInfo()
+ .addResourceResolver(new org.apache.xml.security.samples.utils.resolver.OfflineResolver());
+
+ signature.setFollowNestedManifests(false);
+
+ KeyInfo ki = signature.getKeyInfo();
+
+ if (ki != null) {
+ X509Certificate cert = signature.getKeyInfo().getX509Certificate();
+
+ if (cert != null) {
+ System.out.println("The XML signature in file "
+ + f.toURI().toURL().toString() + " is "
+ + (signature.checkSignatureValue(cert)
+ ? "valid (good)" : "invalid !!!!! (bad)"));
+ } else {
+ PublicKey pk = signature.getKeyInfo().getPublicKey();
+
+ if (pk != null) {
+ System.out.println("The XML signature in file "
+ + f.toURI().toURL().toString() + " is "
+ + (signature.checkSignatureValue(pk)
+ ? "valid (good)" : "invalid !!!!! (bad)"));
+ } else {
+ System.out.println(
+ "Did not find a public key, so I can't check the signature");
+ }
+ }
+ } else {
+ System.out.println("Did not find a KeyInfo");
+ }
+
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/VerifySignature.java b/samples/org/apache/xml/security/samples/signature/VerifySignature.java
new file mode 100644
index 0000000..8aff81d
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/VerifySignature.java
@@ -0,0 +1,167 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileNotFoundException;
+import java.security.PublicKey;
+import java.security.cert.X509Certificate;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.samples.utils.resolver.OfflineResolver;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.samples.DSNamespaceContext;
+import org.apache.xml.security.samples.SampleUtils;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+/**
+ * @author $Author$
+ */
+public class VerifySignature {
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ */
+ public static void main(String unused[]) {
+
+ boolean schemaValidate = false;
+ final String signatureSchemaFile = "samples/data/xmldsig-core-schema.xsd";
+ String signatureFileName = "build/signature.xml";
+
+ if (schemaValidate) {
+ System.out.println("We do schema-validation");
+ }
+
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ if (schemaValidate) {
+ dbf.setAttribute("http://apache.org/xml/features/validation/schema",
+ Boolean.TRUE);
+ dbf.setAttribute("http://apache.org/xml/features/dom/defer-node-expansion",
+ Boolean.TRUE);
+ dbf.setValidating(true);
+ dbf.setAttribute("http://xml.org/sax/features/validation",
+ Boolean.TRUE);
+ }
+
+ dbf.setNamespaceAware(true);
+ dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
+
+ if (schemaValidate) {
+ dbf.setAttribute("http://apache.org/xml/properties/schema/external-schemaLocation",
+ Constants.SignatureSpecNS + " " + signatureSchemaFile);
+ }
+
+ try {
+
+ File f = new File(signatureFileName);
+
+ System.out.println("Try to verify " + f.toURI().toURL().toString());
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+
+ db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
+
+ if (schemaValidate) {
+ db.setEntityResolver(new org.xml.sax.EntityResolver() {
+
+ public org.xml.sax.InputSource resolveEntity(
+ String publicId, String systemId
+ ) throws org.xml.sax.SAXException {
+
+ if (systemId.endsWith("xmldsig-core-schema.xsd")) {
+ try {
+ return new org.xml.sax.InputSource(
+ new FileInputStream(signatureSchemaFile));
+ } catch (FileNotFoundException ex) {
+ throw new org.xml.sax.SAXException(ex);
+ }
+ } else {
+ return null;
+ }
+ }
+ });
+ }
+
+ org.w3c.dom.Document doc = db.parse(new java.io.FileInputStream(f));
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ Element sigElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+ XMLSignature signature =
+ new XMLSignature(sigElement, f.toURI().toURL().toString());
+
+ signature.addResourceResolver(new OfflineResolver());
+
+ KeyInfo ki = signature.getKeyInfo();
+
+ if (ki != null) {
+ if (ki.containsX509Data()) {
+ System.out.println("Could find a X509Data element in the KeyInfo");
+ }
+
+ X509Certificate cert = signature.getKeyInfo().getX509Certificate();
+
+ if (cert != null) {
+ System.out.println("The XML signature in file "
+ + f.toURI().toURL().toString() + " is "
+ + (signature.checkSignatureValue(cert)
+ ? "valid (good)" : "invalid !!!!! (bad)"));
+ } else {
+ System.out.println("Did not find a Certificate");
+
+ PublicKey pk = signature.getKeyInfo().getPublicKey();
+
+ if (pk != null) {
+ System.out.println("The XML signature in file "
+ + f.toURI().toURL().toString() + " is "
+ + (signature.checkSignatureValue(pk)
+ ? "valid (good)" : "invalid !!!!! (bad)"));
+ } else {
+ System.out.println(
+ "Did not find a public key, so I can't check the signature");
+ }
+ }
+ } else {
+ System.out.println("Did not find a KeyInfo");
+ }
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/contract/ThreeSignerContractSign.java b/samples/org/apache/xml/security/samples/signature/contract/ThreeSignerContractSign.java
new file mode 100644
index 0000000..8ca384a
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/contract/ThreeSignerContractSign.java
@@ -0,0 +1,311 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature.contract;
+
+import java.io.File;
+import java.io.FileOutputStream;
+
+import org.apache.xml.security.keys.content.KeyName;
+import org.apache.xml.security.signature.SignedInfo;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.transforms.params.XPathContainer;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+
+/**
+ * In the past the protokol to sign data (like a contract) from more than one people
+ * looks like this:
+ * 1. A signs the hash of the data => SignatureA
+ * 2. B signs SignatureA => SignatureB
+ * 3. C signs SignatureB => SignatureC
+ *
+ * To verify e.g. signature C the following steps were necessary:
+ * 1. Verify signature C thereby decrypt SignatureC (SignatureB)
+ * 2. Verify signature B thereby decrypt SignatureB (SignatureA)
+ * 3. Verify signature A thereby decrypt SignatureA (hash of the data)
+ * 4. Compare the calculated hash of the sent contract with the decrypted SignatureA result
+ *
+ * XML-Signatures are more flexible in this way.
+ * It is possible to sign data in steps from different signers and
+ * verify a signature independent from the others signatures.
+ * Furthermore all the signed data and the signatures can be hold in one file.
+ *
+ * @author Rene Kollmorgen <Rene.Kollmorgen@softwareag.com>
+ */
+public class ThreeSignerContractSign {
+
+ static {
+ org.apache.xml.security.Init.init();
+
+ // org.apache.xml.security.utils.Constants.setSignatureSpecNSprefix("");
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String unused[]) throws Exception {
+ File signatureFile = new File("build/threeSignerContract.xml");
+ String BaseURI = signatureFile.toURI().toURL().toString();
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc = db.newDocument();
+ Element contract = doc.createElementNS(null, "contract");
+
+ // create contract ////////////////////////////////////////////
+ doc.appendChild(contract);
+
+ // beautifying //////
+ Element condition1 = doc.createElementNS(null, "condition1");
+
+ condition1.setAttributeNS(null, "Id", "cond1");
+ condition1.appendChild(
+ doc.createTextNode(
+ "condition1 not covered in first signature, only "
+ + "binding for the second and third signer"));
+
+ Element condition2 = doc.createElementNS(null, "condition2");
+
+ condition2.appendChild(doc.createTextNode("condition2"));
+
+ Element condition3 = doc.createElementNS(null, "condition3");
+
+ condition3.appendChild(doc.createTextNode("condition3"));
+ contract.appendChild(doc.createTextNode("\n"));
+ contract.appendChild(condition1);
+ contract.appendChild(doc.createTextNode("\n"));
+ contract.appendChild(condition2);
+ contract.appendChild(doc.createTextNode("\n"));
+ contract.appendChild(condition3);
+ contract.appendChild(doc.createTextNode("\n"));
+
+ String id1 = "firstSigner";
+ String id2 = "secondSigner";
+ String id3 = "thirdSigner";
+
+ // sign the whole contract and no signature and exclude condition1
+ String xp1Old = "not(ancestor-or-self::ds:Signature)"
+ + " and not(ancestor-or-self::node()[@Id='cond1'])";
+
+ // sign the contract with condition2 and codition3 and no signature
+ String xp1 = "not(ancestor-or-self::ds:Signature)" + "\n"
+ + " and (" + "\n"
+ + " (ancestor-or-self::node() = /contract/condition2) " + "\n"
+ + " or (ancestor-or-self::node() = /contract/condition3) " + "\n"
+ + " or (self::node() = /contract) " + "\n"
+ + " or ((parent::node() = /contract) and (self::text()))" + "\n"
+ + ")";
+
+ // sign the whole contract and no signature but the first
+ String xp2 = "not(ancestor-or-self::ds:Signature)" + "\n"
+ + " or ancestor-or-self::ds:Signature[@Id='" + id1 + "']";
+
+ // sign the whole contract and no signature but the first and the second
+ String xp3 = "not(ancestor-or-self::ds:Signature)" + "\n"
+ + " or ancestor-or-self::ds:Signature[@Id='" + id1 + "']" + "\n"
+ + " or ancestor-or-self::ds:Signature[@Id='" + id2 + "']";
+ //////////////////////////////////////////////////////////////////
+ // first signer //////////////////////////////////////////////////
+ //////////////////////////////////////////////////////////////////
+ {
+ XMLSignature firstSigner =
+ new XMLSignature(doc, BaseURI, XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+
+ firstSigner.setId(id1);
+ contract.appendChild(firstSigner.getElement());
+
+ String rootnamespace = contract.getNamespaceURI();
+ boolean rootprefixed = (rootnamespace != null) && (rootnamespace.length() > 0);
+ String rootlocalname = contract.getNodeName();
+ Transforms transforms = new Transforms(doc);
+ XPathContainer xpath = new XPathContainer(doc);
+
+ xpath.setXPathNamespaceContext("ds", Constants.SignatureSpecNS);
+ xpath.setXPath("\n" + xp1 + "\n");
+ transforms.addTransform(Transforms.TRANSFORM_XPATH,
+ xpath.getElementPlusReturns());
+ firstSigner.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
+
+ {
+ // not really secure ///////////////////
+ firstSigner.getKeyInfo().add(new KeyName(doc, "First signer key"));
+
+ ////////////////////////////////////////////////
+ System.out.println("First signer: Start signing");
+ firstSigner.sign(
+ firstSigner.createSecretKey("First signer key".getBytes()));
+ System.out.println("First signer: Finished signing");
+ }
+
+ SignedInfo s = firstSigner.getSignedInfo();
+
+ for (int i = 0; i < s.getSignedContentLength(); i++) {
+ System.out.println("################ Signed Resource " + i
+ + " ################");
+ System.out.println(new String(s.getSignedContentItem(i)));
+ System.out.println();
+ }
+ }
+
+ //////////////////////////////////////////////////////////////////
+ // second signer /////////////////////////////////////////////////
+ //////////////////////////////////////////////////////////////////
+ {
+ XMLSignature secondSigner =
+ new XMLSignature(doc, BaseURI, XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+
+ secondSigner.setId(id2);
+ contract.appendChild(secondSigner.getElement());
+
+ Transforms transforms2 = new Transforms(doc);
+ XPathContainer xpath2 = new XPathContainer(doc);
+
+ xpath2.setXPathNamespaceContext("ds", Constants.SignatureSpecNS);
+ xpath2.setXPath("\n" + xp2 + "\n");
+ transforms2.addTransform(Transforms.TRANSFORM_XPATH,
+ xpath2.getElementPlusReturns());
+ secondSigner.addDocument("", transforms2, Constants.ALGO_ID_DIGEST_SHA1);
+
+ {
+ secondSigner.getKeyInfo().add(new KeyName(doc,
+ "Second signer key"));
+ System.out.println("Second signer: Start signing");
+ secondSigner.sign(
+ secondSigner.createSecretKey("Second signer key".getBytes()));
+ System.out.println("Second signer: Finished signing");
+ }
+
+ SignedInfo s2 = secondSigner.getSignedInfo();
+
+ for (int i = 0; i < s2.getSignedContentLength(); i++) {
+ System.out.println("################ Signed Resource " + i
+ + " ################");
+ System.out.println(new String(s2.getSignedContentItem(i)));
+ System.out.println();
+ }
+ }
+
+ //////////////////////////////////////////////////////////////////
+ // third signer //////////////////////////////////////////////////
+ //////////////////////////////////////////////////////////////////
+ {
+ XMLSignature thirdSigner =
+ new XMLSignature(doc, BaseURI, XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+
+ thirdSigner.setId(id3);
+ contract.appendChild(thirdSigner.getElement());
+
+ Transforms transforms3 = new Transforms(doc);
+ XPathContainer xpath3 = new XPathContainer(doc);
+
+ xpath3.setXPathNamespaceContext("ds", Constants.SignatureSpecNS);
+ xpath3.setXPath("\n" + xp3 + "\n");
+ transforms3.addTransform(Transforms.TRANSFORM_XPATH,
+ xpath3.getElementPlusReturns());
+ thirdSigner.addDocument("", transforms3, Constants.ALGO_ID_DIGEST_SHA1);
+
+ {
+ thirdSigner.getKeyInfo().add(new KeyName(doc, "Third signer key"));
+ System.out.println("Third signer: Start signing");
+ thirdSigner.sign(
+ thirdSigner.createSecretKey("Third signer key".getBytes()));
+ System.out.println("Third signer: Finished signing");
+ }
+
+ SignedInfo s3 = thirdSigner.getSignedInfo();
+
+ for (int i = 0; i < s3.getSignedContentLength(); i++) {
+ System.out.println("################ Signed Resource " + i
+ + " ################");
+ System.out.println(new String(s3.getSignedContentItem(i)));
+ System.out.println();
+ }
+ }
+
+ //////////////////////////////////////////////////////////////////
+ // forth signer //////////////////////////////////////////////////
+ //////////////////////////////////////////////////////////////////
+ {
+ XMLSignature forthSigner =
+ new XMLSignature(doc, BaseURI, XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+
+ forthSigner.setId("sig4");
+ contract.appendChild(forthSigner.getElement());
+
+ {
+ // first of all, add the basic document without signatures
+ Transforms transforms4 = new Transforms(doc);
+ XPathContainer xpath4 = new XPathContainer(doc);
+
+ xpath4.setXPathNamespaceContext("ds", Constants.SignatureSpecNS);
+ xpath4.setXPath("\n" + "not(ancestor-or-self::ds:Signature)"
+ + "\n");
+ transforms4.addTransform(Transforms.TRANSFORM_XPATH,
+ xpath4.getElementPlusReturns());
+ forthSigner.addDocument("", transforms4,
+ Constants.ALGO_ID_DIGEST_SHA1);
+ }
+
+ {
+ // then add the different signatures
+ forthSigner.addDocument("#xpointer(id('firstSigner'))", null,
+ Constants.ALGO_ID_DIGEST_SHA1, null,
+ "ds:Signature");
+ }
+
+ {
+ forthSigner.getKeyInfo().add(new KeyName(doc, "Forth signer key"));
+ System.out.println("Forth signer: Start signing");
+ forthSigner.sign(
+ forthSigner.createSecretKey("Forth signer key".getBytes()));
+ System.out.println("Forth signer: Finished signing");
+ }
+
+ SignedInfo s4 = forthSigner.getSignedInfo();
+
+ for (int i = 0; i < s4.getSignedContentLength(); i++) {
+ System.out.println("################ Signed Resource " + i
+ + " ################");
+ System.out.println(new String(s4.getSignedContentItem(i)));
+ System.out.println();
+ }
+ }
+
+ //////////////////////////////////////////////////////////////////
+ // write away files
+ //////////////////////////////////////////////////////////////////
+ {
+ FileOutputStream f = new FileOutputStream(signatureFile);
+
+ XMLUtils.outputDOMc14nWithComments(doc, f);
+ f.close();
+ System.out.println("Wrote signature to " + BaseURI);
+ }
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/signature/contract/ThreeSignerContractVerify.java b/samples/org/apache/xml/security/samples/signature/contract/ThreeSignerContractVerify.java
new file mode 100644
index 0000000..8d65456
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/signature/contract/ThreeSignerContractVerify.java
@@ -0,0 +1,104 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.signature.contract;
+
+import java.io.File;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.samples.DSNamespaceContext;
+import org.apache.xml.security.samples.SampleUtils;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+/**
+ *
+ * @author Rene Kollmorgen <Rene.Kollmorgen@softwareag.com>
+ */
+public class ThreeSignerContractVerify {
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String unused[]) throws Exception {
+
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+ dbf.setAttribute("http://xml.org/sax/features/namespaces", Boolean.TRUE);
+
+ try {
+
+ //File signatureFile = new File("collectableSignature.xml");
+ File signatureFile = new File("build/threeSignerContract.xml");
+ String BaseURI = signatureFile.toURI().toURL().toString();
+
+ System.out.println("Try to verify "
+ + signatureFile.toURI().toURL().toString());
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+
+ db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
+
+ org.w3c.dom.Document doc =
+ db.parse(new java.io.FileInputStream(signatureFile));
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[1]";
+ NodeList signatureElems =
+ (NodeList) xpath.evaluate(expression, doc, XPathConstants.NODESET);
+
+ for (int i = 0; i < signatureElems.getLength(); i++) {
+ Element sigElement = (Element) signatureElems.item(i);
+ XMLSignature signature = new XMLSignature(sigElement, BaseURI);
+
+ //byte[] secretKey = "secretValue".getBytes();
+ Element keyName =
+ (Element) sigElement.getElementsByTagNameNS(
+ Constants.SignatureSpecNS, "KeyName").item(0);
+ String keyValue = keyName.getFirstChild().getNodeValue();
+
+ System.out.println("The signature number " + (i + 1) + " is "
+ + (signature.checkSignatureValue(
+ signature.createSecretKey(
+ keyValue.getBytes()))
+ ? "valid (good)" : "invalid !!!!! (bad)"));
+ }
+ } catch (Exception ex) {
+ ex.printStackTrace();
+ }
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/transforms/SampleTransformChaining.java b/samples/org/apache/xml/security/samples/transforms/SampleTransformChaining.java
new file mode 100644
index 0000000..b569986
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/transforms/SampleTransformChaining.java
@@ -0,0 +1,113 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.transforms;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.samples.DSNamespaceContext;
+import org.apache.xml.security.samples.SampleUtils;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+
+/**
+ * This class demonstrates the use of a Transform for XSLT. The
+ * <CODE>xsl:stylesheet</CODE> is directly embedded in the <CODE>ds:Transform</CODE>,
+ * so the {@link Transform} object is created by using the Element.
+ *
+ * @author Christian Geuer-Pollmann
+ * @version %I%, %G%
+ */
+public class SampleTransformChaining {
+
+ /**
+ * Method main
+ *
+ * @param args
+ * @throws Exception
+ */
+ public static void main(String args[]) throws Exception {
+ String inputStr =
+ "<?xml version=\"1.0\"?>" + "\n"
+ + "<Class>" + "\n"
+ + " <BASE64>" + "\n"
+ + " PGNvbnRhaW5lcj4KICAgPGU+SGVsbG8sIDwhLS0gY29tbWVudCAtLT4gd29ybGQhPC9lPgogICA8" + "\n"
+ + " T3JkZXIgTmFtZT0nVElOQU1JRk9STUVTJyB4bWxucz0naHR0cDovL3NmZGZnLyc+CiAgICAgIDxG" + "\n"
+ + " YW1pbHkgTmFtZT0nVElOQU1JREFFJz4KICAgICAgICAgPFNwZWNpZXMgU2NpZW50aWZpY19OYW1l" + "\n"
+ + " PSdDcnlwdHVyZWxsdXMgYm91Y2FyZGknPlNsYXR5LWJyZWFzdGVkIFRpbmFtb3UuPC9TcGVjaWVz" + "\n"
+ + " PgogICAgICA8L0ZhbWlseT4KICAgPC9PcmRlcj4KICAgPE9yZGVyIE5hbWU9J1BPRElDSVBFRElG" + "\n"
+ + " T1JNRVMnLz4KPC9jb250YWluZXI+Cg==" + "\n"
+ + " </BASE64>" + "\n"
+ + "<Signature Id='SignatureToBeOmitted' xmlns='http://www.w3.org/2000/09/xmldsig#'>" + "\n"
+ + " <SignedInfo>" + "\n"
+ + " <Reference URI=''>" + "\n"
+ + " <Transforms>" + "\n"
+ + " <Transform Algorithm='http://www.w3.org/TR/1999/REC-xpath-19991116'>\n"
+ + " <!-- Exclude all signatures -->\n"
+ + " <ds:XPath xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>\n"
+ + " ancestor::BASE64"
+ + " </ds:XPath>\n"
+ + " </Transform>\n"
+ + " <Transform Algorithm='http://www.w3.org/2000/09/xmldsig#base64' />\n"
+ + " <Transform Algorithm='http://www.w3.org/TR/1999/REC-xpath-19991116'>\n"
+ + " <ds:XPath xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>\n"
+ + " not(self::container) "
+ + " </ds:XPath>\n"
+ + " </Transform>\n"
+ + " <Transform Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315' />\n"
+ + " </Transforms>" + "\n"
+ + " </Reference>" + "\n"
+ + " </SignedInfo>" + "\n"
+ + " </Signature>"
+ + "</Class>" + "\n"
+ ;
+
+ org.apache.xml.security.Init.init();
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc =
+ db.parse(new java.io.ByteArrayInputStream(inputStr.getBytes()));
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Transforms[1]";
+ Element transformsElement =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ Transforms transforms = new Transforms(transformsElement, "memory://");
+ XMLSignatureInput input = new XMLSignatureInput(doc);
+
+ // execute Transforms
+ XMLSignatureInput result = transforms.performTransforms(input);
+
+ // output result
+ System.out.println(new String(result.getBytes()));
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/transforms/SampleTransformEnvelopedSignature.java b/samples/org/apache/xml/security/samples/transforms/SampleTransformEnvelopedSignature.java
new file mode 100644
index 0000000..e9c01ea
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/transforms/SampleTransformEnvelopedSignature.java
@@ -0,0 +1,105 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.transforms;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.samples.DSNamespaceContext;
+import org.apache.xml.security.samples.SampleUtils;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+/**
+ * This class demonstrates the use of a Transform forEnveloped Signature.
+ *
+ * @author Christian Geuer-Pollmann
+ * @version %I%, %G%
+ */
+public class SampleTransformEnvelopedSignature {
+
+ /**
+ * Method main
+ *
+ * @param args
+ * @throws Exception
+ */
+ public static void main(String args[]) throws Exception {
+ String inputStr =
+ "<?xml version=\"1.0\"?>" + "\n"
+ + "<Document xmlns='http://www.w3.org/2000/09/xmldsig#'>" + "\n"
+ + " <Data attr='attrValue'>text in Data</Data>" + "\n"
+ + "<Signature Id='SignatureToBeOmitted' xmlns='http://www.w3.org/2000/09/xmldsig#'>" + "\n"
+ + " <SignedInfo>" + "\n"
+ + " <Reference>" + "\n"
+ + " <Transforms>" + "\n"
+ // + " <Transform Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments' />" + "\n"
+ + " <Transform Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature' />" + "\n"
+ + " <Transform Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments' />" + "\n"
+ + " </Transforms>" + "\n"
+ + " </Reference>" + "\n"
+ + " </SignedInfo>" + "\n"
+ + " </Signature>"
+ + " <Signature Id='VisibleSignature' xmlns='http://www.w3.org/2000/09/xmldsig#'>" + "\n"
+ + " <SignedInfo xmlns='http://www.w3.org/2000/09/xmldsig#'>" + "\n"
+ + " <Reference xmlns='http://www.w3.org/2000/09/xmldsig#'>" + "\n"
+ + " <Transforms xmlns='http://www.w3.org/2000/09/xmldsig#'>" + "\n"
+ + " <Transform Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature' />" + "\n"
+ + " <Transform Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments' />" + "\n"
+ + " </Transforms>" + "\n"
+ + " </Reference>" + "\n"
+ + " </SignedInfo>" + "\n"
+ + " </Signature>" + "\n"
+ + "</Document>" + "\n"
+ ;
+
+ org.apache.xml.security.Init.init();
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc =
+ db.parse(new java.io.ByteArrayInputStream(inputStr.getBytes()));
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "//ds:Signature[@Id='SignatureToBeOmitted']//ds:Transforms";
+ Element transformsElem =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ Transforms transforms = new Transforms(transformsElem, "memory://");
+ XMLSignatureInput input = new XMLSignatureInput((Node) doc);
+
+ // input.setCanonicalizerURI(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
+
+ XMLSignatureInput result = transforms.performTransforms(input);
+
+ System.out.println(new String(result.getBytes()));
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/transforms/SampleTransformNone.java b/samples/org/apache/xml/security/samples/transforms/SampleTransformNone.java
new file mode 100644
index 0000000..c8f9102
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/transforms/SampleTransformNone.java
@@ -0,0 +1,67 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.transforms;
+
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.transforms.Transform;
+import org.apache.xml.security.transforms.TransformSpi;
+
+/**
+ * Implements a null transform which leaved the input unmodified.
+ *
+ * @author Christian Geuer-Pollmann
+ */
+public class SampleTransformNone extends TransformSpi {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(SampleTransformNone.class);
+
+ /** Field implementedTransformURI */
+ public static final String implementedTransformURI =
+ "http://www.xmlsecurity.org/NS/Transforms#none";
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ /**
+ * Method engineGetURI
+ *
+ *
+ */
+ protected String engineGetURI() {
+ return SampleTransformNone.implementedTransformURI;
+ }
+
+ public boolean wantsOctetStream () { return true; }
+ public boolean wantsNodeSet () { return true; }
+ public boolean returnsOctetStream () { return true; }
+ public boolean returnsNodeSet () { return true; }
+
+ /**
+ * Method enginePerformTransform
+ *
+ * @param input
+ *
+ */
+ protected XMLSignatureInput enginePerformTransform(XMLSignatureInput input, Transform _transformObject) {
+ return input;
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/transforms/SampleTransformXPath.java b/samples/org/apache/xml/security/samples/transforms/SampleTransformXPath.java
new file mode 100644
index 0000000..b6408a4
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/transforms/SampleTransformXPath.java
@@ -0,0 +1,99 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.transforms;
+
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.transforms.Transforms;
+
+/**
+ * This class demonstrates the use of a Transform for XSLT. The
+ * <CODE>xsl:stylesheet</CODE> is directly embedded in the <CODE>ds:Transform</CODE>,
+ * so the {@link Transform} object is created by using the Element.
+ *
+ * @author Christian Geuer-Pollmann
+ * @version %I%, %G%
+ */
+public class SampleTransformXPath {
+
+ /**
+ * Method main
+ *
+ * @param args
+ * @throws Exception
+ */
+ public static void main(String args[]) throws Exception {
+ String transformStr =
+ "<?xml version='1.0'?>\n"
+ + "<Transforms xmlns='http://www.w3.org/2000/09/xmldsig#'>\n"
+ + "<Transform Algorithm='http://www.w3.org/TR/1999/REC-xpath-19991116'>\n"
+ // + " <ds:XPath xmlns:match='http://sfdfg/'>(self::match:Order | self::text()[string(parent::e)=\"Hello, world!\"])</ds:XPath>\n"
+ // + " <ds:XPath>//@*</ds:XPath>\n"
+ + " <!-- Exclude all signatures -->\n"
+ // + " <ds:XPath xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>not(ancestor-or-self::ds:Signature)</ds:XPath>\n"
+ + " <ds:XPath xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>self::text()[ancestor-or-self::node()=/Class/e[1]]</ds:XPath>\n"
+ + "</Transform>\n"
+ + "</Transforms>\n"
+ ;
+
+ String inputStr =
+ "<?xml version=\"1.0\"?>" + "\n"
+ + "<Class>" + "\n"
+ + " <e>Hello, <!-- comment --> world!</e>" + "\n"
+ + " <Order Name='TINAMIFORMES' xmlns='http://sfdfg/'>" + "\n"
+ + " <Family Name='TINAMIDAE'>" + "\n"
+ + " <Species Scientific_Name='Crypturellus boucardi'>Slaty-breasted Tinamou.</Species>" + "\n"
+ + " </Family>" + "\n"
+ + " </Order>" + "\n"
+ + " <Order Name='PODICIPEDIFORMES'/>" + "\n"
+ + "<Signature Id='SignatureToBeOmitted' xmlns='http://www.w3.org/2000/09/xmldsig#'>" + "\n"
+ + " <SignedInfo>" + "\n"
+ + " <Reference>" + "\n"
+ + " <Transforms>" + "\n"
+ + " <Transform Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature' />" + "\n"
+ // + " <Transform Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments' />" + "\n"
+ + " </Transforms>" + "\n"
+ + " </Reference>" + "\n"
+ + " </SignedInfo>" + "\n"
+ + " </Signature>"
+ + "</Class>" + "\n"
+ ;
+
+ org.apache.xml.security.Init.init();
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc =
+ db.parse(new java.io.ByteArrayInputStream(transformStr.getBytes()));
+
+ String BaseURI = null;
+ Transforms transforms = new Transforms(doc.getDocumentElement(), BaseURI);
+
+ XMLSignatureInput input = new XMLSignatureInput(inputStr.getBytes());
+
+ // input.setCanonicalizerURI(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
+
+ XMLSignatureInput result = transforms.performTransforms(input);
+
+ System.out.println(new String(result.getBytes()));
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/transforms/SampleTransformXPath2Filter.java b/samples/org/apache/xml/security/samples/transforms/SampleTransformXPath2Filter.java
new file mode 100644
index 0000000..c290ffb
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/transforms/SampleTransformXPath2Filter.java
@@ -0,0 +1,205 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.transforms;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.transforms.params.XPath2FilterContainer;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.JavaUtils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+/**
+ * Sample for the <I>XML Signature XPath Filter v2.0</I>
+ *
+ * @author $Author$
+ * @see <A HREF="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter v2.0 (TR)</A>
+ * @see <A HREF=http://www.w3.org/Signature/Drafts/xmldsig-xfilter2/">XPath Filter v2.0 (editors copy)</A>
+ */
+public class SampleTransformXPath2Filter {
+
+ /**
+ * Method main
+ *
+ * @param args
+ * @throws Exception
+ */
+ public static void main(String args[]) throws Exception {
+
+ org.apache.xml.security.Init.init();
+
+ boolean verbose = true;
+
+ create("build/withComments.xml", true, verbose);
+ System.out.println();
+ System.out.println();
+ System.out.println();
+ create("build/omitComments.xml", false, verbose);
+ System.out.println();
+ System.out.println();
+ System.out.println();
+ check("build/withComments.xml");
+ }
+
+ /**
+ * Method create
+ *
+ * @param filename
+ * @param withComments
+ * @param verbose
+ * @throws Exception
+ */
+ public static void create(
+ String filename, boolean withComments, boolean verbose
+ ) throws Exception {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ String inputDoc =
+ "<Document>\n" +
+ " <ToBeSigned>\n" +
+ " <!-- comment -->\n" +
+ " <Data />\n" +
+ " <NotToBeSigned>\n" +
+ " <ReallyToBeSigned>\n" +
+ " <!-- comment -->\n" +
+ " <Data />\n" +
+ " </ReallyToBeSigned>\n" +
+ " </NotToBeSigned>\n" +
+ " </ToBeSigned>\n" +
+ " <ToBeSigned>\n" +
+ " <Data />\n" +
+ " <NotToBeSigned>\n" +
+ " <Data />\n" +
+ " </NotToBeSigned>\n" +
+ " </ToBeSigned>\n" +
+ "</Document>";
+ Document doc = db.parse(new ByteArrayInputStream(inputDoc.getBytes()));
+ XMLSignature sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+
+ doc.getDocumentElement().appendChild(sig.getElement());
+ doc.getDocumentElement().appendChild(doc.createTextNode("\n"));
+
+ Transforms transforms = new Transforms(doc);
+
+ String filters[][] = {{XPath2FilterContainer.INTERSECT, "//ToBeSigned"},
+ {XPath2FilterContainer.SUBTRACT, "//NotToBeSigned"},
+ {XPath2FilterContainer.UNION, "//ReallyToBeSigned"}};
+
+ transforms.addTransform(
+ Transforms.TRANSFORM_XPATH2FILTER, XPath2FilterContainer.newInstances(doc, filters)
+ );
+ if (withComments) {
+ transforms.addTransform(Transforms.TRANSFORM_C14N_WITH_COMMENTS);
+ }
+
+ sig.addDocument("#xpointer(/)", transforms);
+
+ String secretKey = "secret";
+
+ sig.getKeyInfo().addKeyName("The UTF-8 octets of \"" + secretKey
+ + "\" are used for signing (" + secretKey.length() + " octets)");
+ sig.sign(sig.createSecretKey(secretKey.getBytes()));
+
+ Canonicalizer c14n =
+ Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
+ byte[] full = c14n.canonicalizeSubtree(doc);
+ FileOutputStream fos = new FileOutputStream(filename);
+
+ try {
+ fos.write(full);
+ } finally {
+ fos.close();
+ }
+
+ if (verbose) {
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println("Input to the transforms is");
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println(
+ new String(sig.getSignedInfo().item(0).getContentsBeforeTransformation().getBytes())
+ );
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println("The signed octets (output of the transforms) are ");
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println(
+ new String(sig.getSignedInfo().item(0).getTransformsOutput().getBytes())
+ );
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println("The document is ");
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println(new String(full));
+ System.out.println(
+ "-------------------------------------------------------------");
+ }
+
+ JavaUtils.writeBytesToFilename(
+ "build/xfilter2.html", sig.getSignedInfo().item(0).getHTMLRepresentation().getBytes()
+ );
+ }
+
+ /**
+ * Method check
+ *
+ * @param filename
+ * @throws Exception
+ */
+ public static void check(String filename) throws Exception {
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ Document doc = db.parse(new FileInputStream(filename));
+ NodeList sigs = doc.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_SIGNATURE);
+
+ XMLSignature sig =
+ new XMLSignature((Element)sigs.item(0), new File(filename).toURI().toURL().toString());
+ boolean check = sig.checkSignatureValue(sig.createSecretKey("secret".getBytes()));
+
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println("Verification of " + filename + ": " + check);
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println(new String(sig.getSignedInfo().item(0).getTransformsOutput().getBytes()));
+ System.out.println(
+ "-------------------------------------------------------------");
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/transforms/SampleTransformXPath2Filter2.java b/samples/org/apache/xml/security/samples/transforms/SampleTransformXPath2Filter2.java
new file mode 100644
index 0000000..5000851
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/transforms/SampleTransformXPath2Filter2.java
@@ -0,0 +1,204 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.xml.security.samples.transforms;
+
+import java.io.ByteArrayInputStream;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.signature.XMLSignature;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.transforms.params.XPath2FilterContainer;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.ElementProxy;
+import org.apache.xml.security.utils.JavaUtils;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+/**
+ * Sample for the <I>XML Signature XPath Filter v2.0</I>
+ *
+ * @author $Author$
+ * @see <A HREF="http://www.w3.org/TR/xmldsig-filter2/">XPath Filter v2.0 (TR)</A>
+ * @see <A HREF=http://www.w3.org/Signature/Drafts/xmldsig-xfilter2/">
+ * XPath Filter v2.0 (editors copy)</A>
+ */
+
+public class SampleTransformXPath2Filter2 {
+
+ /**
+ * Method main
+ *
+ * @param args
+ * @throws Exception
+ */
+ public static void main(String args[]) throws Exception {
+
+ org.apache.xml.security.Init.init();
+
+ boolean verbose = true;
+
+ create("build/withComments.xml", true, verbose);
+ System.out.println();
+ System.out.println();
+ System.out.println();
+ create("build/omitComments.xml", false, verbose);
+ System.out.println();
+ System.out.println();
+ System.out.println();
+ check("build/withComments.xml");
+ }
+
+ /**
+ * Method create
+ *
+ * @param filename
+ * @param withComments
+ * @param verbose
+ * @throws Exception
+ */
+ public static void create(
+ String filename, boolean withComments, boolean verbose
+ ) throws Exception {
+
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ String inputDoc = "<A><UNSIGNED><B><SIGNED><MORE_SIGNED_STUFF/></SIGNED><C><UNSIGNED/></C></B><D><UNSIGNED/></D><UNSIGNED><E><SIGNED><MORE_SIGNED_STUFF/></SIGNED></E><UNSIGNED><F><G><H/></G></F></UNSIGNED></UNSIGNED></UNSIGNED></A>";
+
+ Document doc = db.parse(new ByteArrayInputStream(inputDoc.getBytes()));
+ XMLSignature sig = new XMLSignature(doc, null, XMLSignature.ALGO_ID_MAC_HMAC_SHA1);
+
+ doc.getDocumentElement().appendChild(sig.getElement());
+ sig.getElement().setAttributeNS(
+ Constants.NamespaceSpecNS,
+ "xmlns:" + ElementProxy.getDefaultPrefix(Transforms.TRANSFORM_XPATH2FILTER),
+ Transforms.TRANSFORM_XPATH2FILTER
+ );
+ doc.getDocumentElement().appendChild(doc.createTextNode("\n"));
+
+ Transforms transforms = new Transforms(doc);
+
+ transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER,
+ XPath2FilterContainer.newInstanceIntersect(doc, "//E").getElement());
+
+ transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER,
+ XPath2FilterContainer.newInstanceUnion(doc, "//B").getElement());
+ transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER,
+ XPath2FilterContainer.newInstanceSubtract(doc, "//C").getElement());
+
+ transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER,
+ XPath2FilterContainer.newInstanceUnion(doc, "//F").getElement());
+ transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER,
+ XPath2FilterContainer.newInstanceSubtract(doc, "//G").getElement());
+ transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER,
+ XPath2FilterContainer.newInstanceUnion(doc, "//H").getElement());
+
+ sig.addDocument("", transforms);
+
+ String secretKey = "secret";
+
+ sig.getKeyInfo().addKeyName("The UTF-8 octets of \"" + secretKey
+ + "\" are used for signing (" + secretKey.length() + " octets)");
+ sig.sign(sig.createSecretKey(secretKey.getBytes()));
+
+ Canonicalizer c14n =
+ Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
+ byte[] full = c14n.canonicalizeSubtree(doc);
+ FileOutputStream fos = new FileOutputStream(filename);
+
+ try {
+ fos.write(full);
+ } finally {
+ fos.close();
+ }
+
+ if (verbose) {
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println("Input to the transforms is");
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println(
+ new String(sig.getSignedInfo().item(0).getContentsBeforeTransformation().getBytes())
+ );
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out
+ .println("The signed octets (output of the transforms) are ");
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println(
+ new String(sig.getSignedInfo().item(0).getTransformsOutput().getBytes())
+ );
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println("The document is ");
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println(new String(full));
+ System.out.println(
+ "-------------------------------------------------------------");
+ }
+ }
+
+ /**
+ * Method check
+ *
+ * @param filename
+ * @throws Exception
+ */
+ public static void check(String filename) throws Exception {
+
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ Document doc = db.parse(new FileInputStream(filename));
+ NodeList sigs = doc.getElementsByTagNameNS(Constants.SignatureSpecNS, Constants._TAG_SIGNATURE);
+
+ XMLSignature sig =
+ new XMLSignature((Element)sigs.item(0), new File(filename).toURI().toURL().toString());
+ boolean check = sig.checkSignatureValue(sig.createSecretKey("secret".getBytes()));
+
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println("Verification of " + filename + ": " + check);
+ System.out.println(
+ "-------------------------------------------------------------");
+ System.out.println(new String(sig.getSignedInfo().item(0).getTransformsOutput().getBytes()));
+ System.out.println(
+ "-------------------------------------------------------------");
+
+ JavaUtils.writeBytesToFilename(
+ "build/1.html", sig.getSignedInfo().item(0).getHTMLRepresentation().getBytes()
+ );
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/transforms/SampleTransformXPathHereFunc.java b/samples/org/apache/xml/security/samples/transforms/SampleTransformXPathHereFunc.java
new file mode 100644
index 0000000..53fa610
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/transforms/SampleTransformXPathHereFunc.java
@@ -0,0 +1,102 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.transforms;
+
+import javax.xml.xpath.XPath;
+import javax.xml.xpath.XPathConstants;
+import javax.xml.xpath.XPathFactory;
+
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.samples.DSNamespaceContext;
+import org.apache.xml.security.samples.SampleUtils;
+import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.utils.Constants;
+import org.apache.xml.security.utils.XMLUtils;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+/**
+ * This class demonstrates the use of a Transform for XSLT. The
+ * <CODE>xsl:stylesheet</CODE> is directly embedded in the <CODE>ds:Transform</CODE>,
+ * so the {@link Transform} object is created by using the Element.
+ *
+ * @author Christian Geuer-Pollmann
+ * @version %I%, %G%
+ */
+public class SampleTransformXPathHereFunc {
+
+ /**
+ * Method main
+ *
+ * @param args
+ * @throws Exception
+ */
+ public static void main(String args[]) throws Exception {
+ String inputStr =
+ "<?xml version=\"1.0\"?>" + "\n"
+ + "<Document>" + "\n"
+ + " <Data attr='attrValue'>text in Data</Data>" + "\n"
+ + "<Signature xmlns='http://www.w3.org/2000/09/xmldsig#'>" + "\n"
+ + " <SignedInfo>" + "\n"
+ + " <Reference>" + "\n"
+ + " <Transforms>" + "\n"
+ + " <Transform xmlns:ds='http://www.w3.org/2000/09/xmldsig#' Algorithm='http://www.w3.org/TR/1999/REC-xpath-19991116'>" + "\n"
+ + " <XPath>count(ancestor-or-self::ds:Signature | here()/ancestor::ds:Signature[1]) > count(ancestor-or-self::ds:Signature)</XPath>" + "\n"
+ + " </Transform>" + "\n"
+ + " <Transform Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments' />" + "\n"
+ + " <Transform Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments' />" + "\n"
+ + " <Transform Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments' />" + "\n"
+ + " <Transform Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments' />" + "\n"
+ + " <Transform Algorithm='http://www.w3.org/TR/2001/REC-xml-c14n-20010315#WithComments' />" + "\n"
+ + " </Transforms>" + "\n"
+ + " </Reference>" + "\n"
+ + " </SignedInfo>" + "\n"
+ + " </Signature>"
+ + "</Document>"
+ ;
+
+ org.apache.xml.security.Init.init();
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc =
+ db.parse(new java.io.ByteArrayInputStream(inputStr.getBytes()));
+
+ XPathFactory xpf = XPathFactory.newInstance();
+ XPath xpath = xpf.newXPath();
+ xpath.setNamespaceContext(new DSNamespaceContext());
+
+ String expression = "/Document/ds:Signature[1]/ds:SignedInfo/ds:Reference[1]/ds:Transforms";
+ Element transformsElem =
+ (Element) xpath.evaluate(expression, doc, XPathConstants.NODE);
+
+ Transforms transforms = new Transforms(transformsElem, "memory://");
+ XMLSignatureInput input = new XMLSignatureInput((Node) doc);
+
+ // input.setCanonicalizerURI(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
+
+ XMLSignatureInput result = transforms.performTransforms(input);
+
+ System.out.println(new String(result.getBytes()));
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/transforms/SampleTransformXSLT.java b/samples/org/apache/xml/security/samples/transforms/SampleTransformXSLT.java
new file mode 100644
index 0000000..41dda5c
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/transforms/SampleTransformXSLT.java
@@ -0,0 +1,141 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.transforms;
+
+
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.transforms.Transforms;
+
+/**
+ * This class demonstrates the use of a Transform for XSLT. The
+ * <CODE>xsl:stylesheet</CODE> is directly embedded in the <CODE>ds:Transform</CODE>,
+ * so the {@link Transform} object is created by using the Element.
+ *
+ * @author Christian Geuer-Pollmann
+ * @version %I%, %G%
+ */
+public class SampleTransformXSLT {
+
+ /**
+ * Method main
+ *
+ * @param args
+ * @throws Exception
+ */
+ public static void main(String args[]) throws Exception {
+ org.apache.xml.security.Init.init();
+
+ String transformStr =
+ "<?xml version=\"1.0\"?>\n"
+ + "<ds:Transforms xmlns:ds='http://www.w3.org/2000/09/xmldsig#'>\n"
+ + "<ds:Transform Algorithm='http://www.w3.org/TR/1999/REC-xslt-19991116'>\n"
+ + "<xsl:stylesheet version=\"1.0\"\n"
+ + " xmlns:xsl='http://www.w3.org/1999/XSL/Transform'>\n"
+ + "<xsl:output method=\"xml\" indent=\"yes\"/>\n"
+
+ + "<xsl:template match=\"Class\">\n"
+ + "<BirdInfo>\n"
+ + " <xsl:apply-templates select=\"Order\"/>\n"
+ + "</BirdInfo>\n"
+ + "</xsl:template>\n"
+
+ + "<xsl:template match=\"Order\">\n"
+ + "Order is: <xsl:value-of select=\"@Name\"/>\n"
+ + " <xsl:apply-templates select=\"Family\"/><xsl:text>\n"
+ + "</xsl:text>\n"
+ + "</xsl:template>\n"
+
+ + "<xsl:template match=\"Family\">\n"
+ + " Family is: <xsl:value-of select=\"@Name\"/>\n"
+ + " <xsl:apply-templates select=\"Species | SubFamily | text()\"/>\n"
+ + "</xsl:template>\n"
+ + "<xsl:template match=\"SubFamily\">\n"
+ + " SubFamily is <xsl:value-of select=\"@Name\"/>\n"
+ + " <xsl:apply-templates select=\"Species | text()\"/>\n"
+ + "</xsl:template>\n"
+
+ + "<xsl:template match=\"Species\">\n"
+ + " <xsl:choose>\n"
+ + " <xsl:when test=\"name(..)='SubFamily'\">\n"
+ + " <xsl:text> </xsl:text><xsl:value-of select=\".\"/><xsl:text> </xsl:text><xsl:value-of select=\"@Scientific_Name\"/>\n"
+ + " </xsl:when>\n"
+ + " <xsl:otherwise>\n"
+ + " <xsl:value-of select=\".\"/><xsl:text> </xsl:text><xsl:value-of select=\"@Scientific_Name\"/>\n"
+ + " </xsl:otherwise>\n"
+ + " </xsl:choose>\n"
+ + "</xsl:template>\n"
+
+ + "</xsl:stylesheet>\n"
+ + "</ds:Transform>\n"
+ + "</ds:Transforms>\n"
+ ;
+
+ String inputStr =
+ "<?xml version=\"1.0\"?>\n"
+ + "<Class>\n"
+ + "<Order Name=\"TINAMIFORMES\">\n"
+ + " <Family Name=\"TINAMIDAE\">\n"
+ + " <Species Scientific_Name=\"Tinamus major\"> Great Tinamou.</Species>\n"
+ + " <Species Scientific_Name=\"Nothocercus\">Highland Tinamou.</Species>\n"
+ + " <Species Scientific_Name=\"Crypturellus soui\">Little Tinamou.</Species>\n"
+ + " <Species Scientific_Name=\"Crypturellus cinnamomeus\">Thicket Tinamou.</Species>\n"
+ + " <Species Scientific_Name=\"Crypturellus boucardi\">Slaty-breasted Tinamou.</Species>\n"
+ + " <Species Scientific_Name=\"Crypturellus kerriae\">Choco Tinamou.</Species>\n"
+ + " </Family>\n"
+ + " </Order>\n"
+ + " <Order Name=\"GAVIIFORMES\">\n"
+ + " <Family Name=\"GAVIIDAE\">\n"
+ + " <Species Scientific_Name=\"Gavia stellata\">Red-throated Loon.</Species>\n"
+ + " <Species Scientific_Name=\"Gavia arctica\">Arctic Loon.</Species>\n"
+ + " <Species Scientific_Name=\"Gavia pacifica\">Pacific Loon.</Species>\n"
+ + " <Species Scientific_Name=\"Gavia immer\">Common Loon.</Species>\n"
+ + " <Species Scientific_Name=\"Gavia adamsii\">Yellow-billed Loon.</Species>\n"
+ + " </Family>\n"
+ + " </Order>\n"
+ + " <Order Name=\"PODICIPEDIFORMES\">\n"
+ + " <Family Name=\"PODICIPEDIDAE\">\n"
+ + " <Species Scientific_Name=\"Tachybaptus dominicus\">Least Grebe.</Species>\n"
+ + " <Species Scientific_Name=\"Podilymbus podiceps\">Pied-billed Grebe.</Species>\n"
+ + " <Species Scientific_Name=\"\">Atitlan Grebe.</Species>\n"
+ + " <Species Scientific_Name=\"\">Horned Grebe.</Species>\n"
+ + " <Species Scientific_Name=\"\">Red-necked Grebe.</Species>\n"
+ + " <Species Scientific_Name=\"\">Eared Grebe.</Species>\n"
+ + " <Species Scientific_Name=\"\">Western Grebe.</Species>\n"
+ + " <Species Scientific_Name=\"\">Clark's Grebe.</Species>\n"
+ + " </Family>\n"
+ + " </Order>\n"
+ + "</Class>\n"
+ ;
+ javax.xml.parsers.DocumentBuilderFactory dbf =
+ javax.xml.parsers.DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ javax.xml.parsers.DocumentBuilder db = dbf.newDocumentBuilder();
+ org.w3c.dom.Document doc =
+ db.parse(new java.io.ByteArrayInputStream(transformStr.getBytes()));
+
+ Transforms t = new Transforms(doc.getDocumentElement(), "memory://");
+ XMLSignatureInput result =
+ t.performTransforms(new XMLSignatureInput(inputStr.getBytes()));
+
+ System.out.println(new String(result.getBytes()));
+ }
+
+}
diff --git a/samples/org/apache/xml/security/samples/utils/Base64Sample.java b/samples/org/apache/xml/security/samples/utils/Base64Sample.java
new file mode 100644
index 0000000..1ff0bf8
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/utils/Base64Sample.java
@@ -0,0 +1,90 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.utils;
+
+import java.math.BigInteger;
+
+import javax.xml.parsers.DocumentBuilder;
+import javax.xml.parsers.DocumentBuilderFactory;
+
+import org.apache.xml.security.c14n.Canonicalizer;
+import org.apache.xml.security.utils.Base64;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Text;
+
+/**
+ * Sample usage for Base64 class
+ *
+ * @author $Author$
+ */
+public class Base64Sample {
+
+ /**
+ * Method main
+ *
+ * @param unused
+ * @throws Exception
+ */
+ public static void main(String[] unused) throws Exception {
+
+ org.apache.xml.security.Init.init();
+
+ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
+
+ dbf.setNamespaceAware(true);
+
+ DocumentBuilder db = dbf.newDocumentBuilder();
+ Document doc = db.newDocument();
+ BigInteger bi =
+ new BigInteger("43268743267463264169236328648732694167862"
+ + "349613278648732164986132849761329543543"
+ + "874618327964897164823698416236345435435"
+ + "491823648913268496218974698126498712698"
+ + "426861432892343242343243242342342354354"
+ + "349613278648732164986132849761329543543"
+ + "874618327964897164823698416236345435435"
+ + "491823648913268496218974698126498712698"
+ + "426861432892343242343243242342342354354"
+ + "349613278648732164986132849761329543543"
+ + "874618327964897164823698416236345435435"
+ + "491823648913268496218974698126498712698"
+ + "426861432892343242343243242342342354354"
+ + "349613278648732164986132849761329543543"
+ + "874618327964897164823698416236345435435"
+ + "491823648913268496218974698126498712698"
+ + "426861432892343242343243242342342354354"
+ + "349613278648732164986132849761329543543"
+ + "874618327964897164823698416236345435435"
+ + "491823648913268496218974698126498712698"
+ + "426861432892343242343243242342342354354"
+ + "3246874621496829136");
+
+ Text base64text = doc.createTextNode(Base64.encode(bi));
+ Element root = doc.createElementNS(null, "Base64");
+
+ doc.appendChild(root);
+ root.appendChild(base64text);
+
+ Canonicalizer c14n =
+ Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_WITH_COMMENTS);
+
+ System.out.println(new String(c14n.canonicalizeSubtree(doc)));
+ }
+}
diff --git a/samples/org/apache/xml/security/samples/utils/resolver/OfflineResolver.java b/samples/org/apache/xml/security/samples/utils/resolver/OfflineResolver.java
new file mode 100644
index 0000000..643593c
--- /dev/null
+++ b/samples/org/apache/xml/security/samples/utils/resolver/OfflineResolver.java
@@ -0,0 +1,170 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.samples.utils.resolver;
+
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.utils.resolver.ResourceResolverException;
+import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
+import org.w3c.dom.Attr;
+
+/**
+ * This class helps us home users to resolve http URIs without a network
+ * connection
+ *
+ * @author $Author$
+ */
+public class OfflineResolver extends ResourceResolverSpi {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(OfflineResolver.class);
+
+ /** Field _uriMap */
+ static Map<String, String> _uriMap = null;
+
+ /** Field _mimeMap */
+ static Map<String, String> _mimeMap = null;
+
+ static {
+ org.apache.xml.security.Init.init();
+
+ OfflineResolver._uriMap = new HashMap<String, String>();
+ OfflineResolver._mimeMap = new HashMap<String, String>();
+
+ OfflineResolver.register("http://www.w3.org/TR/xml-stylesheet",
+ "samples/data/org/w3c/www/TR/xml-stylesheet.html",
+ "text/html");
+ OfflineResolver.register("http://www.w3.org/TR/2000/REC-xml-20001006",
+ "samples/data/org/w3c/www/TR/2000/REC-xml-20001006",
+ "text/xml");
+ OfflineResolver.register("http://www.nue.et-inf.uni-siegen.de/index.html",
+ "samples/data/org/apache/xml/security/temp/nuehomepage",
+ "text/html");
+ OfflineResolver.register("http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/id2.xml",
+ "samples/data/org/apache/xml/security/temp/id2.xml", "text/xml");
+ OfflineResolver.register("http://xmldsig.pothole.com/xml-stylesheet.txt",
+ "samples/data/com/pothole/xmldsig/xml-stylesheet.txt", "text/xml");
+ OfflineResolver.register("http://www.w3.org/Signature/2002/04/xml-stylesheet.b64",
+ "samples/data/ie/baltimore/merlin-examples/merlin-xmldsig-twenty-three/xml-stylesheet.b64", "text/plain");
+ }
+
+ /**
+ * Method engineResolve
+ *
+ * @param uri
+ * @param BaseURI
+ *
+ * @throws ResourceResolverException
+ */
+ public XMLSignatureInput engineResolve(Attr uri, String BaseURI)
+ throws ResourceResolverException {
+ try {
+ String URI = uri.getNodeValue();
+
+ if (OfflineResolver._uriMap.containsKey(URI)) {
+ String newURI = OfflineResolver._uriMap.get(URI);
+
+ log.debug("Mapped " + URI + " to " + newURI);
+
+ InputStream is = new FileInputStream(newURI);
+
+ log.debug("Available bytes = " + is.available());
+
+ XMLSignatureInput result = new XMLSignatureInput(is);
+
+ // XMLSignatureInput result = new XMLSignatureInput(inputStream);
+ result.setSourceURI(URI);
+ result.setMIMEType((String) OfflineResolver._mimeMap.get(URI));
+
+ return result;
+ } else {
+ Object exArgs[] = {"The URI " + URI + " is not configured for offline work"};
+
+ throw new ResourceResolverException("generic.EmptyMessage", exArgs, uri, BaseURI);
+ }
+ } catch (IOException ex) {
+ throw new ResourceResolverException("generic.EmptyMessage", ex, uri, BaseURI);
+ }
+ }
+
+ /**
+ * We resolve http URIs <I>without</I> fragment...
+ *
+ * @param uri
+ * @param BaseURI
+ *
+ */
+ public boolean engineCanResolve(Attr uri, String BaseURI) {
+
+ String uriNodeValue = uri.getNodeValue();
+ if (uriNodeValue.equals("") || uriNodeValue.startsWith("#")) {
+ return false;
+ }
+
+ try {
+ URI uriNew = getNewURI(uri.getNodeValue(), BaseURI);
+ if (uriNew.getScheme().equals("http")) {
+ log.debug("I state that I can resolve " + uriNew.toString());
+ return true;
+ }
+
+ log.debug("I state that I can't resolve " + uriNew.toString());
+ } catch (URISyntaxException ex) {
+ //
+ }
+
+ return false;
+ }
+
+ /**
+ * Method register
+ *
+ * @param URI
+ * @param filename
+ * @param MIME
+ */
+ private static void register(String URI, String filename, String MIME) {
+ OfflineResolver._uriMap.put(URI, filename);
+ OfflineResolver._mimeMap.put(URI, MIME);
+ }
+
+ private static URI getNewURI(String uri, String baseURI) throws URISyntaxException {
+ URI newUri = null;
+ if (baseURI == null || "".equals(baseURI)) {
+ newUri = new URI(uri);
+ } else {
+ newUri = new URI(baseURI).resolve(uri);
+ }
+
+ // if the URI contains a fragment, ignore it
+ if (newUri.getFragment() != null) {
+ URI uriNewNoFrag =
+ new URI(newUri.getScheme(), newUri.getSchemeSpecificPart(), null);
+ return uriNewNoFrag;
+ }
+ return newUri;
+ }
+}
diff --git a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyValue.java b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyValue.java
index 4640963..4a4193c 100644
--- a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyValue.java
+++ b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMKeyValue.java
@@ -49,10 +49,10 @@
import java.security.spec.KeySpec;
import java.security.spec.RSAPublicKeySpec;
import java.util.Arrays;
-import java.util.Base64;
-import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Element;
+import org.apache.xml.security.exceptions.Base64DecodingException;
+import org.apache.xml.security.utils.Base64;
/**
* DOM-based implementation of KeyValue.
@@ -160,7 +160,7 @@
public static BigInteger decode(Element elem) throws MarshalException {
try {
String base64str = BaseStructure.textOfNode(elem);
- return new BigInteger(1, Base64.getMimeDecoder().decode(base64str));
+ return Base64.decodeBigIntegerFromString(base64str);
} catch (Exception ex) {
throw new MarshalException(ex);
}
@@ -169,13 +169,11 @@
public static void writeBase64BigIntegerElement(
XmlWriter xwriter, String prefix, String localName, String namespaceURI, BigInteger value
) {
- byte[] bytes = XMLUtils.getBytes(value, value.bitLength());
- xwriter.writeTextElement(prefix, localName, namespaceURI, Base64.getMimeEncoder().encodeToString(bytes));
+ xwriter.writeTextElement(prefix, localName, namespaceURI, Base64.encode(value));
}
public static void marshal(XmlWriter xwriter, BigInteger bigNum) {
- byte[] bytes = XMLUtils.getBytes(bigNum, bigNum.bitLength());
- xwriter.writeCharacters(Base64.getMimeEncoder().encodeToString(bytes));
+ xwriter.writeCharacters(Base64.encode(bigNum));
}
@Override
@@ -474,7 +472,7 @@
xwriter.writeEndElement();
xwriter.writeStartElement(prefix, "PublicKey", XMLDSIG_11_XMLNS);
- String encoded = Base64.getMimeEncoder().encodeToString(ecPublicKey);
+ String encoded = Base64.encode(ecPublicKey);
xwriter.writeCharacters(encoded);
xwriter.writeEndElement(); // "PublicKey"
xwriter.writeEndElement(); // "ECKeyValue"
@@ -522,9 +520,10 @@
ECPoint ecPoint = null;
try {
- String content = XMLUtils.getFullTextChildrenFromElement(curElem);
- ecPoint = decodePoint(Base64.getMimeDecoder().decode(content),
+ ecPoint = decodePoint(Base64.decode(curElem),
ecParams.getCurve());
+ } catch (Base64DecodingException bde) {
+ throw new MarshalException("Invalid EC PublicKey", bde);
} catch (IOException ioe) {
throw new MarshalException("Invalid EC Point", ioe);
}
diff --git a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMPGPData.java b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMPGPData.java
index 0a15cff..5066e05 100644
--- a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMPGPData.java
+++ b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMPGPData.java
@@ -32,8 +32,8 @@
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-
-import org.apache.xml.security.utils.XMLUtils;
+import org.apache.xml.security.exceptions.Base64DecodingException;
+import org.apache.xml.security.utils.Base64;
/**
* DOM-based implementation of PGPData.
@@ -151,15 +151,17 @@
Element childElem = (Element)firstChild;
String localName = childElem.getLocalName();
String namespace = childElem.getNamespaceURI();
- if (localName.equals("PGPKeyID") && XMLSignature.XMLNS.equals(namespace)) {
- String content = XMLUtils.getFullTextChildrenFromElement(childElem);
- pgpKeyId = Base64.getMimeDecoder().decode(content);
- } else if (localName.equals("PGPKeyPacket") && XMLSignature.XMLNS.equals(namespace)) {
- String content = XMLUtils.getFullTextChildrenFromElement(childElem);
- pgpKeyPacket = Base64.getMimeDecoder().decode(content);
- } else {
- other.add
- (new javax.xml.crypto.dom.DOMStructure(childElem));
+ try {
+ if (localName.equals("PGPKeyID") && XMLSignature.XMLNS.equals(namespace)) {
+ pgpKeyId = Base64.decode(childElem);
+ } else if (localName.equals("PGPKeyPacket") && XMLSignature.XMLNS.equals(namespace)) {
+ pgpKeyPacket = Base64.decode(childElem);
+ } else {
+ other.add
+ (new javax.xml.crypto.dom.DOMStructure(childElem));
+ }
+ } catch (Base64DecodingException bde) {
+ throw new MarshalException(bde);
}
}
firstChild = firstChild.getNextSibling();
diff --git a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java
index 01f559b..4e3ae0e 100644
--- a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java
+++ b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMReference.java
@@ -44,12 +44,11 @@
import org.w3c.dom.Attr;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-
-import org.apache.xml.security.utils.XMLUtils;
-
import org.apache.jcp.xml.dsig.internal.DigesterOutputStream;
import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
+import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
/**
@@ -244,9 +243,12 @@
// unmarshal DigestValue
Element dvElem = DOMUtils.getNextSiblingElement(dmElem, "DigestValue", XMLSignature.XMLNS);
- String content = XMLUtils.getFullTextChildrenFromElement(dvElem);
- this.digestValue = Base64.getMimeDecoder().decode(content);
-
+ try {
+ this.digestValue = Base64.decode(dvElem);
+ } catch (Base64DecodingException bde) {
+ throw new MarshalException(bde);
+ }
+
// check for extra elements
if (DOMUtils.getNextSiblingElement(dvElem) != null) {
throw new MarshalException(
@@ -336,7 +338,7 @@
}
xwriter.writeStartElement(dsPrefix, "DigestValue", XMLSignature.XMLNS);
if (digestValue != null) {
- xwriter.writeCharacters(Base64.getMimeEncoder().encodeToString(digestValue));
+ xwriter.writeCharacters(Base64.encode(digestValue));
}
xwriter.writeEndElement(); // "DigestValue"
xwriter.writeEndElement(); // "Reference"
@@ -354,7 +356,7 @@
digestValue = transform(data, signContext);
// insert digestValue into DigestValue element
- String encodedDV = Base64.getMimeEncoder().encodeToString(digestValue);
+ String encodedDV = Base64.encode(digestValue);
if (log.isDebugEnabled()) {
log.debug("Reference object uri = " + uri);
}
@@ -386,8 +388,8 @@
calcDigestValue = transform(data, validateContext);
if (log.isDebugEnabled()) {
- log.debug("Expected digest: " + Base64.getMimeEncoder().encodeToString(digestValue));
- log.debug("Actual digest: " + Base64.getMimeEncoder().encodeToString(calcDigestValue));
+ log.debug("Expected digest: " + Base64.encode(digestValue));
+ log.debug("Actual digest: " + Base64.encode(calcDigestValue));
}
validationStatus = Arrays.equals(digestValue, calcDigestValue);
@@ -450,8 +452,10 @@
} else {
dos = new DigesterOutputStream(md);
}
+ OutputStream os = null;
Data data = dereferencedData;
- try (OutputStream os = new UnsyncBufferedOutputStream(dos)) {
+ try {
+ os = new UnsyncBufferedOutputStream(dos);
for (int i = 0, size = transforms.size(); i < size; i++) {
DOMTransform transform = (DOMTransform)transforms.get(i);
if (i < size - 1) {
@@ -553,6 +557,13 @@
} catch (org.apache.xml.security.c14n.CanonicalizationException e) {
throw new XMLSignatureException(e);
} finally {
+ if (os != null) {
+ try {
+ os.close();
+ } catch (IOException e) {
+ throw new XMLSignatureException(e);
+ }
+ }
if (dos != null) {
try {
dos.close();
diff --git a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
index e72d812..25bb10e 100644
--- a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
+++ b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMRetrievalMethod.java
@@ -32,7 +32,6 @@
package org.apache.jcp.xml.dsig.internal.dom;
import java.io.ByteArrayInputStream;
-import java.io.InputStream;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.Provider;
@@ -269,10 +268,11 @@
{
DocumentBuilder db = null;
boolean secVal = Utils.secureValidation(context);
- ApacheData data = (ApacheData)dereference(context);
- try (InputStream is = new ByteArrayInputStream(data.getXMLSignatureInput().getBytes())) {
+ try {
+ ApacheData data = (ApacheData)dereference(context);
db = XMLUtils.createDocumentBuilder(false, secVal);
- Document doc = db.parse(is);
+ Document doc = db.parse(new ByteArrayInputStream
+ (data.getXMLSignatureInput().getBytes()));
Element kiElem = doc.getDocumentElement();
if (kiElem.getLocalName().equals("X509Data")
&& XMLSignature.XMLNS.equals(kiElem.getNamespaceURI())) {
diff --git a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
index f524e8c..64df0dc 100644
--- a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
+++ b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignatureMethod.java
@@ -224,10 +224,9 @@
log.debug("JCA Algorithm: " + getJCAAlgorithm());
log.debug("Signature Bytes length: " + sig.length);
}
+ si.canonicalize(context, new SignerOutputStream(signature));
- try (SignerOutputStream outputStream = new SignerOutputStream(signature)) {
- si.canonicalize(context, outputStream);
-
+ try {
Type type = getAlgorithmType();
if (type == Type.DSA) {
int size = ((DSAKey)key).getParams().getQ().bitLength();
@@ -272,9 +271,9 @@
log.debug("JCA Algorithm: " + getJCAAlgorithm());
}
- try (SignerOutputStream outputStream = new SignerOutputStream(signature)) {
- si.canonicalize(context, outputStream);
-
+ si.canonicalize(context, new SignerOutputStream(signature));
+
+ try {
Type type = getAlgorithmType();
if (type == Type.DSA) {
int size = ((DSAKey)key).getParams().getQ().bitLength();
diff --git a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignedInfo.java b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignedInfo.java
index 55c6f6d..6522837 100644
--- a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignedInfo.java
+++ b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMSignedInfo.java
@@ -36,6 +36,7 @@
import java.util.*;
import org.w3c.dom.Element;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
@@ -216,31 +217,42 @@
throw new NullPointerException("context cannot be null");
}
+ OutputStream os = new UnsyncBufferedOutputStream(bos);
+
DOMSubTreeData subTree = new DOMSubTreeData(localSiElem, true);
- try (OutputStream os = new UnsyncBufferedOutputStream(bos)) {
+ try {
((DOMCanonicalizationMethod)
canonicalizationMethod).canonicalize(subTree, context, os);
-
- os.flush();
-
- byte[] signedInfoBytes = bos.toByteArray();
-
- // this whole block should only be done if logging is enabled
- if (log.isDebugEnabled()) {
- log.debug("Canonicalized SignedInfo:");
- StringBuilder sb = new StringBuilder(signedInfoBytes.length);
- for (int i = 0; i < signedInfoBytes.length; i++) {
- sb.append((char)signedInfoBytes[i]);
- }
- log.debug(sb.toString());
- log.debug("Data to be signed/verified:" + Base64.getMimeEncoder().encodeToString(signedInfoBytes));
- }
-
- this.canonData = new ByteArrayInputStream(signedInfoBytes);
-
- os.close();
} catch (TransformException te) {
throw new XMLSignatureException(te);
+ }
+
+ try {
+ os.flush();
+ } catch (IOException e) {
+ if (log.isDebugEnabled()) {
+ log.debug(e.getMessage(), e);
+ }
+ // Impossible
+ }
+
+ byte[] signedInfoBytes = bos.toByteArray();
+
+ // this whole block should only be done if logging is enabled
+ if (log.isDebugEnabled()) {
+ log.debug("Canonicalized SignedInfo:");
+ StringBuilder sb = new StringBuilder(signedInfoBytes.length);
+ for (int i = 0; i < signedInfoBytes.length; i++) {
+ sb.append((char)signedInfoBytes[i]);
+ }
+ log.debug(sb.toString());
+ log.debug("Data to be signed/verified:" + Base64.encode(signedInfoBytes));
+ }
+
+ this.canonData = new ByteArrayInputStream(signedInfoBytes);
+
+ try {
+ os.close();
} catch (IOException e) {
if (log.isDebugEnabled()) {
log.debug(e.getMessage(), e);
diff --git a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509Data.java b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509Data.java
index e77128e..1f23eab 100644
--- a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509Data.java
+++ b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMX509Data.java
@@ -25,7 +25,6 @@
package org.apache.jcp.xml.dsig.internal.dom;
import java.io.ByteArrayInputStream;
-import java.io.IOException;
import java.security.cert.*;
import java.util.*;
@@ -36,8 +35,8 @@
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-
-import org.apache.xml.security.utils.XMLUtils;
+import org.apache.xml.security.exceptions.Base64DecodingException;
+import org.apache.xml.security.utils.Base64;
/**
* DOM-based implementation of X509Data.
@@ -109,8 +108,11 @@
} else if (localName.equals("X509SubjectName") && XMLSignature.XMLNS.equals(namespace)) {
newContent.add(childElem.getFirstChild().getNodeValue());
} else if (localName.equals("X509SKI") && XMLSignature.XMLNS.equals(namespace)) {
- String content = XMLUtils.getFullTextChildrenFromElement(childElem);
- newContent.add(Base64.getMimeDecoder().decode(content));
+ try {
+ newContent.add(Base64.decode(childElem));
+ } catch (Base64DecodingException bde) {
+ throw new MarshalException("cannot decode X509SKI", bde);
+ }
} else if (localName.equals("X509CRL") && XMLSignature.XMLNS.equals(namespace)) {
newContent.add(unmarshalX509CRL(childElem));
} else {
@@ -154,8 +156,7 @@
private static void marshalSKI(XmlWriter xwriter, byte[] skid, String dsPrefix)
{
- xwriter.writeTextElement(dsPrefix, "X509SKI", XMLSignature.XMLNS,
- Base64.getMimeEncoder().encodeToString(skid));
+ xwriter.writeTextElement(dsPrefix, "X509SKI", XMLSignature.XMLNS, Base64.encode(skid));
}
private static void marshalSubjectName(XmlWriter xwriter, String name, String dsPrefix)
@@ -168,8 +169,7 @@
{
try {
byte[] encoded = cert.getEncoded();
- xwriter.writeTextElement(dsPrefix, "X509Certificate", XMLSignature.XMLNS,
- Base64.getMimeEncoder().encodeToString(encoded));
+ xwriter.writeTextElement(dsPrefix, "X509Certificate", XMLSignature.XMLNS, Base64.encode(encoded));
} catch (CertificateEncodingException e) {
throw new MarshalException("Error encoding X509Certificate", e);
}
@@ -180,8 +180,7 @@
{
try {
byte[] encoded = crl.getEncoded();
- xwriter.writeTextElement(dsPrefix, "X509CRL", XMLSignature.XMLNS,
- Base64.getMimeEncoder().encodeToString(encoded));
+ xwriter.writeTextElement(dsPrefix, "X509CRL", XMLSignature.XMLNS, Base64.encode(encoded));
} catch (CRLException e) {
throw new MarshalException("Error encoding X509CRL", e);
}
@@ -190,22 +189,20 @@
private X509Certificate unmarshalX509Certificate(Element elem)
throws MarshalException
{
- try (ByteArrayInputStream bs = unmarshalBase64Binary(elem)) {
+ try {
+ ByteArrayInputStream bs = unmarshalBase64Binary(elem);
return (X509Certificate)cf.generateCertificate(bs);
} catch (CertificateException e) {
throw new MarshalException("Cannot create X509Certificate", e);
- } catch (IOException e) {
- throw new MarshalException("Error closing stream", e);
}
}
private X509CRL unmarshalX509CRL(Element elem) throws MarshalException {
- try (ByteArrayInputStream bs = unmarshalBase64Binary(elem)) {
+ try {
+ ByteArrayInputStream bs = unmarshalBase64Binary(elem);
return (X509CRL)cf.generateCRL(bs);
} catch (CRLException e) {
throw new MarshalException("Cannot create X509CRL", e);
- } catch (IOException e) {
- throw new MarshalException("Error closing stream", e);
}
}
@@ -215,10 +212,11 @@
if (cf == null) {
cf = CertificateFactory.getInstance("X.509");
}
- String content = XMLUtils.getFullTextChildrenFromElement(elem);
- return new ByteArrayInputStream(Base64.getMimeDecoder().decode(content));
+ return new ByteArrayInputStream(Base64.decode(elem));
} catch (CertificateException e) {
throw new MarshalException("Cannot create CertificateFactory", e);
+ } catch (Base64DecodingException bde) {
+ throw new MarshalException("Cannot decode Base64-encoded val", bde);
}
}
diff --git a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
index c5eb9f1..eac974f 100644
--- a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
+++ b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/DOMXMLSignature.java
@@ -42,15 +42,14 @@
import java.security.Provider;
import java.util.Collections;
import java.util.ArrayList;
-import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
-
-import org.apache.xml.security.utils.XMLUtils;
+import org.apache.xml.security.exceptions.Base64DecodingException;
+import org.apache.xml.security.utils.Base64;
/**
* DOM-based implementation of XMLSignature.
@@ -500,9 +499,12 @@
DOMSignatureValue(Element sigValueElem)
throws MarshalException
{
- // base64 decode signatureValue
- String content = XMLUtils.getFullTextChildrenFromElement(sigValueElem);
- value = Base64.getMimeDecoder().decode(content);
+ try {
+ // base64 decode signatureValue
+ value = Base64.decode(sigValueElem);
+ } catch (Base64DecodingException bde) {
+ throw new MarshalException(bde);
+ }
id = DOMUtils.getIdAttributeValue(sigValueElem, "Id");
}
@@ -615,7 +617,7 @@
void setValue(XmlWriter xwriter, byte[] value) {
this.value = value;
- valueBase64 = Base64.getMimeEncoder().encodeToString(value);
+ valueBase64 = Base64.encode(value);
if (xwriter != null) {
xwriter.writeCharacters(valueBase64);
}
diff --git a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/Marshaller.java b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/Marshaller.java
index 648d901..37141f0 100644
--- a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/Marshaller.java
+++ b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/Marshaller.java
@@ -19,7 +19,6 @@
package org.apache.jcp.xml.dsig.internal.dom;
import java.util.ArrayList;
-import java.util.Base64;
import java.util.List;
import javax.xml.XMLConstants;
@@ -38,6 +37,7 @@
import javax.xml.crypto.dsig.keyinfo.X509Data;
import javax.xml.crypto.dsig.keyinfo.X509IssuerSerial;
+import org.apache.xml.security.utils.Base64;
import org.w3c.dom.Attr;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
@@ -82,15 +82,13 @@
// create and append PGPKeyID element
byte[] keyId = pgpData.getKeyId();
if (keyId != null) {
- xwriter.writeTextElement(dsPrefix, "PGPKeyID", XMLSignature.XMLNS,
- Base64.getMimeEncoder().encodeToString(keyId));
+ xwriter.writeTextElement(dsPrefix, "PGPKeyID", XMLSignature.XMLNS, Base64.encode(keyId));
}
// create and append PGPKeyPacket element
byte[] keyPacket = pgpData.getKeyPacket();
if (keyPacket != null) {
- xwriter.writeTextElement(dsPrefix, "XMLSignature.XMLNS", XMLSignature.XMLNS,
- Base64.getMimeEncoder().encodeToString(keyPacket));
+ xwriter.writeTextElement(dsPrefix, "XMLSignature.XMLNS", XMLSignature.XMLNS, Base64.encode(keyPacket));
}
// create and append any elements
diff --git a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/Utils.java b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/Utils.java
index b940942..6e567f6 100644
--- a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/Utils.java
+++ b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/Utils.java
@@ -44,20 +44,19 @@
public static byte[] readBytesFromStream(InputStream is)
throws IOException
{
- try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
- byte[] buf = new byte[1024];
- while (true) {
- int read = is.read(buf);
- if (read == -1) { // EOF
- break;
- }
- baos.write(buf, 0, read);
- if (read < 1024) {
- break;
- }
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ byte[] buf = new byte[1024];
+ while (true) {
+ int read = is.read(buf);
+ if (read == -1) { // EOF
+ break;
}
- return baos.toByteArray();
+ baos.write(buf, 0, read);
+ if (read < 1024) {
+ break;
+ }
}
+ return baos.toByteArray();
}
/**
diff --git a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/XMLDSigRI.java b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/XMLDSigRI.java
index 47fe73f..6978c07 100644
--- a/src/main/java/org/apache/jcp/xml/dsig/internal/dom/XMLDSigRI.java
+++ b/src/main/java/org/apache/jcp/xml/dsig/internal/dom/XMLDSigRI.java
@@ -57,7 +57,7 @@
public XMLDSigRI() {
/* We are the ApacheXMLDSig provider */
- super("ApacheXMLDSig", 2.10, INFO);
+ super("ApacheXMLDSig", 2.08, INFO);
final Map<Object, Object> map = new HashMap<Object, Object>();
map.put("XMLSignatureFactory.DOM",
diff --git a/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureDSA.java b/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureDSA.java
index c9a590a..f06f132 100644
--- a/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureDSA.java
+++ b/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureDSA.java
@@ -29,12 +29,12 @@
import java.security.SignatureException;
import java.security.interfaces.DSAKey;
import java.security.spec.AlgorithmParameterSpec;
-import java.util.Base64;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.algorithms.SignatureAlgorithmSpi;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.JavaUtils;
@@ -107,7 +107,7 @@
throws XMLSignatureException {
try {
if (log.isDebugEnabled()) {
- log.debug("Called DSA.verify() on " + Base64.getMimeEncoder().encodeToString(signature));
+ log.debug("Called DSA.verify() on " + Base64.encode(signature));
}
byte[] jcebytes = JavaUtils.convertDsaXMLDSIGtoASN1(signature,
diff --git a/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java b/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java
index a2000e1..ad2a932 100644
--- a/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java
+++ b/src/main/java/org/apache/xml/security/algorithms/implementations/SignatureECDSA.java
@@ -29,12 +29,12 @@
import java.security.Signature;
import java.security.SignatureException;
import java.security.spec.AlgorithmParameterSpec;
-import java.util.Base64;
import org.apache.xml.security.algorithms.JCEMapper;
import org.apache.xml.security.algorithms.SignatureAlgorithmSpi;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
+import org.apache.xml.security.utils.Base64;
/**
*
@@ -132,7 +132,7 @@
byte[] jcebytes = SignatureECDSA.convertXMLDSIGtoASN1(signature);
if (log.isDebugEnabled()) {
- log.debug("Called ECDSA.verify() on " + Base64.getMimeEncoder().encodeToString(signature));
+ log.debug("Called ECDSA.verify() on " + Base64.encode(signature));
}
return this.signatureAlgorithm.verify(jcebytes);
diff --git a/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java b/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java
index b5d2f2b..511f843 100644
--- a/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java
+++ b/src/main/java/org/apache/xml/security/c14n/Canonicalizer.java
@@ -252,41 +252,40 @@
public byte[] canonicalize(byte[] inputBytes)
throws javax.xml.parsers.ParserConfigurationException,
java.io.IOException, org.xml.sax.SAXException, CanonicalizationException {
- Document document = null;
- try (InputStream bais = new ByteArrayInputStream(inputBytes)) {
- InputSource in = new InputSource(bais);
-
- // needs to validate for ID attribute normalization
- DocumentBuilder db = XMLUtils.createDocumentBuilder(true, secureValidation);
-
- /*
- * for some of the test vectors from the specification,
- * there has to be a validating parser for ID attributes, default
- * attribute values, NMTOKENS, etc.
- * Unfortunately, the test vectors do use different DTDs or
- * even no DTD. So Xerces 1.3.1 fires many warnings about using
- * ErrorHandlers.
- *
- * Text from the spec:
- *
- * The input octet stream MUST contain a well-formed XML document,
- * but the input need not be validated. However, the attribute
- * value normalization and entity reference resolution MUST be
- * performed in accordance with the behaviors of a validating
- * XML processor. As well, nodes for default attributes (declared
- * in the ATTLIST with an AttValue but not specified) are created
- * in each element. Thus, the declarations in the document type
- * declaration are used to help create the canonical form, even
- * though the document type declaration is not retained in the
- * canonical form.
- */
- db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
-
- try {
- document = db.parse(in);
- } finally {
- XMLUtils.repoolDocumentBuilder(db);
- }
+ InputStream bais = new ByteArrayInputStream(inputBytes);
+ InputSource in = new InputSource(bais);
+
+ // needs to validate for ID attribute normalization
+ DocumentBuilder db = XMLUtils.createDocumentBuilder(true, secureValidation);
+
+ /*
+ * for some of the test vectors from the specification,
+ * there has to be a validating parser for ID attributes, default
+ * attribute values, NMTOKENS, etc.
+ * Unfortunately, the test vectors do use different DTDs or
+ * even no DTD. So Xerces 1.3.1 fires many warnings about using
+ * ErrorHandlers.
+ *
+ * Text from the spec:
+ *
+ * The input octet stream MUST contain a well-formed XML document,
+ * but the input need not be validated. However, the attribute
+ * value normalization and entity reference resolution MUST be
+ * performed in accordance with the behaviors of a validating
+ * XML processor. As well, nodes for default attributes (declared
+ * in the ATTLIST with an AttValue but not specified) are created
+ * in each element. Thus, the declarations in the document type
+ * declaration are used to help create the canonical form, even
+ * though the document type declaration is not retained in the
+ * canonical form.
+ */
+ db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
+
+ Document document;
+ try {
+ document = db.parse(in);
+ } finally {
+ XMLUtils.repoolDocumentBuilder(db);
}
return this.canonicalizeSubtree(document);
}
diff --git a/src/main/java/org/apache/xml/security/c14n/CanonicalizerSpi.java b/src/main/java/org/apache/xml/security/c14n/CanonicalizerSpi.java
index 93e91d2..ae9936f 100644
--- a/src/main/java/org/apache/xml/security/c14n/CanonicalizerSpi.java
+++ b/src/main/java/org/apache/xml/security/c14n/CanonicalizerSpi.java
@@ -56,17 +56,16 @@
throws javax.xml.parsers.ParserConfigurationException, java.io.IOException,
org.xml.sax.SAXException, CanonicalizationException {
- Document document = null;
- try (java.io.InputStream bais = new ByteArrayInputStream(inputBytes)) {
- InputSource in = new InputSource(bais);
+ java.io.InputStream bais = new ByteArrayInputStream(inputBytes);
+ InputSource in = new InputSource(bais);
- DocumentBuilder db = XMLUtils.createDocumentBuilder(false, secureValidation);
+ DocumentBuilder db = XMLUtils.createDocumentBuilder(false, secureValidation);
- try {
- document = db.parse(in);
- } finally {
- XMLUtils.repoolDocumentBuilder(db);
- }
+ Document document;
+ try {
+ document = db.parse(in);
+ } finally {
+ XMLUtils.repoolDocumentBuilder(db);
}
return this.engineCanonicalizeSubTree(document);
}
diff --git a/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java b/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java
index 8c25333..b30d080 100644
--- a/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java
+++ b/src/main/java/org/apache/xml/security/encryption/AbstractSerializer.java
@@ -96,17 +96,16 @@
* @throws Exception
*/
public String serialize(NodeList content) throws Exception {
- try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
- canon.setSecureValidation(secureValidation);
- canon.setWriter(baos);
- canon.notReset();
- for (int i = 0; i < content.getLength(); i++) {
- canon.canonicalizeSubtree(content.item(i));
- }
- String ret = baos.toString("UTF-8");
- baos.reset();
- return ret;
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ canon.setSecureValidation(secureValidation);
+ canon.setWriter(baos);
+ canon.notReset();
+ for (int i = 0; i < content.getLength(); i++) {
+ canon.canonicalizeSubtree(content.item(i));
}
+ String ret = baos.toString("UTF-8");
+ baos.reset();
+ return ret;
}
/**
@@ -119,15 +118,14 @@
* @throws Exception
*/
public byte[] serializeToByteArray(NodeList content) throws Exception {
- try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
- canon.setSecureValidation(secureValidation);
- canon.setWriter(baos);
- canon.notReset();
- for (int i = 0; i < content.getLength(); i++) {
- canon.canonicalizeSubtree(content.item(i));
- }
- return baos.toByteArray();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ canon.setSecureValidation(secureValidation);
+ canon.setWriter(baos);
+ canon.notReset();
+ for (int i = 0; i < content.getLength(); i++) {
+ canon.canonicalizeSubtree(content.item(i));
}
+ return baos.toByteArray();
}
/**
@@ -137,15 +135,14 @@
* @throws Exception
*/
public String canonSerialize(Node node) throws Exception {
- try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
- canon.setSecureValidation(secureValidation);
- canon.setWriter(baos);
- canon.notReset();
- canon.canonicalizeSubtree(node);
- String ret = baos.toString("UTF-8");
- baos.reset();
- return ret;
- }
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ canon.setSecureValidation(secureValidation);
+ canon.setWriter(baos);
+ canon.notReset();
+ canon.canonicalizeSubtree(node);
+ String ret = baos.toString("UTF-8");
+ baos.reset();
+ return ret;
}
/**
@@ -155,13 +152,12 @@
* @throws Exception
*/
public byte[] canonSerializeToByteArray(Node node) throws Exception {
- try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
- canon.setSecureValidation(secureValidation);
- canon.setWriter(baos);
- canon.notReset();
- canon.canonicalizeSubtree(node);
- return baos.toByteArray();
- }
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ canon.setSecureValidation(secureValidation);
+ canon.setWriter(baos);
+ canon.notReset();
+ canon.canonicalizeSubtree(node);
+ return baos.toByteArray();
}
/**
@@ -178,11 +174,12 @@
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- public abstract Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException, IOException;
+ public abstract Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException;
protected static byte[] createContext(byte[] source, Node ctx) throws XMLEncryptionException {
// Create the context to parse the document against
- try (ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) {
+ ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
+ try {
OutputStreamWriter outputStreamWriter = new OutputStreamWriter(byteArrayOutputStream, "UTF-8");
outputStreamWriter.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?><dummy");
diff --git a/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java b/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java
index 3c7ce3c..b73586e 100644
--- a/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java
+++ b/src/main/java/org/apache/xml/security/encryption/DocumentSerializer.java
@@ -20,7 +20,6 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
-import java.io.InputStream;
import java.io.StringReader;
import javax.xml.parsers.DocumentBuilder;
@@ -45,11 +44,9 @@
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- public Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException, IOException {
+ public Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException {
byte[] fragment = createContext(source, ctx);
- try (InputStream is = new ByteArrayInputStream(fragment)) {
- return deserialize(ctx, new InputSource(is));
- }
+ return deserialize(ctx, new InputSource(new ByteArrayInputStream(fragment)));
}
/**
diff --git a/src/main/java/org/apache/xml/security/encryption/Serializer.java b/src/main/java/org/apache/xml/security/encryption/Serializer.java
index 94d9277..3e94987 100644
--- a/src/main/java/org/apache/xml/security/encryption/Serializer.java
+++ b/src/main/java/org/apache/xml/security/encryption/Serializer.java
@@ -18,8 +18,6 @@
*/
package org.apache.xml.security.encryption;
-import java.io.IOException;
-
import org.apache.xml.security.c14n.Canonicalizer;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -71,5 +69,5 @@
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException, IOException;
+ Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException;
}
diff --git a/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java b/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java
index 73df59a..21c1d8e 100644
--- a/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java
+++ b/src/main/java/org/apache/xml/security/encryption/TransformSerializer.java
@@ -19,8 +19,6 @@
package org.apache.xml.security.encryption;
import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
import java.io.StringReader;
import javax.xml.XMLConstants;
@@ -48,11 +46,9 @@
* @return the Node resulting from the parse of the source
* @throws XMLEncryptionException
*/
- public Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException, IOException {
+ public Node deserialize(byte[] source, Node ctx) throws XMLEncryptionException {
byte[] fragment = createContext(source, ctx);
- try (InputStream is = new ByteArrayInputStream(fragment)) {
- return deserialize(ctx, new StreamSource(is));
- }
+ return deserialize(ctx, new StreamSource(new ByteArrayInputStream(fragment)));
}
/**
diff --git a/src/main/java/org/apache/xml/security/encryption/XMLCipher.java b/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
index eafc1ff..633a50d 100644
--- a/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
+++ b/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
@@ -19,7 +19,6 @@
package org.apache.xml.security.encryption;
import java.io.ByteArrayOutputStream;
-import java.io.IOException;
import java.io.InputStream;
import java.io.UnsupportedEncodingException;
import java.net.URI;
@@ -32,7 +31,6 @@
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.MGF1ParameterSpec;
import java.util.ArrayList;
-import java.util.Base64;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
@@ -51,6 +49,7 @@
import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
+import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.keyresolver.KeyResolverException;
@@ -60,6 +59,7 @@
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.transforms.InvalidTransformException;
import org.apache.xml.security.transforms.TransformationException;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.ElementProxy;
import org.apache.xml.security.utils.EncryptionConstants;
@@ -1188,14 +1188,13 @@
if (serializedData != null) {
int numBytes;
byte[] buf = new byte[8192];
- try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
- while ((numBytes = serializedData.read(buf)) != -1) {
- byte[] data = c.update(buf, 0, numBytes);
- baos.write(data);
- }
- baos.write(c.doFinal());
- encryptedBytes = baos.toByteArray();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ while ((numBytes = serializedData.read(buf)) != -1) {
+ byte[] data = c.update(buf, 0, numBytes);
+ baos.write(data);
}
+ baos.write(c.doFinal());
+ encryptedBytes = baos.toByteArray();
} else {
encryptedBytes = c.doFinal(serializedOctets);
if (log.isDebugEnabled()) {
@@ -1226,7 +1225,7 @@
byte[] finalEncryptedBytes = new byte[iv.length + encryptedBytes.length];
System.arraycopy(iv, 0, finalEncryptedBytes, 0, iv.length);
System.arraycopy(encryptedBytes, 0, finalEncryptedBytes, iv.length, encryptedBytes.length);
- String base64EncodedEncryptedOctets = Base64.getMimeEncoder().encodeToString(finalEncryptedBytes);
+ String base64EncodedEncryptedOctets = Base64.encode(finalEncryptedBytes);
if (log.isDebugEnabled()) {
log.debug("Encrypted octets:\n" + base64EncodedEncryptedOctets);
@@ -1420,7 +1419,7 @@
throw new XMLEncryptionException(e);
}
- String base64EncodedEncryptedOctets = Base64.getMimeEncoder().encodeToString(encryptedBytes);
+ String base64EncodedEncryptedOctets = Base64.encode(encryptedBytes);
if (log.isDebugEnabled()) {
log.debug("Encrypted key octets:\n" + base64EncodedEncryptedOctets);
log.debug("Encrypted key octets length = " + base64EncodedEncryptedOctets.length());
@@ -1718,19 +1717,15 @@
}
Node sourceParent = element.getParentNode();
- try {
- Node decryptedNode = serializer.deserialize(octets, sourceParent);
-
- // The de-serialiser returns a node whose children we need to take on.
- if (sourceParent != null && Node.DOCUMENT_NODE == sourceParent.getNodeType()) {
- // If this is a content decryption, this may have problems
- contextDocument.removeChild(contextDocument.getDocumentElement());
- contextDocument.appendChild(decryptedNode);
- } else if (sourceParent != null) {
- sourceParent.replaceChild(decryptedNode, element);
- }
- } catch (IOException ex) {
- throw new XMLEncryptionException(ex);
+ Node decryptedNode = serializer.deserialize(octets, sourceParent);
+
+ // The de-serialiser returns a node whose children we need to take on.
+ if (sourceParent != null && Node.DOCUMENT_NODE == sourceParent.getNodeType()) {
+ // If this is a content decryption, this may have problems
+ contextDocument.removeChild(contextDocument.getDocumentElement());
+ contextDocument.appendChild(decryptedNode);
+ } else if (sourceParent != null) {
+ sourceParent.replaceChild(decryptedNode, element);
}
return contextDocument;
@@ -2448,9 +2443,11 @@
if (null != oaepParamsElement) {
try {
String oaepParams = oaepParamsElement.getFirstChild().getNodeValue();
- result.setOAEPparams(Base64.getMimeDecoder().decode(oaepParams.getBytes("UTF-8")));
+ result.setOAEPparams(Base64.decode(oaepParams.getBytes("UTF-8")));
} catch(UnsupportedEncodingException e) {
throw new RuntimeException("UTF-8 not supported", e);
+ } catch (Base64DecodingException e) {
+ throw new RuntimeException("BASE-64 decoding error", e);
}
}
@@ -3226,8 +3223,7 @@
XMLUtils.createElementInEncryptionSpace(
contextDocument, EncryptionConstants._TAG_OAEPPARAMS
);
- oaepElement.appendChild(contextDocument.createTextNode(
- Base64.getMimeEncoder().encodeToString(oaepParams)));
+ oaepElement.appendChild(contextDocument.createTextNode(Base64.encode(oaepParams)));
result.appendChild(oaepElement);
}
if (digestAlgorithm != null) {
diff --git a/src/main/java/org/apache/xml/security/encryption/XMLCipherInput.java b/src/main/java/org/apache/xml/security/encryption/XMLCipherInput.java
index 2a44c00..003b402 100644
--- a/src/main/java/org/apache/xml/security/encryption/XMLCipherInput.java
+++ b/src/main/java/org/apache/xml/security/encryption/XMLCipherInput.java
@@ -19,14 +19,15 @@
package org.apache.xml.security.encryption;
import java.io.IOException;
-import java.util.Base64;
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.utils.resolver.ResourceResolver;
import org.apache.xml.security.utils.resolver.ResourceResolverException;
+import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.transforms.TransformationException;
import org.w3c.dom.Attr;
+import org.apache.xml.security.utils.Base64;
/**
* <code>XMLCipherInput</code> is used to wrap input passed into the
@@ -178,6 +179,10 @@
log.debug("Encrypted octets:\n" + base64EncodedEncryptedOctets);
}
- return Base64.getMimeDecoder().decode(base64EncodedEncryptedOctets);
+ try {
+ return Base64.decode(base64EncodedEncryptedOctets);
+ } catch (Base64DecodingException bde) {
+ throw new XMLEncryptionException(bde);
+ }
}
}
diff --git a/src/main/java/org/apache/xml/security/keys/content/x509/XMLX509Certificate.java b/src/main/java/org/apache/xml/security/keys/content/x509/XMLX509Certificate.java
index 3f69124..1db021e 100644
--- a/src/main/java/org/apache/xml/security/keys/content/x509/XMLX509Certificate.java
+++ b/src/main/java/org/apache/xml/security/keys/content/x509/XMLX509Certificate.java
@@ -19,8 +19,6 @@
package org.apache.xml.security.keys.content.x509;
import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
@@ -95,13 +93,15 @@
* @return the x509 certificate
* @throws XMLSecurityException
*/
- public X509Certificate getX509Certificate() throws XMLSecurityException, IOException {
- byte certbytes[] = this.getCertificateBytes();
- try (InputStream is = new ByteArrayInputStream(certbytes)) {
+ public X509Certificate getX509Certificate() throws XMLSecurityException {
+ try {
+ byte certbytes[] = this.getCertificateBytes();
CertificateFactory certFact =
CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
X509Certificate cert =
- (X509Certificate) certFact.generateCertificate(is);
+ (X509Certificate) certFact.generateCertificate(
+ new ByteArrayInputStream(certbytes)
+ );
if (cert != null) {
return cert;
@@ -119,7 +119,7 @@
* @return the publickey
* @throws XMLSecurityException
*/
- public PublicKey getPublicKey() throws XMLSecurityException, IOException {
+ public PublicKey getPublicKey() throws XMLSecurityException {
X509Certificate cert = this.getX509Certificate();
if (cert != null) {
diff --git a/src/main/java/org/apache/xml/security/keys/content/x509/XMLX509SKI.java b/src/main/java/org/apache/xml/security/keys/content/x509/XMLX509SKI.java
index 3674b29..da3d7fd 100644
--- a/src/main/java/org/apache/xml/security/keys/content/x509/XMLX509SKI.java
+++ b/src/main/java/org/apache/xml/security/keys/content/x509/XMLX509SKI.java
@@ -20,9 +20,9 @@
import java.security.cert.X509Certificate;
import java.util.Arrays;
-import java.util.Base64;
import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.SignatureElementProxy;
import org.w3c.dom.Document;
@@ -134,7 +134,7 @@
System.arraycopy(extensionValue, 4, skidValue, 0, skidValue.length);
if (log.isDebugEnabled()) {
- log.debug("Base64 of SKI is " + Base64.getMimeEncoder().encodeToString(skidValue));
+ log.debug("Base64 of SKI is " + Base64.encode(skidValue));
}
return skidValue;
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java b/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java
index b2fce9a..6eefa56 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/KeyResolverSpi.java
@@ -20,7 +20,6 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
-import java.io.InputStream;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
@@ -272,9 +271,9 @@
*/
protected static Element getDocFromBytes(byte[] bytes, boolean secureValidation) throws KeyResolverException {
DocumentBuilder db = null;
- try (InputStream is = new ByteArrayInputStream(bytes)) {
+ try {
db = XMLUtils.createDocumentBuilder(false, secureValidation);
- Document doc = db.parse(is);
+ Document doc = db.parse(new ByteArrayInputStream(bytes));
return doc.getDocumentElement();
} catch (SAXException ex) {
throw new KeyResolverException(ex);
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
index f4ab27d..811dcc6 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
@@ -20,7 +20,6 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
-import java.io.InputStream;
import java.security.PublicKey;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
@@ -284,9 +283,9 @@
// if the resource stores a raw certificate, we have to handle it
CertificateFactory certFact =
CertificateFactory.getInstance(XMLX509Certificate.JCA_CERT_ID);
- try (InputStream is = new ByteArrayInputStream(inputBytes)) {
- return (X509Certificate) certFact.generateCertificate(is);
- }
+ X509Certificate cert = (X509Certificate)
+ certFact.generateCertificate(new ByteArrayInputStream(inputBytes));
+ return cert;
}
/**
diff --git a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java
index 0397e9e..4a378c3 100644
--- a/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/keyresolver/implementations/X509CertificateResolver.java
@@ -18,7 +18,6 @@
*/
package org.apache.xml.security.keys.keyresolver.implementations;
-import java.io.IOException;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
@@ -99,9 +98,9 @@
}
}
return null;
- } catch (XMLSecurityException | IOException ex) {
+ } catch (XMLSecurityException ex) {
if (log.isDebugEnabled()) {
- log.debug("Security Exception", ex);
+ log.debug("XMLSecurityException", ex);
}
throw new KeyResolverException(ex);
}
diff --git a/src/main/java/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java b/src/main/java/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java
index 5bad725..0086036 100644
--- a/src/main/java/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java
+++ b/src/main/java/org/apache/xml/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java
@@ -29,12 +29,12 @@
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
-import java.util.Base64;
import java.util.Iterator;
import java.util.List;
import org.apache.xml.security.keys.storage.StorageResolverException;
import org.apache.xml.security.keys.storage.StorageResolverSpi;
+import org.apache.xml.security.utils.Base64;
/**
* This {@link StorageResolverSpi} makes all raw (binary) {@link X509Certificate}s
@@ -100,7 +100,9 @@
boolean added = false;
String dn = null;
- try (FileInputStream fis = new FileInputStream(file)) {
+ FileInputStream fis = null;
+ try {
+ fis = new FileInputStream(file);
X509Certificate cert =
(X509Certificate) cf.generateCertificate(fis);
@@ -126,9 +128,15 @@
if (log.isDebugEnabled()) {
log.debug("Could not add certificate from file " + filename, ex);
}
- } catch (IOException ex) {
- if (log.isDebugEnabled()) {
- log.debug("Could not add certificate from file " + filename, ex);
+ } finally {
+ try {
+ if (fis != null) {
+ fis.close();
+ }
+ } catch (IOException ex) {
+ if (log.isDebugEnabled()) {
+ log.debug("Could not add certificate from file " + filename, ex);
+ }
}
}
@@ -202,7 +210,7 @@
System.out.println();
System.out.println("Base64(SKI())= \""
- + Base64.getMimeEncoder().encodeToString(ski) + "\"");
+ + Base64.encode(ski) + "\"");
System.out.println("cert.getSerialNumber()= \""
+ cert.getSerialNumber().toString() + "\"");
System.out.println("cert.getSubjectX500Principal().getName()= \""
diff --git a/src/main/java/org/apache/xml/security/signature/Reference.java b/src/main/java/org/apache/xml/security/signature/Reference.java
index f68a449..6cba6fc 100644
--- a/src/main/java/org/apache/xml/security/signature/Reference.java
+++ b/src/main/java/org/apache/xml/security/signature/Reference.java
@@ -22,7 +22,6 @@
import java.io.OutputStream;
import java.security.AccessController;
import java.security.PrivilegedAction;
-import java.util.Base64;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
@@ -31,6 +30,7 @@
import org.apache.xml.security.algorithms.MessageDigestAlgorithm;
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
+import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.reference.ReferenceData;
import org.apache.xml.security.signature.reference.ReferenceNodeSetData;
@@ -41,6 +41,7 @@
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
import org.apache.xml.security.transforms.params.InclusiveNamespaces;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.DigesterOutputStream;
import org.apache.xml.security.utils.SignatureElementProxy;
@@ -387,7 +388,7 @@
n = n.getNextSibling();
}
- String base64codedValue = Base64.getMimeEncoder().encodeToString(digestValue);
+ String base64codedValue = Base64.encode(digestValue);
Text t = createText(base64codedValue);
digestValueElement.appendChild(t);
@@ -708,15 +709,16 @@
private byte[] calculateDigest(boolean validating)
throws ReferenceNotInitializedException, XMLSignatureException {
XMLSignatureInput input = this.getContentsBeforeTransformation();
- if (input.isPreCalculatedDigest()) {
+ if(input.isPreCalculatedDigest()) {
return getPreCalculatedDigest(input);
}
-
- MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm();
- mda.reset();
-
- try (DigesterOutputStream diOs = new DigesterOutputStream(mda);
- OutputStream os = new UnsyncBufferedOutputStream(diOs)) {
+ OutputStream os = null;
+ try {
+ MessageDigestAlgorithm mda = this.getMessageDigestAlgorithm();
+
+ mda.reset();
+ DigesterOutputStream diOs = new DigesterOutputStream(mda);
+ os = new UnsyncBufferedOutputStream(diOs);
XMLSignatureInput output = this.dereferenceURIandPerformTransforms(os);
// if signing and c14n11 property == true explicitly add
// C14N11 transform if needed
@@ -746,6 +748,14 @@
throw new ReferenceNotInitializedException(ex);
} catch (IOException ex) {
throw new ReferenceNotInitializedException(ex);
+ } finally {
+ if (os != null) {
+ try {
+ os.close();
+ } catch (IOException ex) {
+ throw new ReferenceNotInitializedException(ex);
+ }
+ }
}
}
@@ -759,9 +769,14 @@
*/
private byte[] getPreCalculatedDigest(XMLSignatureInput input)
throws ReferenceNotInitializedException {
- log.debug("Verifying element with pre-calculated digest");
- String preCalculatedDigest = input.getPreCalculatedDigest();
- return Base64.getMimeDecoder().decode(preCalculatedDigest);
+ try {
+ log.debug("Verifying element with pre-calculated digest");
+ String preCalculatedDigest = input.getPreCalculatedDigest();
+ return Base64.decode(preCalculatedDigest);
+ } catch (Base64DecodingException e) {
+ log.error("Failed to decode pre-calculated digest in base64: " + e.getMessage());
+ throw new ReferenceNotInitializedException(e);
+ }
}
/**
@@ -771,7 +786,7 @@
* @throws Base64DecodingException if Reference contains no proper base64 encoded data.
* @throws XMLSecurityException if the Reference does not contain a DigestValue element
*/
- public byte[] getDigestValue() throws XMLSecurityException {
+ public byte[] getDigestValue() throws Base64DecodingException, XMLSecurityException {
if (digestValueElement == null) {
// The required element is not in the XML!
Object[] exArgs ={ Constants._TAG_DIGESTVALUE, Constants.SignatureSpecNS };
@@ -779,8 +794,7 @@
"signature.Verification.NoSignatureElement", exArgs
);
}
- String content = XMLUtils.getFullTextChildrenFromElement(digestValueElement);
- return Base64.getMimeDecoder().decode(content);
+ return Base64.decode(digestValueElement);
}
@@ -799,8 +813,8 @@
if (!equal) {
log.warn("Verification failed for URI \"" + this.getURI() + "\"");
- log.warn("Expected Digest: " + Base64.getMimeEncoder().encodeToString(elemDig));
- log.warn("Actual Digest: " + Base64.getMimeEncoder().encodeToString(calcDig));
+ log.warn("Expected Digest: " + Base64.encode(elemDig));
+ log.warn("Actual Digest: " + Base64.encode(calcDig));
} else {
if (log.isDebugEnabled()) {
log.debug("Verification successful for URI \"" + this.getURI() + "\"");
diff --git a/src/main/java/org/apache/xml/security/signature/SignedInfo.java b/src/main/java/org/apache/xml/security/signature/SignedInfo.java
index 727f72e..da4538f 100644
--- a/src/main/java/org/apache/xml/security/signature/SignedInfo.java
+++ b/src/main/java/org/apache/xml/security/signature/SignedInfo.java
@@ -20,7 +20,6 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
-import java.io.InputStream;
import java.io.OutputStream;
import javax.crypto.SecretKey;
@@ -214,8 +213,9 @@
byte[] c14nizedBytes = c14nizer.canonicalizeSubtree(element);
javax.xml.parsers.DocumentBuilder db =
XMLUtils.createDocumentBuilder(false, secureValidation);
- try (InputStream is = new ByteArrayInputStream(c14nizedBytes)) {
- Document newdoc = db.parse(is);
+ try {
+ Document newdoc = db.parse(new ByteArrayInputStream(
+ c14nizedBytes));
Node imported = element.getOwnerDocument().importNode(
newdoc.getDocumentElement(), true);
element.getParentNode().replaceChild(imported, element);
diff --git a/src/main/java/org/apache/xml/security/signature/XMLSignature.java b/src/main/java/org/apache/xml/security/signature/XMLSignature.java
index f18c130..3fd8c90 100644
--- a/src/main/java/org/apache/xml/security/signature/XMLSignature.java
+++ b/src/main/java/org/apache/xml/security/signature/XMLSignature.java
@@ -23,7 +23,6 @@
import java.security.Key;
import java.security.PublicKey;
import java.security.cert.X509Certificate;
-import java.util.Base64;
import javax.crypto.SecretKey;
@@ -31,10 +30,12 @@
import org.apache.xml.security.c14n.CanonicalizationException;
import org.apache.xml.security.c14n.Canonicalizer;
import org.apache.xml.security.c14n.InvalidCanonicalizerException;
+import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.keys.KeyInfo;
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.I18n;
import org.apache.xml.security.utils.SignatureElementProxy;
@@ -484,8 +485,11 @@
* @throws XMLSignatureException If there is no content
*/
public byte[] getSignatureValue() throws XMLSignatureException {
- String content = XMLUtils.getFullTextChildrenFromElement(signatureValueElement);
- return Base64.getMimeDecoder().decode(content);
+ try {
+ return Base64.decode(signatureValueElement);
+ } catch (Base64DecodingException ex) {
+ throw new XMLSignatureException(ex, "empty");
+ }
}
/**
@@ -500,7 +504,7 @@
signatureValueElement.removeChild(signatureValueElement.getFirstChild());
}
- String base64codedValue = Base64.getMimeEncoder().encodeToString(bytes);
+ String base64codedValue = Base64.encode(bytes);
if (base64codedValue.length() > 76 && !XMLUtils.ignoreLineBreaks()) {
base64codedValue = "\n" + base64codedValue + "\n";
@@ -614,21 +618,35 @@
);
}
- //Create a SignatureAlgorithm object
- SignedInfo si = this.getSignedInfo();
- SignatureAlgorithm sa = si.getSignatureAlgorithm();
- try (SignerOutputStream output = new SignerOutputStream(sa);
- OutputStream so = new UnsyncBufferedOutputStream(output)) {
-
- // generate digest values for all References in this SignedInfo
- si.generateDigestValues();
+ try {
+ //Create a SignatureAlgorithm object
+ SignedInfo si = this.getSignedInfo();
+ SignatureAlgorithm sa = si.getSignatureAlgorithm();
+ OutputStream so = null;
+ try {
+ // generate digest values for all References in this SignedInfo
+ si.generateDigestValues();
- // initialize SignatureAlgorithm for signing
- sa.initSign(signingKey);
+ // initialize SignatureAlgorithm for signing
+ sa.initSign(signingKey);
- // get the canonicalized bytes from SignedInfo
- si.signInOctetStream(so);
-
+ so = new UnsyncBufferedOutputStream(new SignerOutputStream(sa));
+ // get the canonicalized bytes from SignedInfo
+ si.signInOctetStream(so);
+ } catch (XMLSecurityException ex) {
+ throw ex;
+ } finally {
+ if (so != null) {
+ try {
+ so.close();
+ } catch (IOException ex) {
+ if (log.isDebugEnabled()) {
+ log.debug(ex.getMessage(), ex);
+ }
+ }
+ }
+ }
+
// set them on the SignatureValue element
this.setSignatureValueElement(sa.sign());
} catch (XMLSignatureException ex) {
@@ -639,8 +657,6 @@
throw new XMLSignatureException(ex);
} catch (XMLSecurityException ex) {
throw new XMLSignatureException(ex);
- } catch (IOException ex) {
- throw new XMLSignatureException(ex);
}
}
@@ -719,12 +735,13 @@
log.debug("PublicKey = " + pk);
}
byte sigBytes[] = null;
- try (SignerOutputStream so = new SignerOutputStream(sa);
- OutputStream bos = new UnsyncBufferedOutputStream(so)) {
-
+ try {
sa.initVerify(pk);
// Get the canonicalized (normalized) SignedInfo
+ SignerOutputStream so = new SignerOutputStream(sa);
+ OutputStream bos = new UnsyncBufferedOutputStream(so);
+
si.signInOctetStream(bos);
bos.close();
// retrieve the byte[] from the stored signature
diff --git a/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java b/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
index 20641a8..f3a099f 100644
--- a/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
+++ b/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
@@ -578,20 +578,16 @@
Document doc = db.parse(this.getOctetStream());
this.subNode = doc;
} catch (SAXException ex) {
- byte[] result = null;
// if a not-wellformed nodeset exists, put a container around it...
- try (ByteArrayOutputStream baos = new ByteArrayOutputStream()) {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
- baos.write("<container>".getBytes("UTF-8"));
- baos.write(this.getBytes());
- baos.write("</container>".getBytes("UTF-8"));
+ baos.write("<container>".getBytes("UTF-8"));
+ baos.write(this.getBytes());
+ baos.write("</container>".getBytes("UTF-8"));
- result = baos.toByteArray();
- }
- try (InputStream is = new ByteArrayInputStream(result)) {
- Document document = db.parse(is);
- this.subNode = document.getDocumentElement().getFirstChild().getFirstChild();
- }
+ byte result[] = baos.toByteArray();
+ Document document = db.parse(new ByteArrayInputStream(result));
+ this.subNode = document.getDocumentElement().getFirstChild().getFirstChild();
} finally {
XMLUtils.repoolDocumentBuilder(db);
if (this.inputOctetStreamProxy != null) {
diff --git a/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java b/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java
index 9eb5f08..ebe4702 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java
@@ -22,7 +22,6 @@
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
-import org.apache.xml.security.utils.UnsyncByteArrayInputStream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.xml.security.binding.xmldsig.KeyInfoType;
@@ -348,7 +347,7 @@
}
stringBuilder.append('>');
- return new UnsyncByteArrayInputStream(stringBuilder.toString().getBytes("UTF-8"));
+ return new UnsynchronizedByteArrayInputStream(stringBuilder.toString().getBytes("UTF-8"));
}
private InputStream writeWrapperEndElement() throws IOException {
@@ -359,7 +358,7 @@
stringBuilder.append(':');
stringBuilder.append(wrapperElementName.getLocalPart());
stringBuilder.append('>');
- return new UnsyncByteArrayInputStream(stringBuilder.toString().getBytes("UTF-8"));
+ return new UnsynchronizedByteArrayInputStream(stringBuilder.toString().getBytes("UTF-8"));
}
private void forwardToWrapperElement(XMLStreamReader xmlStreamReader) throws XMLStreamException {
diff --git a/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureInputHandler.java b/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureInputHandler.java
index fc2da52..147f20b 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureInputHandler.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureInputHandler.java
@@ -26,9 +26,6 @@
import org.apache.xml.security.stax.ext.*;
import org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_Excl;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
-import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
-import org.apache.xml.security.utils.UnsyncByteArrayInputStream;
-import org.apache.xml.security.utils.UnsyncByteArrayOutputStream;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.ext.stax.XMLSecEventFactory;
import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
@@ -41,7 +38,6 @@
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.XMLStreamReader;
import java.io.IOException;
-import java.io.InputStream;
import java.io.OutputStream;
import java.security.Key;
import java.security.NoSuchAlgorithmException;
@@ -150,22 +146,23 @@
Deque<XMLSecEvent> signedInfoDeque = new ArrayDeque<XMLSecEvent>();
- try (UnsyncByteArrayOutputStream unsynchronizedByteArrayOutputStream = new UnsyncByteArrayOutputStream()) {
- Transformer transformer = XMLSecurityUtils.getTransformer(
- null,
- unsynchronizedByteArrayOutputStream,
- null,
- signatureType.getSignedInfo().getCanonicalizationMethod().getAlgorithm(),
- XMLSecurityConstants.DIRECTION.IN);
-
- Iterator<XMLSecEvent> iterator = eventDeque.descendingIterator();
- //forward to <Signature> Element
- int i = 0;
- while (i < index) {
- iterator.next();
- i++;
- }
+ UnsynchronizedByteArrayOutputStream unsynchronizedByteArrayOutputStream = new UnsynchronizedByteArrayOutputStream();
+ Transformer transformer = XMLSecurityUtils.getTransformer(
+ null,
+ unsynchronizedByteArrayOutputStream,
+ null,
+ signatureType.getSignedInfo().getCanonicalizationMethod().getAlgorithm(),
+ XMLSecurityConstants.DIRECTION.IN);
+ Iterator<XMLSecEvent> iterator = eventDeque.descendingIterator();
+ //forward to <Signature> Element
+ int i = 0;
+ while (i < index) {
+ iterator.next();
+ i++;
+ }
+
+ try {
loop:
while (iterator.hasNext()) {
XMLSecEvent xmlSecEvent = iterator.next();
@@ -194,25 +191,24 @@
transformer.doFinal();
- try (InputStream is = new UnsyncByteArrayInputStream(unsynchronizedByteArrayOutputStream.toByteArray())) {
- XMLStreamReader xmlStreamReader = inputProcessorChain.getSecurityContext().
- <XMLInputFactory>get(XMLSecurityConstants.XMLINPUTFACTORY).
- createXMLStreamReader(is);
-
- while (xmlStreamReader.hasNext()) {
- XMLSecEvent xmlSecEvent = XMLSecEventFactory.allocate(xmlStreamReader, null);
- signedInfoDeque.push(xmlSecEvent);
- xmlStreamReader.next();
- }
-
- @SuppressWarnings("unchecked")
- final SignedInfoType signedInfoType =
- ((JAXBElement<SignedInfoType>) parseStructure(signedInfoDeque, 0, securityProperties)).getValue();
- signatureType.setSignedInfo(signedInfoType);
-
- return signedInfoDeque;
+ XMLStreamReader xmlStreamReader = inputProcessorChain.getSecurityContext().
+ <XMLInputFactory>get(XMLSecurityConstants.XMLINPUTFACTORY).
+ createXMLStreamReader(new UnsynchronizedByteArrayInputStream(unsynchronizedByteArrayOutputStream.toByteArray()));
+
+ while (xmlStreamReader.hasNext()) {
+ XMLSecEvent xmlSecEvent = XMLSecEventFactory.allocate(xmlStreamReader, null);
+ signedInfoDeque.push(xmlSecEvent);
+ xmlStreamReader.next();
}
- } catch (XMLStreamException | IOException e) {
+
+ @SuppressWarnings("unchecked")
+ final SignedInfoType signedInfoType =
+ ((JAXBElement<SignedInfoType>) parseStructure(signedInfoDeque, 0, securityProperties)).getValue();
+ signatureType.setSignedInfo(signedInfoType);
+
+ return signedInfoDeque;
+
+ } catch (XMLStreamException e) {
throw new XMLSecurityException(e);
}
}
@@ -309,7 +305,7 @@
algorithmURI);
signatureAlgorithm.engineInitVerify(verifyKey);
signerOutputStream = new SignerOutputStream(signatureAlgorithm);
- bufferedSignerOutputStream = new UnsyncBufferedOutputStream(signerOutputStream);
+ bufferedSignerOutputStream = new UnsynchronizedBufferedOutputStream(signerOutputStream);
final CanonicalizationMethodType canonicalizationMethodType =
signatureType.getSignedInfo().getCanonicalizationMethod();
diff --git a/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java b/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
index 0b2bae3..7ea71aa 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractSignatureReferenceVerifyInputProcessor.java
@@ -21,7 +21,6 @@
import org.apache.commons.codec.binary.Base64;
import org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_Excl;
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
-import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.apache.xml.security.binding.excc14n.InclusiveNamespaces;
@@ -40,6 +39,7 @@
import org.apache.xml.security.stax.impl.util.DigestOutputStream;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.impl.util.KeyValue;
+import org.apache.xml.security.stax.impl.util.UnsynchronizedBufferedOutputStream;
import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
import javax.xml.namespace.QName;
@@ -260,11 +260,12 @@
protected void verifyExternalReference(InputProcessorChain inputProcessorChain, InputStream inputStream,
ReferenceType referenceType) throws XMLSecurityException, XMLStreamException {
- try (BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
+ BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
+ try {
DigestOutputStream digestOutputStream =
createMessageDigestOutputStream(referenceType, inputProcessorChain.getSecurityContext());
- UnsyncBufferedOutputStream bufferedDigestOutputStream =
- new UnsyncBufferedOutputStream(digestOutputStream)) {
+ UnsynchronizedBufferedOutputStream bufferedDigestOutputStream =
+ new UnsynchronizedBufferedOutputStream(digestOutputStream);
if (referenceType.getTransforms() != null) {
Transformer transformer =
@@ -278,6 +279,12 @@
compareDigest(digestOutputStream.getDigestValue(), referenceType);
} catch (IOException e) {
throw new XMLSecurityException(e);
+ } finally {
+ try {
+ bufferedInputStream.close();
+ } catch (IOException e) {
+ log.warn("Could not close external resource input stream, ignored.");
+ }
}
}
@@ -415,7 +422,7 @@
this.setStartElement(startElement);
this.setReferenceType(referenceType);
this.digestOutputStream = createMessageDigestOutputStream(referenceType, inputProcessorChain.getSecurityContext());
- this.bufferedDigestOutputStream = new UnsyncBufferedOutputStream(this.getDigestOutputStream());
+ this.bufferedDigestOutputStream = new UnsynchronizedBufferedOutputStream(this.getDigestOutputStream());
this.transformer = buildTransformerChain(referenceType, bufferedDigestOutputStream, inputProcessorChain);
}
diff --git a/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java b/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
index 831e300..5def574 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLEncryptedKeyInputHandler.java
@@ -36,6 +36,7 @@
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.securityEvent.AlgorithmSuiteSecurityEvent;
import org.apache.xml.security.stax.securityEvent.EncryptedKeyTokenSecurityEvent;
+import org.apache.xml.security.utils.Base64;
import javax.crypto.Cipher;
import javax.crypto.NoSuchPaddingException;
@@ -46,7 +47,6 @@
import java.security.*;
import java.security.spec.MGF1ParameterSpec;
-import java.util.Base64;
import java.util.Deque;
/**
@@ -234,7 +234,7 @@
byte[] sha1Bytes =
generateDigest(encryptedKeyType.getCipherData().getCipherValue());
- String sha1Identifier = Base64.getMimeEncoder().encodeToString(sha1Bytes);
+ String sha1Identifier = Base64.encode(sha1Bytes);
super.setSha1Identifier(sha1Identifier);
try {
diff --git a/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java b/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
index 774803d..acccc7e 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureEndingOutputProcessor.java
@@ -44,10 +44,10 @@
import org.apache.xml.security.stax.impl.transformer.canonicalizer.Canonicalizer20010315_Excl;
import org.apache.xml.security.stax.impl.util.IDGenerator;
import org.apache.xml.security.stax.impl.util.SignerOutputStream;
+import org.apache.xml.security.stax.impl.util.UnsynchronizedBufferedOutputStream;
import org.apache.xml.security.stax.securityToken.OutboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenProvider;
-import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
/**
* @author $Author$
@@ -242,7 +242,7 @@
public void init(OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
this.signerOutputStream = new SignerOutputStream(this.signatureAlgorithm);
- this.bufferedSignerOutputStream = new UnsyncBufferedOutputStream(this.signerOutputStream);
+ this.bufferedSignerOutputStream = new UnsynchronizedBufferedOutputStream(this.signerOutputStream);
final String canonicalizationAlgorithm = getSecurityProperties().getSignatureCanonicalizationAlgorithm();
diff --git a/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java b/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java
index 951339c..5ae4528 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractSignatureOutputProcessor.java
@@ -31,7 +31,7 @@
import org.apache.xml.security.stax.impl.SignaturePartDef;
import org.apache.xml.security.stax.impl.transformer.TransformIdentity;
import org.apache.xml.security.stax.impl.util.DigestOutputStream;
-import org.apache.xml.security.utils.UnsyncBufferedOutputStream;
+import org.apache.xml.security.stax.impl.util.UnsynchronizedBufferedOutputStream;
import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
@@ -266,7 +266,7 @@
@Override
public void init(OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
this.digestOutputStream = createMessageDigestOutputStream(signaturePartDef.getDigestAlgo());
- this.bufferedDigestOutputStream = new UnsyncBufferedOutputStream(digestOutputStream);
+ this.bufferedDigestOutputStream = new UnsynchronizedBufferedOutputStream(digestOutputStream);
this.transformer = buildTransformerChain(this.bufferedDigestOutputStream, signaturePartDef, xmlSecStartElement);
super.init(outputProcessorChain);
}
diff --git a/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java b/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
index 316fabb..b43e8c0 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/securityToken/SecurityTokenFactoryImpl.java
@@ -27,10 +27,9 @@
import org.apache.xml.security.stax.securityToken.InboundSecurityToken;
import org.apache.xml.security.stax.securityToken.SecurityTokenConstants;
import org.apache.xml.security.stax.securityToken.SecurityTokenFactory;
+import org.apache.xml.security.stax.impl.util.UnsynchronizedByteArrayInputStream;
import org.apache.xml.security.utils.RFC2253Parser;
-import org.apache.xml.security.utils.UnsyncByteArrayInputStream;
-import java.io.IOException;
import java.io.InputStream;
import java.security.Key;
import java.security.PublicKey;
@@ -288,10 +287,11 @@
*/
private static X509Certificate getCertificateFromBytes(byte[] data)
throws XMLSecurityException {
- try (InputStream in = new UnsyncByteArrayInputStream(data)) {
+ InputStream in = new UnsynchronizedByteArrayInputStream(data);
+ try {
CertificateFactory factory = CertificateFactory.getInstance("X.509");
return (X509Certificate) factory.generateCertificate(in);
- } catch (CertificateException | IOException e) {
+ } catch (CertificateException e) {
throw new XMLSecurityException(e);
}
}
diff --git a/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformBase64Decode.java b/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformBase64Decode.java
index 37b5c05..d773f8a 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformBase64Decode.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformBase64Decode.java
@@ -24,8 +24,8 @@
import org.apache.xml.security.stax.ext.XMLSecurityConstants;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor;
-import org.apache.xml.security.utils.UnsyncByteArrayInputStream;
-import org.apache.xml.security.utils.UnsyncByteArrayOutputStream;
+import org.apache.xml.security.stax.impl.util.UnsynchronizedByteArrayInputStream;
+import org.apache.xml.security.stax.impl.util.UnsynchronizedByteArrayOutputStream;
import javax.xml.stream.XMLStreamConstants;
import javax.xml.stream.XMLStreamException;
@@ -89,13 +89,13 @@
case XMLSecEvent: {
childOutputMethod = new ChildOutputMethod() {
- private UnsyncByteArrayOutputStream byteArrayOutputStream;
+ private UnsynchronizedByteArrayOutputStream byteArrayOutputStream;
private Base64OutputStream base64OutputStream;
@Override
public void transform(Object object) throws XMLStreamException {
if (base64OutputStream == null) {
- byteArrayOutputStream = new UnsyncByteArrayOutputStream();
+ byteArrayOutputStream = new UnsynchronizedByteArrayOutputStream();
base64OutputStream = new Base64OutputStream(byteArrayOutputStream, false);
}
try {
@@ -112,18 +112,19 @@
} catch (IOException e) {
throw new XMLStreamException(e);
}
+ XMLEventReaderInputProcessor xmlEventReaderInputProcessor
+ = new XMLEventReaderInputProcessor(
+ null,
+ getXmlInputFactory().createXMLStreamReader(new UnsynchronizedByteArrayInputStream(byteArrayOutputStream.toByteArray()))
+ );
- try (InputStream is = new UnsyncByteArrayInputStream(byteArrayOutputStream.toByteArray())) {
- XMLEventReaderInputProcessor xmlEventReaderInputProcessor
- = new XMLEventReaderInputProcessor(null,
- getXmlInputFactory().createXMLStreamReader(is)
- );
+ try {
XMLSecEvent xmlSecEvent;
do {
xmlSecEvent = xmlEventReaderInputProcessor.processNextEvent(null);
getTransformer().transform(xmlSecEvent);
} while (xmlSecEvent.getEventType() != XMLStreamConstants.END_DOCUMENT);
- } catch (XMLSecurityException | IOException e) {
+ } catch (XMLSecurityException e) {
throw new XMLStreamException(e);
}
getTransformer().doFinal();
@@ -134,13 +135,13 @@
case InputStream: {
childOutputMethod = new ChildOutputMethod() {
- private UnsyncByteArrayOutputStream byteArrayOutputStream;
+ private UnsynchronizedByteArrayOutputStream byteArrayOutputStream;
private Base64OutputStream base64OutputStream;
@Override
public void transform(Object object) throws XMLStreamException {
if (base64OutputStream == null) {
- byteArrayOutputStream = new UnsyncByteArrayOutputStream();
+ byteArrayOutputStream = new UnsynchronizedByteArrayOutputStream();
base64OutputStream = new Base64OutputStream(byteArrayOutputStream, false);
}
try {
@@ -157,12 +158,8 @@
} catch (IOException e) {
throw new XMLStreamException(e);
}
- try (InputStream is = new UnsyncByteArrayInputStream(byteArrayOutputStream.toByteArray())) {
- getTransformer().transform(is);
- getTransformer().doFinal();
- } catch (IOException ex) {
- throw new XMLStreamException(ex);
- }
+ getTransformer().transform(new UnsynchronizedByteArrayInputStream(byteArrayOutputStream.toByteArray()));
+ getTransformer().doFinal();
}
};
break;
diff --git a/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java b/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java
index c30dea4..979af71 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/transformer/TransformIdentity.java
@@ -24,8 +24,8 @@
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.apache.xml.security.stax.ext.stax.XMLSecEvent;
import org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor;
-import org.apache.xml.security.utils.UnsyncByteArrayInputStream;
-import org.apache.xml.security.utils.UnsyncByteArrayOutputStream;
+import org.apache.xml.security.stax.impl.util.UnsynchronizedByteArrayInputStream;
+import org.apache.xml.security.stax.impl.util.UnsynchronizedByteArrayOutputStream;
import javax.xml.stream.*;
import java.io.*;
@@ -144,13 +144,13 @@
case InputStream: {
childOutputMethod = new ChildOutputMethod() {
- private UnsyncByteArrayOutputStream baos;
+ private UnsynchronizedByteArrayOutputStream baos;
private XMLEventWriter xmlEventWriter;
@Override
public void transform(Object object) throws XMLStreamException {
if (xmlEventWriter == null) {
- baos = new UnsyncByteArrayOutputStream();
+ baos = new UnsynchronizedByteArrayOutputStream();
xmlEventWriter = getXmlOutputFactory().createXMLEventWriter(baos);
}
@@ -160,12 +160,8 @@
@Override
public void doFinal() throws XMLStreamException {
xmlEventWriter.close();
- try (InputStream is = new UnsyncByteArrayInputStream(baos.toByteArray())) {
- getTransformer().transform(is);
- getTransformer().doFinal();
- } catch (IOException ex) {
- throw new XMLStreamException(ex);
- }
+ getTransformer().transform(new UnsynchronizedByteArrayInputStream(baos.toByteArray()));
+ getTransformer().doFinal();
}
};
break;
diff --git a/src/main/java/org/apache/xml/security/stax/impl/transformer/canonicalizer/CanonicalizerBase.java b/src/main/java/org/apache/xml/security/stax/impl/transformer/canonicalizer/CanonicalizerBase.java
index 8e3ba07..4bbe80b 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/transformer/canonicalizer/CanonicalizerBase.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/transformer/canonicalizer/CanonicalizerBase.java
@@ -26,8 +26,8 @@
import org.apache.xml.security.stax.ext.stax.*;
import org.apache.xml.security.stax.impl.processor.input.XMLEventReaderInputProcessor;
import org.apache.xml.security.stax.impl.transformer.TransformIdentity;
-import org.apache.xml.security.utils.UnsyncByteArrayInputStream;
-import org.apache.xml.security.utils.UnsyncByteArrayOutputStream;
+import org.apache.xml.security.stax.impl.util.UnsynchronizedByteArrayInputStream;
+import org.apache.xml.security.stax.impl.util.UnsynchronizedByteArrayOutputStream;
import javax.xml.namespace.QName;
import javax.xml.stream.*;
@@ -84,7 +84,7 @@
@Override
public void setTransformer(Transformer transformer) throws XMLSecurityException {
//we support only transformers which takes an InputStream otherwise we will break the C14N
- setOutputStream(new UnsyncByteArrayOutputStream());
+ setOutputStream(new UnsynchronizedByteArrayOutputStream());
super.setTransformer(transformer);
}
@@ -390,13 +390,9 @@
@Override
public void doFinal() throws XMLStreamException {
if (getTransformer() != null) {
- UnsyncByteArrayOutputStream baos = (UnsyncByteArrayOutputStream)getOutputStream();
- try (InputStream is = new UnsyncByteArrayInputStream(baos.toByteArray())) {
- getTransformer().transform(is);
- getTransformer().doFinal();
- } catch (IOException ex) {
- throw new XMLStreamException(ex);
- }
+ UnsynchronizedByteArrayOutputStream baos = (UnsynchronizedByteArrayOutputStream)getOutputStream();
+ getTransformer().transform(new UnsynchronizedByteArrayInputStream(baos.toByteArray()));
+ getTransformer().doFinal();
}
}
diff --git a/src/main/java/org/apache/xml/security/stax/impl/util/FullyBufferedOutputStream.java b/src/main/java/org/apache/xml/security/stax/impl/util/FullyBufferedOutputStream.java
index f18fc7b..2c2bcfd 100644
--- a/src/main/java/org/apache/xml/security/stax/impl/util/FullyBufferedOutputStream.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/util/FullyBufferedOutputStream.java
@@ -22,11 +22,9 @@
import java.io.IOException;
import java.io.OutputStream;
-import org.apache.xml.security.utils.UnsyncByteArrayOutputStream;
-
public class FullyBufferedOutputStream extends FilterOutputStream {
- private UnsyncByteArrayOutputStream buf = new UnsyncByteArrayOutputStream();
+ private UnsynchronizedByteArrayOutputStream buf = new UnsynchronizedByteArrayOutputStream();
public FullyBufferedOutputStream(OutputStream out) {
super(out);
@@ -51,7 +49,6 @@
public void close() throws IOException {
buf.writeTo(out);
out.close();
- buf.close();
}
@Override
diff --git a/src/main/java/org/apache/xml/security/stax/impl/util/UnsynchronizedBufferedOutputStream.java b/src/main/java/org/apache/xml/security/stax/impl/util/UnsynchronizedBufferedOutputStream.java
new file mode 100644
index 0000000..e3f123c
--- /dev/null
+++ b/src/main/java/org/apache/xml/security/stax/impl/util/UnsynchronizedBufferedOutputStream.java
@@ -0,0 +1,81 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.xml.security.stax.impl.util;
+
+import java.io.FilterOutputStream;
+import java.io.IOException;
+import java.io.OutputStream;
+
+public class UnsynchronizedBufferedOutputStream extends FilterOutputStream {
+
+ protected byte[] buffer;
+ protected int count;
+
+ public UnsynchronizedBufferedOutputStream(OutputStream out) {
+ super(out);
+ buffer = new byte[8192];
+ }
+
+ public UnsynchronizedBufferedOutputStream(OutputStream out, int size) {
+ super(out);
+ if (size <= 0) {
+ throw new IllegalArgumentException("size must be > 0");
+ }
+ buffer = new byte[size];
+ }
+
+ @Override
+ public void flush() throws IOException {
+ flushInternal();
+ out.flush();
+ }
+
+ @Override
+ public void write(byte[] bytes, int offset, int length) throws IOException {
+ if (length >= buffer.length) {
+ flushInternal();
+ out.write(bytes, offset, length);
+ return;
+ }
+
+ // flush the internal buffer first if we have not enough space left
+ if (length >= (buffer.length - count)) {
+ flushInternal();
+ }
+
+ // the length is always less than (internalBuffer.length - count) here so arraycopy is safe
+ System.arraycopy(bytes, offset, buffer, count, length);
+ count += length;
+ }
+
+ @Override
+ public void write(int oneByte) throws IOException {
+ if (count == buffer.length) {
+ out.write(buffer, 0, count);
+ count = 0;
+ }
+ buffer[count++] = (byte) oneByte;
+ }
+
+ private void flushInternal() throws IOException {
+ if (count > 0) {
+ out.write(buffer, 0, count);
+ count = 0;
+ }
+ }
+}
diff --git a/src/main/java/org/apache/xml/security/utils/UnsyncByteArrayInputStream.java b/src/main/java/org/apache/xml/security/stax/impl/util/UnsynchronizedByteArrayInputStream.java
similarity index 95%
rename from src/main/java/org/apache/xml/security/utils/UnsyncByteArrayInputStream.java
rename to src/main/java/org/apache/xml/security/stax/impl/util/UnsynchronizedByteArrayInputStream.java
index 4782e91..b42208d 100644
--- a/src/main/java/org/apache/xml/security/utils/UnsyncByteArrayInputStream.java
+++ b/src/main/java/org/apache/xml/security/stax/impl/util/UnsynchronizedByteArrayInputStream.java
@@ -15,7 +15,7 @@
* limitations under the License.
*/
-package org.apache.xml.security.utils;
+package org.apache.xml.security.stax.impl.util;
import java.io.IOException;
import java.io.InputStream;
@@ -23,9 +23,9 @@
/**
* A specialized {@link InputStream } for reading the contents of a byte array.
*
- * @see UnsyncByteArrayOutputStream
+ * @see UnsynchronizedByteArrayOutputStream
*/
-public class UnsyncByteArrayInputStream extends InputStream {
+public class UnsynchronizedByteArrayInputStream extends InputStream {
/**
* The {@code byte} array containing the bytes to stream over.
*/
@@ -55,7 +55,7 @@
* @param buf
* the byte array to stream over.
*/
- public UnsyncByteArrayInputStream(byte buf[]) {
+ public UnsynchronizedByteArrayInputStream(byte buf[]) {
this.mark = 0;
this.buf = buf;
this.count = buf.length;
@@ -73,7 +73,7 @@
* @param length
* the number of bytes available for streaming.
*/
- public UnsyncByteArrayInputStream(byte buf[], int offset, int length) {
+ public UnsynchronizedByteArrayInputStream(byte buf[], int offset, int length) {
this.buf = buf;
pos = offset;
mark = offset;
diff --git a/src/main/java/org/apache/xml/security/stax/impl/util/UnsynchronizedByteArrayOutputStream.java b/src/main/java/org/apache/xml/security/stax/impl/util/UnsynchronizedByteArrayOutputStream.java
new file mode 100644
index 0000000..b0dbc28
--- /dev/null
+++ b/src/main/java/org/apache/xml/security/stax/impl/util/UnsynchronizedByteArrayOutputStream.java
@@ -0,0 +1,195 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.xml.security.stax.impl.util;
+
+import java.io.IOException;
+import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
+
+public class UnsynchronizedByteArrayOutputStream extends OutputStream {
+ /**
+ * The byte array containing the bytes written.
+ */
+ protected byte[] buf;
+
+ /**
+ * The number of bytes written.
+ */
+ protected int count;
+
+ /**
+ * Constructs a new ByteArrayOutputStream with a default size of 32 bytes.
+ * If more than 32 bytes are written to this instance, the underlying byte
+ * array will expand.
+ */
+ public UnsynchronizedByteArrayOutputStream() {
+ super();
+ buf = new byte[32];
+ }
+
+ /**
+ * Constructs a new {@code ByteArrayOutputStream} with a default size of
+ * {@code size} bytes. If more than {@code size} bytes are written to this
+ * instance, the underlying byte array will expand.
+ *
+ * @param size
+ * initial size for the underlying byte array, must be
+ * non-negative.
+ * @throws IllegalArgumentException
+ * if {@code size} < 0.
+ */
+ public UnsynchronizedByteArrayOutputStream(int size) {
+ super();
+ if (size < 0) {
+ throw new IllegalArgumentException("size must be >= 0");
+ }
+ buf = new byte[size];
+ }
+
+ private void expand(int i) {
+ /* Can the buffer handle @i more bytes, if not expand it */
+ if (count + i <= buf.length) {
+ return;
+ }
+
+ byte[] newbuf = new byte[(count + i) << 1];
+ System.arraycopy(buf, 0, newbuf, 0, count);
+ buf = newbuf;
+ }
+
+ /**
+ * Resets this stream to the beginning of the underlying byte array. All
+ * subsequent writes will overwrite any bytes previously stored in this
+ * stream.
+ */
+ public void reset() {
+ count = 0;
+ }
+
+ /**
+ * Returns the total number of bytes written to this stream so far.
+ *
+ * @return the number of bytes written to this stream.
+ */
+ public int size() {
+ return count;
+ }
+
+ /**
+ * Returns the contents of this ByteArrayOutputStream as a byte array. Any
+ * changes made to the receiver after returning will not be reflected in the
+ * byte array returned to the caller.
+ *
+ * @return this stream's current contents as a byte array.
+ */
+ public byte[] toByteArray() {
+ byte[] newArray = new byte[count];
+ System.arraycopy(buf, 0, newArray, 0, count);
+ return newArray;
+ }
+
+ /**
+ * Returns the contents of this ByteArrayOutputStream as a string. Any
+ * changes made to the receiver after returning will not be reflected in the
+ * string returned to the caller.
+ *
+ * @return this stream's current contents as a string.
+ */
+
+ @Override
+ public String toString() {
+ return new String(buf, 0, count);
+ }
+
+ /**
+ * Returns the contents of this ByteArrayOutputStream as a string converted
+ * according to the encoding declared in {@code enc}.
+ *
+ * @param enc
+ * a string representing the encoding to use when translating
+ * this stream to a string.
+ * @return this stream's current contents as an encoded string.
+ * @throws UnsupportedEncodingException
+ * if the provided encoding is not supported.
+ */
+ public String toString(String enc) throws UnsupportedEncodingException {
+ return new String(buf, 0, count, enc);
+ }
+
+ /**
+ * Writes {@code count} bytes from the byte array {@code buffer} starting at
+ * offset {@code index} to this stream.
+ *
+ * @param buffer
+ * the buffer to be written.
+ * @param offset
+ * the initial position in {@code buffer} to retrieve bytes.
+ * @param len
+ * the number of bytes of {@code buffer} to write.
+ * @throws NullPointerException
+ * if {@code buffer} is {@code null}.
+ * @throws IndexOutOfBoundsException
+ * if {@code offset < 0} or {@code len < 0}, or if
+ * {@code offset + len} is greater than the length of
+ * {@code buffer}.
+ */
+ @Override
+ public void write(byte[] buffer, int offset, int len) {
+ // avoid int overflow
+ if (offset < 0 || offset > buffer.length || len < 0
+ || len > buffer.length - offset) {
+ throw new IndexOutOfBoundsException();
+ }
+ if (len == 0) {
+ return;
+ }
+
+ /* Expand if necessary */
+ expand(len);
+ System.arraycopy(buffer, offset, buf, this.count, len);
+ this.count += len;
+ }
+
+ /**
+ * Writes the specified byte {@code oneByte} to the OutputStream. Only the
+ * low order byte of {@code oneByte} is written.
+ *
+ * @param oneByte
+ * the byte to be written.
+ */
+ @Override
+ public void write(int oneByte) {
+ if (count == buf.length) {
+ expand(1);
+ }
+ buf[count++] = (byte) oneByte;
+ }
+
+ /**
+ * Takes the contents of this stream and writes it to the output stream
+ * {@code out}.
+ *
+ * @param out
+ * an OutputStream on which to write the contents of this stream.
+ * @throws IOException
+ * if an error occurs while writing to {@code out}.
+ */
+ public void writeTo(OutputStream out) throws IOException {
+ out.write(buf, 0, count);
+ }
+}
diff --git a/src/main/java/org/apache/xml/security/transforms/implementations/TransformBase64Decode.java b/src/main/java/org/apache/xml/security/transforms/implementations/TransformBase64Decode.java
index 229731e..f17c386 100644
--- a/src/main/java/org/apache/xml/security/transforms/implementations/TransformBase64Decode.java
+++ b/src/main/java/org/apache/xml/security/transforms/implementations/TransformBase64Decode.java
@@ -18,18 +18,20 @@
*/
package org.apache.xml.security.transforms.implementations;
+import java.io.BufferedInputStream;
import java.io.IOException;
import java.io.OutputStream;
-import java.util.Base64;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.xml.security.c14n.CanonicalizationException;
+import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.transforms.Transform;
import org.apache.xml.security.transforms.TransformSpi;
import org.apache.xml.security.transforms.TransformationException;
import org.apache.xml.security.transforms.Transforms;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.XMLUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -37,8 +39,6 @@
import org.w3c.dom.Text;
import org.xml.sax.SAXException;
-import org.apache.xml.security.utils.JavaUtils;
-
/**
* Implements the <CODE>http://www.w3.org/2000/09/xmldsig#base64</CODE> decoding
* transform.
@@ -63,6 +63,7 @@
* The output of this transform is an octet stream.</p>
*
* @author Christian Geuer-Pollmann
+ * @see org.apache.xml.security.utils.Base64
*/
public class TransformBase64Decode extends TransformSpi {
@@ -98,66 +99,66 @@
protected XMLSignatureInput enginePerformTransform(
XMLSignatureInput input, OutputStream os, Transform transformObject
) throws IOException, CanonicalizationException, TransformationException {
- if (input.isElement()) {
- Node el = input.getSubNode();
- if (input.getSubNode().getNodeType() == Node.TEXT_NODE) {
- el = el.getParentNode();
- }
- StringBuilder sb = new StringBuilder();
- traverseElement((Element)el, sb);
- if (os == null) {
- byte[] decodedBytes = Base64.getMimeDecoder().decode(sb.toString());
- XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
- output.setSecureValidation(secureValidation);
- return output;
- }
- byte[] bytes = Base64.getMimeDecoder().decode(sb.toString());
- os.write(bytes);
- XMLSignatureInput output = new XMLSignatureInput((byte[])null);
- output.setSecureValidation(secureValidation);
- output.setOutputStream(os);
- return output;
- }
-
- if (input.isOctetStream() || input.isNodeSet()) {
- if (os == null) {
- byte[] base64Bytes = input.getBytes();
- byte[] decodedBytes = Base64.getMimeDecoder().decode(base64Bytes);
- XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
- output.setSecureValidation(secureValidation);
- return output;
- }
- if (input.isByteArray() || input.isNodeSet()) {
- byte[] bytes = Base64.getMimeDecoder().decode(input.getBytes());
- os.write(bytes);
- } else {
- byte[] inputBytes = JavaUtils.getBytesFromStream(input.getOctetStreamReal());
- byte[] bytes = Base64.getMimeDecoder().decode(inputBytes);
- os.write(bytes);
- }
- XMLSignatureInput output = new XMLSignatureInput((byte[])null);
- output.setSecureValidation(secureValidation);
- output.setOutputStream(os);
- return output;
- }
-
try {
- //Exceptional case there is current not text case testing this(Before it was a
- //a common case).
- Document doc =
- XMLUtils.createDocumentBuilder(false, secureValidation).parse(input.getOctetStream());
+ if (input.isElement()) {
+ Node el = input.getSubNode();
+ if (input.getSubNode().getNodeType() == Node.TEXT_NODE) {
+ el = el.getParentNode();
+ }
+ StringBuilder sb = new StringBuilder();
+ traverseElement((Element)el, sb);
+ if (os == null) {
+ byte[] decodedBytes = Base64.decode(sb.toString());
+ XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
+ output.setSecureValidation(secureValidation);
+ return output;
+ }
+ Base64.decode(sb.toString(), os);
+ XMLSignatureInput output = new XMLSignatureInput((byte[])null);
+ output.setSecureValidation(secureValidation);
+ output.setOutputStream(os);
+ return output;
+ }
- Element rootNode = doc.getDocumentElement();
- StringBuilder sb = new StringBuilder();
- traverseElement(rootNode, sb);
- byte[] decodedBytes = Base64.getMimeDecoder().decode(sb.toString());
- XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
- output.setSecureValidation(secureValidation);
- return output;
- } catch (ParserConfigurationException e) {
- throw new TransformationException(e, "c14n.Canonicalizer.Exception");
- } catch (SAXException e) {
- throw new TransformationException(e, "SAX exception");
+ if (input.isOctetStream() || input.isNodeSet()) {
+ if (os == null) {
+ byte[] base64Bytes = input.getBytes();
+ byte[] decodedBytes = Base64.decode(base64Bytes);
+ XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
+ output.setSecureValidation(secureValidation);
+ return output;
+ }
+ if (input.isByteArray() || input.isNodeSet()) {
+ Base64.decode(input.getBytes(), os);
+ } else {
+ Base64.decode(new BufferedInputStream(input.getOctetStreamReal()), os);
+ }
+ XMLSignatureInput output = new XMLSignatureInput((byte[])null);
+ output.setSecureValidation(secureValidation);
+ output.setOutputStream(os);
+ return output;
+ }
+
+ try {
+ //Exceptional case there is current not text case testing this(Before it was a
+ //a common case).
+ Document doc =
+ XMLUtils.createDocumentBuilder(false, secureValidation).parse(input.getOctetStream());
+
+ Element rootNode = doc.getDocumentElement();
+ StringBuilder sb = new StringBuilder();
+ traverseElement(rootNode, sb);
+ byte[] decodedBytes = Base64.decode(sb.toString());
+ XMLSignatureInput output = new XMLSignatureInput(decodedBytes);
+ output.setSecureValidation(secureValidation);
+ return output;
+ } catch (ParserConfigurationException e) {
+ throw new TransformationException(e, "c14n.Canonicalizer.Exception");
+ } catch (SAXException e) {
+ throw new TransformationException(e, "SAX exception");
+ }
+ } catch (Base64DecodingException e) {
+ throw new TransformationException(e, "Base64Decoding");
}
}
diff --git a/src/main/java/org/apache/xml/security/transforms/implementations/TransformXSLT.java b/src/main/java/org/apache/xml/security/transforms/implementations/TransformXSLT.java
index d53d010..7170734 100644
--- a/src/main/java/org/apache/xml/security/transforms/implementations/TransformXSLT.java
+++ b/src/main/java/org/apache/xml/security/transforms/implementations/TransformXSLT.java
@@ -21,7 +21,6 @@
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
-import java.io.InputStream;
import java.io.OutputStream;
import javax.xml.XMLConstants;
@@ -98,6 +97,8 @@
* attempt to convert it to octets (apply Canonical XML]) as described
* in the Reference Processing Model (section 4.3.3.2).
*/
+ Source xmlSource =
+ new StreamSource(new ByteArrayInputStream(input.getBytes()));
Source stylesheet;
/*
@@ -109,16 +110,15 @@
* so we convert the stylesheet to byte[] and use this as input stream
*/
{
- try (ByteArrayOutputStream os = new ByteArrayOutputStream()) {
- Transformer transformer = tFactory.newTransformer();
- DOMSource source = new DOMSource(xsltElement);
- StreamResult result = new StreamResult(os);
-
- transformer.transform(source, result);
-
- stylesheet =
- new StreamSource(new ByteArrayInputStream(os.toByteArray()));
- }
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ Transformer transformer = tFactory.newTransformer();
+ DOMSource source = new DOMSource(xsltElement);
+ StreamResult result = new StreamResult(os);
+
+ transformer.transform(source, result);
+
+ stylesheet =
+ new StreamSource(new ByteArrayInputStream(os.toByteArray()));
}
Transformer transformer = tFactory.newTransformer(stylesheet);
@@ -134,21 +134,17 @@
log.warn("Unable to set Xalan line-separator property: " + e.getMessage());
}
- try (InputStream is = new ByteArrayInputStream(input.getBytes())) {
- Source xmlSource = new StreamSource(is);
- if (baos == null) {
- try (ByteArrayOutputStream baos1 = new ByteArrayOutputStream()) {
- StreamResult outputTarget = new StreamResult(baos1);
- transformer.transform(xmlSource, outputTarget);
- XMLSignatureInput output = new XMLSignatureInput(baos1.toByteArray());
- output.setSecureValidation(secureValidation);
- return output;
- }
- }
- StreamResult outputTarget = new StreamResult(baos);
-
+ if (baos == null) {
+ ByteArrayOutputStream baos1 = new ByteArrayOutputStream();
+ StreamResult outputTarget = new StreamResult(baos1);
transformer.transform(xmlSource, outputTarget);
+ XMLSignatureInput output = new XMLSignatureInput(baos1.toByteArray());
+ output.setSecureValidation(secureValidation);
+ return output;
}
+ StreamResult outputTarget = new StreamResult(baos);
+
+ transformer.transform(xmlSource, outputTarget);
XMLSignatureInput output = new XMLSignatureInput((byte[])null);
output.setSecureValidation(secureValidation);
output.setOutputStream(baos);
diff --git a/src/main/java/org/apache/xml/security/utils/Base64.java b/src/main/java/org/apache/xml/security/utils/Base64.java
index e43b4a3..cbcdda2 100644
--- a/src/main/java/org/apache/xml/security/utils/Base64.java
+++ b/src/main/java/org/apache/xml/security/utils/Base64.java
@@ -41,7 +41,6 @@
* @see <A HREF="ftp://ftp.isi.edu/in-notes/rfc2045.txt">RFC 2045</A>
* @see org.apache.xml.security.transforms.implementations.TransformBase64Decode
*/
-@Deprecated
public class Base64 {
/** Field BASE64DEFAULTLENGTH */
diff --git a/src/main/java/org/apache/xml/security/utils/ElementProxy.java b/src/main/java/org/apache/xml/security/utils/ElementProxy.java
index 815ac73..3349593 100644
--- a/src/main/java/org/apache/xml/security/utils/ElementProxy.java
+++ b/src/main/java/org/apache/xml/security/utils/ElementProxy.java
@@ -20,9 +20,9 @@
import java.math.BigInteger;
import java.util.concurrent.ConcurrentHashMap;
-import java.util.Base64;
import java.util.Map;
+import org.apache.xml.security.exceptions.Base64DecodingException;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
@@ -266,14 +266,7 @@
if (bi != null) {
Element e = XMLUtils.createElementInSignatureSpace(getDocument(), localname);
- byte[] bytes = XMLUtils.getBytes(bi, bi.bitLength());
- String encodedInt = Base64.getMimeEncoder().encodeToString(bytes);
-
- Document doc = e.getOwnerDocument();
- Text text = doc.createTextNode(encodedInt);
-
- e.appendChild(text);
-
+ Base64.fillElementWithBigInteger(e, bi);
appendSelf(e);
addReturnToSelf();
}
@@ -291,12 +284,9 @@
*/
public void addBase64Element(byte[] bytes, String localname) {
if (bytes != null) {
- Element el = XMLUtils.createElementInSignatureSpace(getDocument(), localname);
- Text text = getDocument().createTextNode(Base64.getMimeEncoder().encodeToString(bytes));
+ Element e = Base64.encodeToElement(getDocument(), localname, bytes);
- el.appendChild(text);
-
- appendSelf(el);
+ appendSelf(e);
if (!XMLUtils.ignoreLineBreaks()) {
appendSelf(createText("\n"));
}
@@ -326,8 +316,8 @@
public void addBase64Text(byte[] bytes) {
if (bytes != null) {
Text t = XMLUtils.ignoreLineBreaks()
- ? createText(Base64.getMimeEncoder().encodeToString(bytes))
- : createText("\n" + Base64.getMimeEncoder().encodeToString(bytes) + "\n");
+ ? createText(Base64.encode(bytes))
+ : createText("\n" + Base64.encode(bytes) + "\n");
appendSelf(t);
}
}
@@ -367,12 +357,12 @@
*/
public BigInteger getBigIntegerFromChildElement(
String localname, String namespace
- ) {
- return new BigInteger(1, Base64.getMimeDecoder().decode(
+ ) throws Base64DecodingException {
+ return Base64.decodeBigIntegerFromString(
XMLUtils.selectNodeText(
getFirstChild(), namespace, localname, 0
).getNodeValue()
- ));
+ );
}
/**
@@ -397,7 +387,7 @@
* @throws XMLSecurityException
*/
public byte[] getBytesFromTextChild() throws XMLSecurityException {
- return Base64.getMimeDecoder().decode(getTextFromTextChild());
+ return Base64.decode(getTextFromTextChild());
}
/**
diff --git a/src/main/java/org/apache/xml/security/utils/JavaUtils.java b/src/main/java/org/apache/xml/security/utils/JavaUtils.java
index 1185b29..529d2e0 100644
--- a/src/main/java/org/apache/xml/security/utils/JavaUtils.java
+++ b/src/main/java/org/apache/xml/security/utils/JavaUtils.java
@@ -56,8 +56,11 @@
byte refBytes[] = null;
- try (FileInputStream fisRef = new FileInputStream(fileName);
- UnsyncByteArrayOutputStream baos = new UnsyncByteArrayOutputStream()) {
+ FileInputStream fisRef = null;
+ UnsyncByteArrayOutputStream baos = null;
+ try {
+ fisRef = new FileInputStream(fileName);
+ baos = new UnsyncByteArrayOutputStream();
byte buf[] = new byte[1024];
int len;
@@ -66,6 +69,13 @@
}
refBytes = baos.toByteArray();
+ } finally {
+ if (baos != null) {
+ baos.close();
+ }
+ if (fisRef != null) {
+ fisRef.close();
+ }
}
return refBytes;
@@ -78,18 +88,29 @@
* @param bytes
*/
public static void writeBytesToFilename(String filename, byte[] bytes) {
- if (filename != null && bytes != null) {
- File f = new File(filename);
- try (FileOutputStream fos = new FileOutputStream(f)) {
+ FileOutputStream fos = null;
+ try {
+ if (filename != null && bytes != null) {
+ File f = new File(filename);
+
+ fos = new FileOutputStream(f);
+
fos.write(bytes);
- } catch (IOException ex) {
+ fos.close();
+ } else {
if (log.isDebugEnabled()) {
- log.debug(ex.getMessage(), ex);
+ log.debug("writeBytesToFilename got null byte[] pointed");
}
}
- } else {
- if (log.isDebugEnabled()) {
- log.debug("writeBytesToFilename got null byte[] pointed");
+ } catch (IOException ex) {
+ if (fos != null) {
+ try {
+ fos.close();
+ } catch (IOException ioe) {
+ if (log.isDebugEnabled()) {
+ log.debug(ioe.getMessage(), ioe);
+ }
+ }
}
}
}
@@ -105,13 +126,16 @@
* @throws IOException
*/
public static byte[] getBytesFromStream(InputStream inputStream) throws IOException {
- try (UnsyncByteArrayOutputStream baos = new UnsyncByteArrayOutputStream()) {
+ UnsyncByteArrayOutputStream baos = new UnsyncByteArrayOutputStream();
+ try {
byte buf[] = new byte[4 * 1024];
int len;
while ((len = inputStream.read(buf)) > 0) {
baos.write(buf, 0, len);
}
return baos.toByteArray();
+ } finally {
+ baos.close();
}
}
diff --git a/src/main/java/org/apache/xml/security/utils/UnsyncBufferedOutputStream.java b/src/main/java/org/apache/xml/security/utils/UnsyncBufferedOutputStream.java
index 6639884..e41caa4 100644
--- a/src/main/java/org/apache/xml/security/utils/UnsyncBufferedOutputStream.java
+++ b/src/main/java/org/apache/xml/security/utils/UnsyncBufferedOutputStream.java
@@ -1,81 +1,94 @@
-/*
- * Licensed to the Apache Software Foundation (ASF) under one or more
- * contributor license agreements. See the NOTICE file distributed with
- * this work for additional information regarding copyright ownership.
- * The ASF licenses this file to You under the Apache License, Version 2.0
- * (the "License"); you may not use this file except in compliance with
- * the License. You may obtain a copy of the License at
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
*
- * http://www.apache.org/licenses/LICENSE-2.0
+ * http://www.apache.org/licenses/LICENSE-2.0
*
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
*/
-
package org.apache.xml.security.utils;
-import java.io.FilterOutputStream;
import java.io.IOException;
import java.io.OutputStream;
-public class UnsyncBufferedOutputStream extends FilterOutputStream {
+/**
+ * A class that buffers without synchronizing its methods
+ * @author raul
+ */
+public class UnsyncBufferedOutputStream extends OutputStream {
+ static final int size = 8*1024;
- protected byte[] buffer;
- protected int count;
+ private int pointer = 0;
+ private final OutputStream out;
+ private final byte[] buf;
+
+ /**
+ * Creates a buffered output stream without synchronization
+ * @param out the outputstream to buffer
+ */
public UnsyncBufferedOutputStream(OutputStream out) {
- super(out);
- buffer = new byte[8192];
+ buf = new byte[size];
+ this.out = out;
}
- public UnsyncBufferedOutputStream(OutputStream out, int size) {
- super(out);
- if (size <= 0) {
- throw new IllegalArgumentException("size must be > 0");
+ /** @inheritDoc */
+ public void write(byte[] arg0) throws IOException {
+ write(arg0, 0, arg0.length);
+ }
+
+ /** @inheritDoc */
+ public void write(byte[] arg0, int arg1, int len) throws IOException {
+ int newLen = pointer+len;
+ if (newLen > size) {
+ flushBuffer();
+ if (len > size) {
+ out.write(arg0, arg1,len);
+ return;
+ }
+ newLen = len;
}
- buffer = new byte[size];
+ System.arraycopy(arg0, arg1, buf, pointer, len);
+ pointer = newLen;
}
- @Override
+ private void flushBuffer() throws IOException {
+ if (pointer > 0) {
+ out.write(buf, 0, pointer);
+ }
+ pointer = 0;
+
+ }
+
+ /** @inheritDoc */
+ public void write(int arg0) throws IOException {
+ if (pointer >= size) {
+ flushBuffer();
+ }
+ buf[pointer++] = (byte)arg0;
+
+ }
+
+ /** @inheritDoc */
public void flush() throws IOException {
- flushInternal();
+ flushBuffer();
out.flush();
}
- @Override
- public void write(byte[] bytes, int offset, int length) throws IOException {
- if (length >= buffer.length) {
- flushInternal();
- out.write(bytes, offset, length);
- return;
- }
-
- // flush the internal buffer first if we have not enough space left
- if (length >= (buffer.length - count)) {
- flushInternal();
- }
-
- // the length is always less than (internalBuffer.length - count) here so arraycopy is safe
- System.arraycopy(bytes, offset, buffer, count, length);
- count += length;
+ /** @inheritDoc */
+ public void close() throws IOException {
+ flush();
+ out.close();
}
- @Override
- public void write(int oneByte) throws IOException {
- if (count == buffer.length) {
- out.write(buffer, 0, count);
- count = 0;
- }
- buffer[count++] = (byte) oneByte;
- }
-
- private void flushInternal() throws IOException {
- if (count > 0) {
- out.write(buffer, 0, count);
- count = 0;
- }
- }
}
diff --git a/src/main/java/org/apache/xml/security/utils/UnsyncByteArrayOutputStream.java b/src/main/java/org/apache/xml/security/utils/UnsyncByteArrayOutputStream.java
index 764bd81..73a9e35 100644
--- a/src/main/java/org/apache/xml/security/utils/UnsyncByteArrayOutputStream.java
+++ b/src/main/java/org/apache/xml/security/utils/UnsyncByteArrayOutputStream.java
@@ -18,7 +18,6 @@
*/
package org.apache.xml.security.utils;
-import java.io.IOException;
import java.io.OutputStream;
/**
@@ -86,19 +85,6 @@
pos = 0;
}
- /**
- * Takes the contents of this stream and writes it to the output stream
- * {@code out}.
- *
- * @param out
- * an OutputStream on which to write the contents of this stream.
- * @throws IOException
- * if an error occurs while writing to {@code out}.
- */
- public void writeTo(OutputStream out) throws IOException {
- out.write(buf, 0, pos);
- }
-
private void expandSize(int newPos) {
int newSize = size;
while (newPos > newSize) {
diff --git a/src/main/java/org/apache/xml/security/utils/XMLUtils.java b/src/main/java/org/apache/xml/security/utils/XMLUtils.java
index 4eddadb..02eccfe 100644
--- a/src/main/java/org/apache/xml/security/utils/XMLUtils.java
+++ b/src/main/java/org/apache/xml/security/utils/XMLUtils.java
@@ -22,7 +22,6 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
-import java.math.BigInteger;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.ArrayList;
@@ -1091,50 +1090,6 @@
return pools[idx].repool(db);
}
- /**
- * Returns a byte-array representation of a <code>{@link BigInteger}<code>.
- * No sign-bit is output.
- *
- * <b>N.B.:</B> <code>{@link BigInteger}<code>'s toByteArray
- * returns eventually longer arrays because of the leading sign-bit.
- *
- * @param big <code>BigInteger<code> to be converted
- * @param bitlen <code>int<code> the desired length in bits of the representation
- * @return a byte array with <code>bitlen</code> bits of <code>big</code>
- */
- public static byte[] getBytes(BigInteger big, int bitlen) {
-
- //round bitlen
- bitlen = ((bitlen + 7) >> 3) << 3;
-
- if (bitlen < big.bitLength()) {
- throw new IllegalArgumentException(I18n.translate("utils.Base64.IllegalBitlength"));
- }
-
- byte[] bigBytes = big.toByteArray();
-
- if (big.bitLength() % 8 != 0
- && big.bitLength() / 8 + 1 == bitlen / 8) {
- return bigBytes;
- }
-
- // some copying needed
- int startSrc = 0; // no need to skip anything
- int bigLen = bigBytes.length; //valid length of the string
-
- if (big.bitLength() % 8 == 0) { // correct values
- startSrc = 1; // skip sign bit
-
- bigLen--; // valid length of the string
- }
-
- int startDst = bitlen / 8 - bigLen; //pad with leading nulls
- byte[] resizedBytes = new byte[bitlen / 8];
-
- System.arraycopy(bigBytes, startSrc, resizedBytes, startDst, bigLen);
-
- return resizedBytes;
- }
/**
* We need this proxy wrapping DocumentBuilder to record the value
diff --git a/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java b/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java
index 97ad096..23c9dca 100644
--- a/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java
+++ b/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java
@@ -28,9 +28,9 @@
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
-import java.util.Base64;
import org.apache.xml.security.signature.XMLSignatureInput;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.resolver.ResourceResolverContext;
import org.apache.xml.security.utils.resolver.ResourceResolverException;
import org.apache.xml.security.utils.resolver.ResourceResolverSpi;
@@ -96,12 +96,14 @@
@Override
public XMLSignatureInput engineResolveURI(ResourceResolverContext context)
throws ResourceResolverException {
-
+ InputStream inputStream = null;
try {
+
// calculate new URI
URI uriNew = getNewURI(context.uriToResolve, context.baseUri);
URL url = uriNew.toURL();
- URLConnection urlConnection = openConnection(url);
+ URLConnection urlConnection;
+ urlConnection = openConnection(url);
// check if Basic authentication is required
String auth = urlConnection.getHeaderField("WWW-Authenticate");
@@ -117,7 +119,7 @@
urlConnection = openConnection(url);
String password = user + ":" + pass;
- String encodedPassword = Base64.getMimeEncoder().encodeToString(password.getBytes("ISO-8859-1"));
+ String encodedPassword = Base64.encode(password.getBytes("ISO-8859-1"));
// set authentication property in the http header
urlConnection.setRequestProperty("Authorization",
@@ -126,30 +128,28 @@
}
String mimeType = urlConnection.getHeaderField("Content-Type");
- try (ByteArrayOutputStream baos = new ByteArrayOutputStream();
- InputStream inputStream = urlConnection.getInputStream()) {
- byte[] buf = new byte[4096];
- int read = 0;
- int summarized = 0;
-
- while ((read = inputStream.read(buf)) >= 0) {
- baos.write(buf, 0, read);
- summarized += read;
- }
-
- if (log.isDebugEnabled()) {
- log.debug("Fetched " + summarized + " bytes from URI " + uriNew.toString());
- }
-
- XMLSignatureInput result = new XMLSignatureInput(baos.toByteArray());
- result.setSecureValidation(context.secureValidation);
+ inputStream = urlConnection.getInputStream();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ byte buf[] = new byte[4096];
+ int read = 0;
+ int summarized = 0;
- result.setSourceURI(uriNew.toString());
- result.setMIMEType(mimeType);
-
- return result;
+ while ((read = inputStream.read(buf)) >= 0) {
+ baos.write(buf, 0, read);
+ summarized += read;
}
+ if (log.isDebugEnabled()) {
+ log.debug("Fetched " + summarized + " bytes from URI " + uriNew.toString());
+ }
+
+ XMLSignatureInput result = new XMLSignatureInput(baos.toByteArray());
+ result.setSecureValidation(context.secureValidation);
+
+ result.setSourceURI(uriNew.toString());
+ result.setMIMEType(mimeType);
+
+ return result;
} catch (URISyntaxException ex) {
throw new ResourceResolverException(ex, context.uriToResolve, context.baseUri, "generic.EmptyMessage");
} catch (MalformedURLException ex) {
@@ -158,6 +158,16 @@
throw new ResourceResolverException(ex, context.uriToResolve, context.baseUri, "generic.EmptyMessage");
} catch (IllegalArgumentException e) {
throw new ResourceResolverException(e, context.uriToResolve, context.baseUri, "generic.EmptyMessage");
+ } finally {
+ if (inputStream != null) {
+ try {
+ inputStream.close();
+ } catch (IOException e) {
+ if (log.isDebugEnabled()) {
+ log.debug(e.getMessage(), e);
+ }
+ }
+ }
}
}
@@ -184,7 +194,7 @@
if (proxyUser != null && proxyPass != null) {
String password = proxyUser + ":" + proxyPass;
- String authString = "Basic " + Base64.getMimeEncoder().encodeToString(password.getBytes("ISO-8859-1"));
+ String authString = "Basic " + Base64.encode(password.getBytes("ISO-8859-1"));
urlConnection.setRequestProperty("Proxy-Authorization", authString);
}
diff --git a/src/test/java/javax/xml/crypto/test/OctetStreamDataTest.java b/src/test/java/javax/xml/crypto/test/OctetStreamDataTest.java
index d57fc68..90dd064 100644
--- a/src/test/java/javax/xml/crypto/test/OctetStreamDataTest.java
+++ b/src/test/java/javax/xml/crypto/test/OctetStreamDataTest.java
@@ -33,7 +33,7 @@
public class OctetStreamDataTest extends org.junit.Assert {
@org.junit.Test
- public void testConstructor() throws Exception {
+ public void testConstructor() {
// test OctetStreamData(InputStream) and
// OctetStreamData(InputStream, String, String)
OctetStreamData osdata;
@@ -49,8 +49,8 @@
int len = 300;
byte[] in = new byte[len];
new Random().nextBytes(in);
-
- try (ByteArrayInputStream bais = new ByteArrayInputStream(in)) {
+ ByteArrayInputStream bais = new ByteArrayInputStream(in);
+ try {
osdata = new OctetStreamData(bais);
assertNotNull(osdata);
assertEquals(osdata.getOctetStream(), bais);
@@ -62,14 +62,20 @@
assertEquals(osdata.getOctetStream(), bais);
assertNull(osdata.getURI());
assertNull(osdata.getMimeType());
+ } catch (Exception ex) {
+ fail("Unexpected Exception: " + ex);
+ }
- String uri="testUri";
- String mimeType="test";
+ String uri="testUri";
+ String mimeType="test";
+ try {
osdata = new OctetStreamData(bais, uri, mimeType);
assertNotNull(osdata);
assertEquals(osdata.getOctetStream(), bais);
assertEquals(osdata.getURI(), uri);
assertEquals(osdata.getMimeType(), mimeType);
+ } catch (Exception ex) {
+ fail("Unexpected Exception: " + ex);
}
}
}
diff --git a/src/test/java/javax/xml/crypto/test/dsig/CreateBaltimore23Test.java b/src/test/java/javax/xml/crypto/test/dsig/CreateBaltimore23Test.java
index bde433c..accf6a3 100644
--- a/src/test/java/javax/xml/crypto/test/dsig/CreateBaltimore23Test.java
+++ b/src/test/java/javax/xml/crypto/test/dsig/CreateBaltimore23Test.java
@@ -493,10 +493,7 @@
+ " </html>\n"
+ " </xsl:template>\n"
+ "</xsl:stylesheet>\n";
- Document docxslt = null;
- try (InputStream is = new ByteArrayInputStream(xslt.getBytes())) {
- docxslt = db.parse(is);
- }
+ Document docxslt = db.parse(new ByteArrayInputStream(xslt.getBytes()));
Node xslElem = docxslt.getDocumentElement();
manTrans.add(fac.newTransform(Transform.XSLT,
diff --git a/src/test/java/org/apache/xml/security/test/dom/CreateExclC14nInteropValues.java b/src/test/java/org/apache/xml/security/test/dom/CreateExclC14nInteropValues.java
index 3328516..a51b192 100644
--- a/src/test/java/org/apache/xml/security/test/dom/CreateExclC14nInteropValues.java
+++ b/src/test/java/org/apache/xml/security/test/dom/CreateExclC14nInteropValues.java
@@ -22,7 +22,6 @@
import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileOutputStream;
-import java.io.InputStream;
import javax.xml.parsers.DocumentBuilder;
@@ -197,10 +196,8 @@
+ "<included >" + "\n" + "</included>"
+ "\n" + "</notIncluded>" + "\n" + "</notIncluded>"
+ "\n" + "</included>";
- Document importDoc = null;
- try (InputStream is = new ByteArrayInputStream(xmlStr.getBytes("UTF8"))) {
- importDoc = db.parse(is);
- }
+ Document importDoc =
+ db.parse(new ByteArrayInputStream(xmlStr.getBytes()));
obj.getElement().appendChild(doc.createTextNode("\n"));
obj.getElement()
@@ -232,10 +229,8 @@
+ "<included >" + "\n" + "</included>"
+ "\n" + "</notIncluded>" + "\n" + "</notIncluded>"
+ "\n" + "</included>";
- Document importDoc = null;
- try (InputStream is = new ByteArrayInputStream(xmlStr.getBytes("UTF8"))) {
- importDoc = db.parse(is);
- }
+ Document importDoc =
+ db.parse(new ByteArrayInputStream(xmlStr.getBytes()));
obj.getElement().appendChild(doc.createTextNode("\n"));
obj.getElement()
@@ -267,10 +262,8 @@
+ "<included xml:lang='de'>" + "\n" + "</included>"
+ "\n" + "</notIncluded>" + "\n" + "</notIncluded>"
+ "\n" + "</included>";
- Document importDoc = null;
- try (InputStream is = new ByteArrayInputStream(xmlStr.getBytes("UTF8"))) {
- importDoc = db.parse(is);
- }
+ Document importDoc =
+ db.parse(new ByteArrayInputStream(xmlStr.getBytes()));
obj.getElement().appendChild(doc.createTextNode("\n"));
obj.getElement()
@@ -303,10 +296,8 @@
+ "<included >" + "\n" + "</included>"
+ "\n" + "</notIncluded>" + "\n" + "</included>"
+ "\n" + "</included>";
- Document importDoc = null;
- try (InputStream is = new ByteArrayInputStream(xmlStr.getBytes("UTF8"))) {
- importDoc = db.parse(is);
- }
+ Document importDoc =
+ db.parse(new ByteArrayInputStream(xmlStr.getBytes()));
obj.getElement().appendChild(doc.createTextNode("\n"));
obj.getElement()
@@ -340,11 +331,9 @@
+ "\n" + "<included >" + "\n"
+ "</included>" + "\n" + "</notIncluded>" + "\n"
+ "</included>" + "\n" + "</included>";
- Document importDoc = null;
- try (InputStream is = new ByteArrayInputStream(xmlStr.getBytes("UTF8"))) {
- importDoc = db.parse(is);
- }
-
+ Document importDoc =
+ db.parse(new ByteArrayInputStream(xmlStr.getBytes()));
+
obj.getElement().appendChild(doc.createTextNode("\n"));
obj.getElement()
.appendChild(doc.importNode(importDoc.getDocumentElement(), true));
@@ -377,10 +366,8 @@
+ "\n" + "<included>" + "\n" + "</included>" + "\n"
+ "</notIncluded>" + "\n" + "</included>" + "\n"
+ "</included>";
- Document importDoc = null;
- try (InputStream is = new ByteArrayInputStream(xmlStr.getBytes("UTF8"))) {
- importDoc = db.parse(is);
- }
+ Document importDoc =
+ db.parse(new ByteArrayInputStream(xmlStr.getBytes()));
obj.getElement().appendChild(doc.createTextNode("\n"));
obj.getElement()
diff --git a/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Canonicalizer20010315Test.java b/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Canonicalizer20010315Test.java
index ff7a380..d0a548b 100644
--- a/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Canonicalizer20010315Test.java
+++ b/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Canonicalizer20010315Test.java
@@ -676,10 +676,7 @@
//J+
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
- Document doc = null;
- try (InputStream is = new ByteArrayInputStream(inputStr.getBytes())) {
- doc = db.parse(is);
- }
+ Document doc = db.parse(new ByteArrayInputStream(inputStr.getBytes()));
boolean weCatchedTheRelativeNS = false;
try {
@@ -991,10 +988,7 @@
db.setErrorHandler(new IgnoreAllErrorHandler());
- Document doc = null;
- try (InputStream is = new ByteArrayInputStream(input.getBytes())) {
- doc = db.parse(is);
- }
+ Document doc = db.parse(new ByteArrayInputStream(input.getBytes()));
Canonicalizer c14nizer =
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N_OMIT_COMMENTS);
@@ -1117,10 +1111,7 @@
//String ENCODING_UTF8 = "UTF-8";
String ENCODING_UTF16 = "UTF-16";
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
- Document doc = null;
- try (InputStream is = new ByteArrayInputStream(input)) {
- doc = db.parse(is);
- }
+ Document doc = db.parse(new ByteArrayInputStream(input));
TransformerFactory tFactory = TransformerFactory.newInstance();
Transformer transformer = tFactory.newTransformer();
diff --git a/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Santuario191Test.java b/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Santuario191Test.java
index 8c26b22..45903bd 100644
--- a/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Santuario191Test.java
+++ b/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Santuario191Test.java
@@ -20,7 +20,6 @@
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
-import java.io.InputStream;
import javax.xml.parsers.DocumentBuilder;
@@ -65,10 +64,7 @@
// Parse the Data
//
db = XMLUtils.createDocumentBuilder(false);
- Document doc = null;
- try (InputStream is = new ByteArrayInputStream(INPUT_DATA.getBytes("UTF8"))) {
- doc = db.parse(is);
- }
+ Document doc = db.parse(new ByteArrayInputStream(INPUT_DATA.getBytes("UTF8")));
//
// Canonicalize the data
diff --git a/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Santuario273Test.java b/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Santuario273Test.java
index 8b8190b..21e60ff 100644
--- a/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Santuario273Test.java
+++ b/src/test/java/org/apache/xml/security/test/dom/c14n/implementations/Santuario273Test.java
@@ -19,7 +19,6 @@
package org.apache.xml.security.test.dom.c14n.implementations;
import java.io.ByteArrayInputStream;
-import java.io.InputStream;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.xpath.XPath;
@@ -80,10 +79,9 @@
DocumentBuilder documentBuilder = XMLUtils.createDocumentBuilder(true);
documentBuilder.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
- Document doc = null;
- try (InputStream is = new ByteArrayInputStream(input.getBytes())) {
- doc = documentBuilder.parse(is);
- }
+ byte inputBytes[] = input.getBytes();
+ Document doc =
+ documentBuilder.parse(new ByteArrayInputStream(inputBytes));
Canonicalizer c14n =
Canonicalizer.getInstance(Canonicalizer.ALGO_ID_C14N11_OMIT_COMMENTS);
diff --git a/src/test/java/org/apache/xml/security/test/dom/encryption/EncryptContentTest.java b/src/test/java/org/apache/xml/security/test/dom/encryption/EncryptContentTest.java
index 8d87f37..1789193 100644
--- a/src/test/java/org/apache/xml/security/test/dom/encryption/EncryptContentTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/encryption/EncryptContentTest.java
@@ -19,7 +19,6 @@
package org.apache.xml.security.test.dom.encryption;
import java.io.ByteArrayInputStream;
-import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import javax.crypto.Cipher;
@@ -113,10 +112,7 @@
return;
}
- Document doc = null;
- try (InputStream is = new ByteArrayInputStream(DATA.getBytes("UTF8"))) {
- doc = db.parse(is);
- }
+ Document doc = db.parse(new ByteArrayInputStream(DATA.getBytes("UTF8")));
NodeList dataToEncrypt = doc.getElementsByTagName("user");
XMLCipher dataCipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES);
@@ -165,10 +161,7 @@
return;
}
- Document doc = null;
- try (InputStream is = new ByteArrayInputStream(MULTIPLE_USER_DATA.getBytes("UTF8"))) {
- doc = db.parse(is);
- }
+ Document doc = db.parse(new ByteArrayInputStream(MULTIPLE_USER_DATA.getBytes("UTF8")));
NodeList dataToEncrypt = doc.getElementsByTagName("user");
XMLCipher dataCipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES);
diff --git a/src/test/java/org/apache/xml/security/test/dom/encryption/SignedEncryptedTest.java b/src/test/java/org/apache/xml/security/test/dom/encryption/SignedEncryptedTest.java
index 4004918..1bc1619 100644
--- a/src/test/java/org/apache/xml/security/test/dom/encryption/SignedEncryptedTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/encryption/SignedEncryptedTest.java
@@ -40,7 +40,6 @@
import javax.xml.xpath.XPathConstants;
import javax.xml.xpath.XPathFactory;
import java.io.ByteArrayInputStream;
-import java.io.InputStream;
import java.lang.reflect.Field;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
@@ -102,10 +101,7 @@
public void secureAndVerify(TransformerFactory transformerFactory, boolean useDocumentSerializer) throws Exception {
DocumentBuilder builder = XMLUtils.createDocumentBuilder(false);
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(SAMPLE_MSG.getBytes("UTF8"))) {
- document = builder.parse(is);
- }
+ Document document = builder.parse(new ByteArrayInputStream(SAMPLE_MSG.getBytes("UTF-8")));
// Set up the Key
KeyPairGenerator rsaKeygen = KeyPairGenerator.getInstance("RSA");
diff --git a/src/test/java/org/apache/xml/security/test/dom/encryption/XMLCipherTest.java b/src/test/java/org/apache/xml/security/test/dom/encryption/XMLCipherTest.java
index 1ac2020..6d8cff7 100644
--- a/src/test/java/org/apache/xml/security/test/dom/encryption/XMLCipherTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/encryption/XMLCipherTest.java
@@ -21,7 +21,6 @@
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
-import java.io.InputStream;
import java.lang.reflect.Constructor;
import java.security.Key;
import java.security.KeyPairGenerator;
@@ -735,10 +734,7 @@
// Test inherited namespaces don't add extra attributes
// Test unused namespaces are preserved
final String DATA1 = "<ns:root xmlns:ns=\"ns.com\"><ns:elem xmlns:ns2=\"ns2.com\">11</ns:elem></ns:root>";
- Document doc = null;
- try (InputStream is = new ByteArrayInputStream(DATA1.getBytes("UTF8"))) {
- doc = db.parse(is);
- }
+ Document doc = db.parse(new ByteArrayInputStream(DATA1.getBytes("UTF8")));
Element elem = (Element)doc.getDocumentElement().getFirstChild();
XMLCipher dataCipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES);
@@ -762,9 +758,7 @@
// Test default namespace undeclaration is preserved
final String DATA2 = "<ns:root xmlns=\"defns.com\" xmlns:ns=\"ns.com\"><elem xmlns=\"\">11</elem></ns:root>";
- try (InputStream is = new ByteArrayInputStream(DATA2.getBytes("UTF8"))) {
- doc = db.parse(is);
- }
+ doc = db.parse(new ByteArrayInputStream(DATA2.getBytes("UTF8")));
elem = (Element)doc.getDocumentElement().getFirstChild();
dataCipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES);
@@ -789,9 +783,7 @@
// Test comments and PIs are not treated specially when serializing element content.
// Other c14n algorithms add a newline after comments and PIs, when they are before or after the document element.
final String DATA3 = "<root><!--comment1--><?pi1 target1?><elem/><!--comment2--><?pi2 target2?></root>";
- try (InputStream is = new ByteArrayInputStream(DATA3.getBytes("UTF8"))) {
- doc = db.parse(is);
- }
+ doc = db.parse(new ByteArrayInputStream(DATA3.getBytes("UTF8")));
elem = (Element)doc.getDocumentElement();
dataCipher = XMLCipher.getInstance(XMLCipher.TRIPLEDES);
@@ -858,10 +850,10 @@
String before = baos.toString("UTF-8");
byte[] serialized = baos.toByteArray();
- EncryptedData encryptedData = null;
- try (InputStream is = new ByteArrayInputStream(serialized)) {
- encryptedData = cipher.encryptData(d, EncryptionConstants.TYPE_ELEMENT, is);
- }
+ EncryptedData encryptedData =
+ cipher.encryptData(
+ d, EncryptionConstants.TYPE_ELEMENT, new ByteArrayInputStream(serialized)
+ );
//decrypt
XMLCipher dcipher = XMLCipher.getInstance(XMLCipher.AES_128);
@@ -873,9 +865,7 @@
assertEquals(before, after);
// test with null type
- try (InputStream is = new ByteArrayInputStream(serialized)) {
- encryptedData = cipher.encryptData(d, null, is);
- }
+ encryptedData = cipher.encryptData(d, null, new ByteArrayInputStream(serialized));
}
@org.junit.Test
diff --git a/src/test/java/org/apache/xml/security/test/dom/encryption/XMLEncryption11Test.java b/src/test/java/org/apache/xml/security/test/dom/encryption/XMLEncryption11Test.java
index ecbb83c..510adab 100644
--- a/src/test/java/org/apache/xml/security/test/dom/encryption/XMLEncryption11Test.java
+++ b/src/test/java/org/apache/xml/security/test/dom/encryption/XMLEncryption11Test.java
@@ -28,7 +28,6 @@
import java.security.Security;
import java.security.cert.Certificate;
import java.security.cert.X509Certificate;
-import java.util.Base64;
import java.util.HashMap;
import java.util.Map;
@@ -49,6 +48,7 @@
import org.apache.xml.security.keys.content.X509Data;
import org.apache.xml.security.keys.content.x509.XMLX509Certificate;
import org.apache.xml.security.test.dom.DSNamespaceContext;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.EncryptionConstants;
import org.apache.xml.security.utils.XMLUtils;
// import org.apache.xml.security.utils.XMLUtils;
@@ -525,7 +525,7 @@
"http://www.w3.org/2009/xmlenc11#rsa-oaep",
"http://www.w3.org/2001/04/xmlenc#sha512",
"http://www.w3.org/2009/xmlenc11#mgf1sha1",
- Base64.getMimeDecoder().decode("ZHVtbXkxMjM=".getBytes("UTF-8"))
+ Base64.decode("ZHVtbXkxMjM=".getBytes("UTF-8"))
);
doc =
diff --git a/src/test/java/org/apache/xml/security/test/dom/keys/DEREncodedKeyValueTest.java b/src/test/java/org/apache/xml/security/test/dom/keys/DEREncodedKeyValueTest.java
index a250a71..a19dddd 100644
--- a/src/test/java/org/apache/xml/security/test/dom/keys/DEREncodedKeyValueTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/keys/DEREncodedKeyValueTest.java
@@ -25,11 +25,11 @@
import java.security.PublicKey;
import java.security.Security;
import java.security.spec.X509EncodedKeySpec;
-import java.util.Base64;
import javax.xml.parsers.DocumentBuilder;
import org.apache.xml.security.keys.content.DEREncodedKeyValue;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.JavaUtils;
import org.apache.xml.security.utils.XMLUtils;
@@ -186,7 +186,7 @@
private PublicKey loadPublicKey(String filePath, String algorithm) throws Exception {
String fileData = new String(JavaUtils.getBytesFromFile(getControlFilePath(filePath)));
- byte[] keyBytes = Base64.getMimeDecoder().decode(fileData);
+ byte[] keyBytes = Base64.decode(fileData);
KeyFactory kf = KeyFactory.getInstance(algorithm);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
return kf.generatePublic(keySpec);
diff --git a/src/test/java/org/apache/xml/security/test/dom/keys/content/x509/XMLX509DigestTest.java b/src/test/java/org/apache/xml/security/test/dom/keys/content/x509/XMLX509DigestTest.java
index 43fdad9..82b40b9 100644
--- a/src/test/java/org/apache/xml/security/test/dom/keys/content/x509/XMLX509DigestTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/keys/content/x509/XMLX509DigestTest.java
@@ -21,12 +21,12 @@
import java.io.FileInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
-import java.util.Base64;
import javax.xml.parsers.DocumentBuilder;
import org.apache.xml.security.Init;
import org.apache.xml.security.keys.content.x509.XMLX509Digest;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.XMLUtils;
import org.junit.Assert;
@@ -53,7 +53,7 @@
certControl = loadCertificate("cert-X509Digest.crt");
- digestControl = Base64.getMimeDecoder().decode(digestBase64Control);
+ digestControl = Base64.decode(digestBase64Control);
if (!Init.isInitialized()) {
Init.init();
diff --git a/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/KeyInfoReferenceResolverTest.java b/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/KeyInfoReferenceResolverTest.java
index cb2176c..eb3fe5d 100644
--- a/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/KeyInfoReferenceResolverTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/keys/keyresolver/KeyInfoReferenceResolverTest.java
@@ -24,12 +24,12 @@
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.security.spec.X509EncodedKeySpec;
-import java.util.Base64;
import javax.xml.parsers.DocumentBuilder;
import org.apache.xml.security.Init;
import org.apache.xml.security.keys.KeyInfo;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.Constants;
import org.apache.xml.security.utils.JavaUtils;
import org.apache.xml.security.utils.XMLUtils;
@@ -143,7 +143,7 @@
private PublicKey loadPublicKey(String filePath, String algorithm) throws Exception {
String fileData = new String(JavaUtils.getBytesFromFile(getControlFilePath(filePath)));
- byte[] keyBytes = Base64.getMimeDecoder().decode(fileData);
+ byte[] keyBytes = Base64.decode(fileData);
KeyFactory kf = KeyFactory.getInstance(algorithm);
X509EncodedKeySpec keySpec = new X509EncodedKeySpec(keyBytes);
return kf.generatePublic(keySpec);
diff --git a/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenAlgorithmTest.java b/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenAlgorithmTest.java
index 92b082b..1208d4d 100644
--- a/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenAlgorithmTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/secure_val/ForbiddenAlgorithmTest.java
@@ -55,9 +55,7 @@
readAndVerifySignature("src/test/resources/interop/c14n/Y2", "signature-joseph-exc.xml", true);
fail("Failure expected when secure validation is enabled");
} catch (XMLSignatureException ex) {
- String error = "It is forbidden to use algorithm http://www.w3.org/2001/04/xmldsig-more#md5 "
- + "when secure validation is enabled";
- assertTrue(ex.getMessage().equals(error));
+ assertTrue(ex.getMessage().contains("no XMLSignatureInput"));
}
}
diff --git a/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java b/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java
index a0eb377..a9ec5c1 100644
--- a/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/signature/CreateSignatureTest.java
@@ -21,7 +21,6 @@
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
-import java.io.InputStream;
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
@@ -194,9 +193,7 @@
String signedDoc = new String(bos.toByteArray());
// Now Verify
- try (InputStream is = new ByteArrayInputStream(signedDoc.getBytes())) {
- doc = db.parse(is);
- }
+ doc = db.parse(new ByteArrayInputStream(signedDoc.getBytes()));
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
@@ -214,10 +211,7 @@
public void testCanonicalizedOctetStream() throws Exception {
String signedXML = doSign();
- Document doc = null;
- try (InputStream is = new ByteArrayInputStream(signedXML.getBytes())) {
- doc = db.parse(is);
- }
+ Document doc = db.parse(new ByteArrayInputStream(signedXML.getBytes()));
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
@@ -337,10 +331,7 @@
}
private void doVerify(String signedXML) throws Exception {
- Document doc = null;
- try (InputStream is = new ByteArrayInputStream(signedXML.getBytes())) {
- doc = db.parse(is);
- }
+ Document doc = db.parse(new ByteArrayInputStream(signedXML.getBytes()));
XPathFactory xpf = XPathFactory.newInstance();
XPath xpath = xpf.newXPath();
diff --git a/src/test/java/org/apache/xml/security/test/dom/signature/ECDSASignatureTest.java b/src/test/java/org/apache/xml/security/test/dom/signature/ECDSASignatureTest.java
index d7c05c7..c976602 100644
--- a/src/test/java/org/apache/xml/security/test/dom/signature/ECDSASignatureTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/signature/ECDSASignatureTest.java
@@ -126,9 +126,9 @@
File file =
makeDataFile("src/test/resources/org/apache/xml/security/samples/input/ecdsaSignature.xml");
- try (InputStream is = new FileInputStream(file)) {
- doVerify(is);
- }
+ InputStream is = new FileInputStream(file);
+
+ doVerify(is);
}
@org.junit.Test
@@ -139,9 +139,9 @@
}
File file = makeDataFile("src/test/resources/at/buergerkarte/testresp.xml");
- try (InputStream is = new FileInputStream(file)) {
- doVerify(is);
- }
+ InputStream is = new FileInputStream(file);
+
+ doVerify(is);
}
private byte[] doSign() throws Exception {
@@ -183,9 +183,7 @@
}
private void doVerify(byte[] signedXml) throws Exception {
- try (InputStream is = new ByteArrayInputStream(signedXml)) {
- doVerify(is);
- }
+ doVerify(new ByteArrayInputStream(signedXml));
}
private void doVerify(InputStream is) throws Exception {
diff --git a/src/test/java/org/apache/xml/security/test/dom/signature/X509DataTest.java b/src/test/java/org/apache/xml/security/test/dom/signature/X509DataTest.java
index 2ae33c9..0f28485 100644
--- a/src/test/java/org/apache/xml/security/test/dom/signature/X509DataTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/signature/X509DataTest.java
@@ -21,7 +21,6 @@
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.FileInputStream;
-import java.io.InputStream;
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
@@ -74,10 +73,7 @@
private XMLSignature getSignature(byte[] s) throws Exception {
javax.xml.parsers.DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
- Document doc = null;
- try (InputStream is = new ByteArrayInputStream(s)) {
- doc = db.parse(is);
- }
+ Document doc = db.parse(new ByteArrayInputStream(s));
Element el = (Element)doc.getFirstChild();
return new XMLSignature(el, "");
}
diff --git a/src/test/java/org/apache/xml/security/test/dom/signature/XMLSignatureInputTest.java b/src/test/java/org/apache/xml/security/test/dom/signature/XMLSignatureInputTest.java
index be5b97f..aa862b9 100644
--- a/src/test/java/org/apache/xml/security/test/dom/signature/XMLSignatureInputTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/signature/XMLSignatureInputTest.java
@@ -109,32 +109,29 @@
@org.junit.Test
public void testIsInitializedWithOctetStream() throws IOException {
- try (InputStream inputStream =
- new ByteArrayInputStream(_octetStreamTextInput.getBytes())) {
- XMLSignatureInput input = new XMLSignatureInput(inputStream);
+ InputStream inputStream =
+ new ByteArrayInputStream(_octetStreamTextInput.getBytes());
+ XMLSignatureInput input = new XMLSignatureInput(inputStream);
- assertTrue("Input is initialized", input.isInitialized());
- }
+ assertTrue("Input is initialized", input.isInitialized());
}
@org.junit.Test
public void testOctetStreamIsOctetStream() throws IOException {
- try (InputStream inputStream =
- new ByteArrayInputStream(_octetStreamTextInput.getBytes())) {
- XMLSignatureInput input = new XMLSignatureInput(inputStream);
+ InputStream inputStream =
+ new ByteArrayInputStream(_octetStreamTextInput.getBytes());
+ XMLSignatureInput input = new XMLSignatureInput(inputStream);
- assertTrue("Input is octet stream", input.isOctetStream());
- }
+ assertTrue("Input is octet stream", input.isOctetStream());
}
@org.junit.Test
public void testOctetStreamIsNotNodeSet() throws IOException {
- try (InputStream inputStream =
- new ByteArrayInputStream(_octetStreamTextInput.getBytes())) {
- XMLSignatureInput input = new XMLSignatureInput(inputStream);
+ InputStream inputStream =
+ new ByteArrayInputStream(_octetStreamTextInput.getBytes());
+ XMLSignatureInput input = new XMLSignatureInput(inputStream);
- assertTrue("Input is not node set", !input.isNodeSet());
- }
+ assertTrue("Input is not node set", !input.isNodeSet());
}
}
diff --git a/src/test/java/org/apache/xml/security/test/dom/transforms/EmptyNamespaceTest.java b/src/test/java/org/apache/xml/security/test/dom/transforms/EmptyNamespaceTest.java
index f334561..6621a2d 100644
--- a/src/test/java/org/apache/xml/security/test/dom/transforms/EmptyNamespaceTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/transforms/EmptyNamespaceTest.java
@@ -77,16 +77,16 @@
transformer.setProperties(properties);
- try (ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
- InputStream stream = new ByteArrayInputStream(message.getBytes("UTF-8"))) {
- transformer.setOutputStream(outputStream);
+ ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
- transformer.transform(stream);
- transformer.doFinal();
-
- String result = outputStream.toString();
- Assert.assertEquals(message, result);
- }
+ transformer.setOutputStream(outputStream);
+ InputStream stream = new ByteArrayInputStream(message.getBytes("UTF-8"));
+
+ transformer.transform(stream);
+ transformer.doFinal();
+
+ String result = outputStream.toString();
+ Assert.assertEquals(message, result);
}
@org.junit.Test
@@ -100,10 +100,7 @@
documentBuilderFactory.setNamespaceAware(true);
documentBuilderFactory.setValidating(false);
final DocumentBuilder documentBuilder = documentBuilderFactory.newDocumentBuilder();
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(message.getBytes("UTF-8"))) {
- document = documentBuilder.parse(is);
- }
+ final Document document = documentBuilder.parse(new ByteArrayInputStream(message.getBytes("UTF-8")));
String inclusiveNamespaces = "SOAP-ENV ec ec1 ns0 ns1 ns11 ns2 ns4 ns9";
byte[] output =
diff --git a/src/test/java/org/apache/xml/security/test/dom/transforms/implementations/TransformBase64DecodeTest.java b/src/test/java/org/apache/xml/security/test/dom/transforms/implementations/TransformBase64DecodeTest.java
index e0b422b..2d65aa1 100644
--- a/src/test/java/org/apache/xml/security/test/dom/transforms/implementations/TransformBase64DecodeTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/transforms/implementations/TransformBase64DecodeTest.java
@@ -19,7 +19,6 @@
package org.apache.xml.security.test.dom.transforms.implementations;
import java.io.ByteArrayInputStream;
-import java.io.InputStream;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.ParserConfigurationException;
@@ -61,10 +60,8 @@
doc.appendChild(t.getElement());
t.addTransform(TransformBase64Decode.implementedTransformURI);
- XMLSignatureInput in = null;
- try (InputStream is = new ByteArrayInputStream(s1.getBytes())) {
- in = new XMLSignatureInput(is);
- }
+ XMLSignatureInput in =
+ new XMLSignatureInput(new ByteArrayInputStream(s1.getBytes()));
XMLSignatureInput out = t.performTransforms(in);
String result = new String(out.getBytes());
@@ -85,10 +82,8 @@
t.addTransform(TransformBase64Decode.implementedTransformURI);
- XMLSignatureInput in = null;
- try (InputStream is = new ByteArrayInputStream(s2.getBytes())) {
- in = new XMLSignatureInput(is);
- }
+ XMLSignatureInput in =
+ new XMLSignatureInput(new ByteArrayInputStream(s2.getBytes()));
XMLSignatureInput out = t.performTransforms(t.performTransforms(in));
String result = new String(out.getBytes());
@@ -113,10 +108,7 @@
db.setErrorHandler(new org.apache.xml.security.utils.IgnoreAllErrorHandler());
- Document doc = null;
- try (InputStream is = new ByteArrayInputStream(input.getBytes())) {
- doc = db.parse(is);
- }
+ Document doc = db.parse(new ByteArrayInputStream(input.getBytes()));
//XMLUtils.circumventBug2650(doc);
XPathFactory xpf = XPathFactory.newInstance();
diff --git a/src/test/java/org/apache/xml/security/test/dom/transforms/implementations/Xpath2TransformationTest.java b/src/test/java/org/apache/xml/security/test/dom/transforms/implementations/Xpath2TransformationTest.java
index 38a449f..636ea5d 100644
--- a/src/test/java/org/apache/xml/security/test/dom/transforms/implementations/Xpath2TransformationTest.java
+++ b/src/test/java/org/apache/xml/security/test/dom/transforms/implementations/Xpath2TransformationTest.java
@@ -127,11 +127,10 @@
" </edoc:ObjectContent>\n" +
" </edoc:Object>";
+ ByteArrayInputStream is = new ByteArrayInputStream(sig.getBytes());
+
javax.xml.parsers.DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
- org.w3c.dom.Document doc = null;
- try (ByteArrayInputStream is = new ByteArrayInputStream(sig.getBytes())) {
- doc = db.parse(is);
- }
+ org.w3c.dom.Document doc = db.parse(is);
Element sigElement =
(Element) doc.getElementsByTagNameNS(
Constants.SignatureSpecNS, Constants._TAG_SIGNATURE).item(0);
diff --git a/src/test/java/org/apache/xml/security/test/dom/utils/Base64Test.java b/src/test/java/org/apache/xml/security/test/dom/utils/Base64Test.java
new file mode 100644
index 0000000..43a7e50
--- /dev/null
+++ b/src/test/java/org/apache/xml/security/test/dom/utils/Base64Test.java
@@ -0,0 +1,110 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.xml.security.test.dom.utils;
+
+import java.io.ByteArrayOutputStream;
+
+import org.apache.xml.security.utils.Base64;
+import org.apache.xml.security.utils.XMLUtils;
+
+
+/**
+ * Unit test for {@link org.apache.xml.security.utils.Base64}
+ *
+ * @author Christian Geuer-Pollmann
+ */
+public class Base64Test extends org.junit.Assert {
+
+ static org.slf4j.Logger log =
+ org.slf4j.LoggerFactory.getLogger(Base64Test.class);
+
+ static {
+ org.apache.xml.security.Init.init();
+ }
+
+ @org.junit.Test
+ public void testA1() throws Exception {
+ String textData = "Hallo";
+ String result0 = Base64.encode(textData.getBytes("UTF-8"));
+ assertNotNull("Result of encoding result0", result0);
+
+ byte resultBytes[] = Base64.decode(result0);
+ String resultStr = new String(resultBytes, "UTF-8");
+
+ assertEquals("Result of decoding", 0, textData.compareTo(resultStr));
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ Base64.decode(result0.getBytes(),os);
+ resultStr = new String(os.toByteArray(), "UTF-8");
+ assertEquals("Result of decoding", 0, textData.compareTo(resultStr));
+ }
+
+ @org.junit.Test
+ public void testWrap1() throws java.io.UnsupportedEncodingException,Exception {
+ String inputData = "The quick brown fox jumps over the lazy dog and some extr";
+ String expectedResult =
+ "VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZyBhbmQgc29tZSBleHRy";
+ String result = Base64.encode(inputData.getBytes("UTF-8"));
+ assertEquals("Result of encoding", result, expectedResult);
+
+ String result2 = new String(Base64.decode(result), "UTF-8");
+ assertEquals("Result of encoding", result2, inputData);
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ Base64.decode(expectedResult.getBytes(),os);
+ result2 = new String(os.toByteArray(), "UTF-8");
+ assertEquals("Result of encoding", result2, inputData);
+ }
+
+ @org.junit.Test
+ public void testWrap2() throws java.io.UnsupportedEncodingException, Exception {
+
+ String inputData =
+ "The quick brown fox jumps over the lazy dog and some extra text that will cause a line wrap";
+ String expectedResult = null;
+ if (XMLUtils.ignoreLineBreaks()) {
+ expectedResult =
+ "VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZyBhbmQgc29tZSBleHRyYSB0ZXh0IHRoYXQgd2lsbCBjYXVzZSBhIGxpbmUgd3JhcA==";
+ } else {
+ expectedResult =
+ "VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZyBhbmQgc29tZSBleHRy\r\nYSB0ZXh0IHRoYXQgd2lsbCBjYXVzZSBhIGxpbmUgd3JhcA==";
+ }
+ String result = Base64.encode(inputData.getBytes("UTF-8"));
+ assertEquals("Result of encoding", result, expectedResult);
+
+ String result2 = new String(Base64.decode(result), "UTF-8");
+ assertEquals("Result of encoding", result2, inputData);
+ ByteArrayOutputStream os = new ByteArrayOutputStream();
+ Base64.decode(expectedResult.getBytes(),os);
+ result2 = new String(os.toByteArray(), "UTF-8");
+ assertEquals("Result of encoding", result2, inputData);
+ }
+
+ @org.junit.Test
+ public void testLineWrap() throws Exception {
+
+ String key = "asfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasfasf";
+
+ String masterKey1 = Base64.encode(key.getBytes());
+ String masterKey2 =
+ new String( org.apache.commons.codec.binary.Base64.encodeBase64Chunked(key.getBytes())).trim();
+ // System.out.println("K1: " + masterKey1 + "@@" + masterKey1.length());
+ // System.out.println("K2: " + masterKey2 + "@@" + masterKey2.length());
+ assertEquals(masterKey1, masterKey2);
+
+ }
+}
diff --git a/src/test/java/org/apache/xml/security/test/stax/c14n/ExclusiveC14NInteropTest.java b/src/test/java/org/apache/xml/security/test/stax/c14n/ExclusiveC14NInteropTest.java
index aea9a84..740b748 100644
--- a/src/test/java/org/apache/xml/security/test/stax/c14n/ExclusiveC14NInteropTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/c14n/ExclusiveC14NInteropTest.java
@@ -94,11 +94,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
diff --git a/src/test/java/org/apache/xml/security/test/stax/encryption/BaltimoreEncTest.java b/src/test/java/org/apache/xml/security/test/stax/encryption/BaltimoreEncTest.java
index 9fb43ac..2f3da1e 100644
--- a/src/test/java/org/apache/xml/security/test/stax/encryption/BaltimoreEncTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/encryption/BaltimoreEncTest.java
@@ -126,11 +126,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -164,11 +161,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -202,11 +196,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -240,11 +231,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -274,11 +262,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -312,11 +297,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -348,11 +330,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -384,11 +363,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -416,11 +392,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
diff --git a/src/test/java/org/apache/xml/security/test/stax/encryption/DecryptionTest.java b/src/test/java/org/apache/xml/security/test/stax/encryption/DecryptionTest.java
index c728b2e..1822007 100644
--- a/src/test/java/org/apache/xml/security/test/stax/encryption/DecryptionTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/encryption/DecryptionTest.java
@@ -180,11 +180,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -240,12 +237,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(secretKey);
@@ -299,12 +293,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(secretKey);
@@ -371,12 +362,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(kek);
@@ -443,12 +431,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(priv);
@@ -511,12 +496,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(priv);
@@ -583,12 +565,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(kek);
@@ -646,12 +625,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(secretKey);
@@ -709,12 +685,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(secretKey);
@@ -774,12 +747,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(secretKey);
@@ -841,12 +811,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(secretKey);
@@ -904,12 +871,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(secretKey);
@@ -936,10 +900,7 @@
final String DATA1 =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?><ns:root xmlns:ns=\"ns.com\"><ns:elem xmlns:ns2=\"ns2.com\">11</ns:elem></ns:root>";
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(DATA1.getBytes("UTF8"))) {
- document = db.parse(is);
- }
+ Document document = db.parse(new ByteArrayInputStream(DATA1.getBytes("UTF8")));
// Set up the Key
byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes();
@@ -965,10 +926,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1004,10 +963,7 @@
final String DATA1 =
"<?xml version=\"1.0\" encoding=\"UTF-8\"?><ns:root xmlns=\"defns.com\" xmlns:ns=\"ns.com\"><elem xmlns=\"\">11</elem></ns:root>";
DocumentBuilder db = XMLUtils.createDocumentBuilder(false);
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(DATA1.getBytes("UTF8"))) {
- document = db.parse(is);
- }
+ Document document = db.parse(new ByteArrayInputStream(DATA1.getBytes("UTF8")));
// Set up the Key
byte[] bits192 = "abcdefghijklmnopqrstuvwx".getBytes();
@@ -1033,10 +989,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1297,10 +1251,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1379,10 +1331,8 @@
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1441,10 +1391,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1513,10 +1461,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1584,11 +1530,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1656,11 +1599,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1736,11 +1676,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1799,12 +1736,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(priv);
@@ -1850,11 +1784,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1912,11 +1843,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1971,11 +1899,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
diff --git a/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java b/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java
index f3ff1d0..d03a411 100644
--- a/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/encryption/EncryptionCreationTest.java
@@ -110,10 +110,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 1);
@@ -169,10 +167,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Check the CreditCard encrypted ok
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
@@ -260,10 +256,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -319,10 +313,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 1);
@@ -380,10 +372,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 1);
@@ -438,10 +428,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -507,10 +495,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -576,10 +562,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -646,10 +630,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -718,10 +700,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Check the CreditCard encrypted ok
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "CreditCard");
@@ -781,10 +761,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -852,10 +830,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -931,10 +907,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -1002,10 +976,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -1073,10 +1045,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -1138,10 +1108,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -1199,10 +1167,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -1262,10 +1228,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -1327,10 +1291,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -1455,10 +1417,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -1509,19 +1469,16 @@
final String DATA1 =
"<ns:root xmlns:ns=\"ns.com\"><ns:elem xmlns:ns2=\"ns2.com\">11</ns:elem></ns:root>";
- try (InputStream sourceDocument = new ByteArrayInputStream(DATA1.getBytes("UTF8"))) {
- XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+ InputStream sourceDocument = new ByteArrayInputStream(DATA1.getBytes("UTF8"));
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
- XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
- xmlStreamWriter.close();
- }
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("ns.com", "elem");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -1572,19 +1529,16 @@
final String DATA2 =
"<ns:root xmlns=\"defns.com\" xmlns:ns=\"ns.com\"><elem xmlns=\"\">11</elem></ns:root>";
- try (InputStream sourceDocument = new ByteArrayInputStream(DATA2.getBytes("UTF8"))) {
- XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
-
- XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
- xmlStreamWriter.close();
- }
+ InputStream sourceDocument = new ByteArrayInputStream(DATA2.getBytes("UTF8"));
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(sourceDocument);
+
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("", "elem");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -1641,10 +1595,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
diff --git a/src/test/java/org/apache/xml/security/test/stax/encryption/KeyWrapEncryptionCreationTest.java b/src/test/java/org/apache/xml/security/test/stax/encryption/KeyWrapEncryptionCreationTest.java
index 1b9d472..2ba5ece 100644
--- a/src/test/java/org/apache/xml/security/test/stax/encryption/KeyWrapEncryptionCreationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/encryption/KeyWrapEncryptionCreationTest.java
@@ -141,10 +141,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -209,10 +207,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -277,10 +273,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -343,10 +337,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -408,10 +400,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -473,10 +463,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -538,10 +526,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -609,11 +595,9 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
-
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -680,10 +664,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -751,10 +733,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -822,10 +802,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
diff --git a/src/test/java/org/apache/xml/security/test/stax/encryption/KeyWrapEncryptionVerificationTest.java b/src/test/java/org/apache/xml/security/test/stax/encryption/KeyWrapEncryptionVerificationTest.java
index 9540d51..c8b2ae7 100644
--- a/src/test/java/org/apache/xml/security/test/stax/encryption/KeyWrapEncryptionVerificationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/encryption/KeyWrapEncryptionVerificationTest.java
@@ -314,11 +314,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -371,11 +368,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -428,11 +422,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -485,11 +476,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -548,11 +536,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -611,11 +596,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -674,11 +656,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -737,11 +716,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
diff --git a/src/test/java/org/apache/xml/security/test/stax/encryption/SymmetricEncryptionCreationTest.java b/src/test/java/org/apache/xml/security/test/stax/encryption/SymmetricEncryptionCreationTest.java
index 6bf7cf0..6c1bb62 100644
--- a/src/test/java/org/apache/xml/security/test/stax/encryption/SymmetricEncryptionCreationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/encryption/SymmetricEncryptionCreationTest.java
@@ -126,10 +126,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -187,10 +185,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -248,10 +244,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -309,10 +303,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -370,10 +362,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -431,10 +421,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -491,10 +479,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -555,10 +541,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -618,10 +602,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -681,10 +663,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -744,10 +724,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
diff --git a/src/test/java/org/apache/xml/security/test/stax/encryption/SymmetricEncryptionVerificationTest.java b/src/test/java/org/apache/xml/security/test/stax/encryption/SymmetricEncryptionVerificationTest.java
index 64b2b62..b792254 100644
--- a/src/test/java/org/apache/xml/security/test/stax/encryption/SymmetricEncryptionVerificationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/encryption/SymmetricEncryptionVerificationTest.java
@@ -134,11 +134,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -187,11 +184,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -240,11 +234,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -293,11 +284,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -346,11 +334,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -399,12 +384,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(key);
@@ -451,12 +433,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(key);
@@ -507,12 +486,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(key);
@@ -563,12 +539,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(key);
@@ -619,12 +592,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(key);
@@ -675,12 +645,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Decrypt
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setDecryptionKey(key);
diff --git a/src/test/java/org/apache/xml/security/test/stax/encryption/XMLEncryption11Test.java b/src/test/java/org/apache/xml/security/test/stax/encryption/XMLEncryption11Test.java
index 393f628..701685b 100644
--- a/src/test/java/org/apache/xml/security/test/stax/encryption/XMLEncryption11Test.java
+++ b/src/test/java/org/apache/xml/security/test/stax/encryption/XMLEncryption11Test.java
@@ -30,7 +30,6 @@
import java.security.Security;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
-import java.util.Base64;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@@ -65,6 +64,7 @@
import org.apache.xml.security.test.stax.utils.StAX2DOM;
import org.apache.xml.security.test.stax.utils.XMLSecEventAllocator;
import org.apache.xml.security.test.stax.utils.XmlReaderToWriter;
+import org.apache.xml.security.utils.Base64;
import org.apache.xml.security.utils.XMLUtils;
import org.junit.Assert;
import org.junit.Before;
@@ -345,7 +345,7 @@
"http://www.w3.org/2001/04/xmlenc#sha512",
"http://www.w3.org/2009/xmlenc11#mgf1sha1",
sessionKey, "http://www.w3.org/2009/xmlenc11#aes256-gcm",
- Base64.getMimeDecoder().decode("ZHVtbXkxMjM=".getBytes("UTF-8")));
+ Base64.decode("ZHVtbXkxMjM=".getBytes("UTF-8")));
// XMLUtils.outputDOM(ed.getFirstChild(), System.out);
// Perform decryption
@@ -384,7 +384,7 @@
"http://www.w3.org/2001/04/xmlenc#sha512",
"http://www.w3.org/2009/xmlenc11#mgf1sha512",
sessionKey, "http://www.w3.org/2009/xmlenc11#aes256-gcm",
- Base64.getMimeDecoder().decode("ZHVtbXkxMjM=".getBytes("UTF-8")));
+ Base64.decode("ZHVtbXkxMjM=".getBytes("UTF-8")));
// XMLUtils.outputDOM(ed.getFirstChild(), System.out);
// Perform decryption
@@ -424,7 +424,7 @@
"http://www.w3.org/2001/04/xmlenc#sha512",
"http://www.w3.org/2009/xmlenc11#mgf1sha512",
sessionKey, "http://www.w3.org/2009/xmlenc11#aes256-gcm",
- Base64.getMimeDecoder().decode("ZHVtbXkxMjM=".getBytes("UTF-8")));
+ Base64.decode("ZHVtbXkxMjM=".getBytes("UTF-8")));
// XMLUtils.outputDOM(ed.getFirstChild(), System.out);
NodeList nl = ed.getElementsByTagNameNS("http://www.w3.org/2001/04/xmlenc#", "CipherValue");
@@ -556,10 +556,8 @@
XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
xmlStreamWriter.close();
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("urn:example:po", "PaymentInfo");
Assert.assertEquals(nodeList.getLength(), 0);
@@ -582,8 +580,7 @@
if (oaepParams != null) {
NodeList oaepParamsElements = document.getElementsByTagNameNS(XMLSecurityConstants.NS_XMLENC, "OAEPparams");
Assert.assertEquals(1, oaepParamsElements.getLength());
- String content = XMLUtils.getFullTextChildrenFromElement((Element) oaepParamsElements.item(0));
- Assert.assertArrayEquals(oaepParams, Base64.getMimeDecoder().decode(content));
+ Assert.assertArrayEquals(oaepParams, Base64.decode((Element) oaepParamsElements.item(0)));
}
return document;
}
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java
index cbb6034..db0581a 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/BaltimoreTest.java
@@ -137,11 +137,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -177,11 +174,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -214,11 +208,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -249,11 +240,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -284,11 +272,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -319,11 +304,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -369,11 +351,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -425,11 +404,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -469,11 +445,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -509,11 +482,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -549,11 +519,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -588,11 +555,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -624,11 +588,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -659,11 +620,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -710,11 +668,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -766,11 +721,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -827,11 +779,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -888,11 +837,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -935,11 +881,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -981,11 +924,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1035,11 +975,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1096,11 +1033,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1151,11 +1085,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1191,11 +1122,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1240,11 +1168,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1301,11 +1226,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1348,11 +1270,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1394,12 +1313,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -1448,11 +1364,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1509,11 +1422,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1564,11 +1474,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java
index 5784ae8..d309795 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/IAIKTest.java
@@ -120,11 +120,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -192,11 +189,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -227,11 +221,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -333,11 +324,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureCreationTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureCreationTest.java
index a606071..db57491 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureCreationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureCreationTest.java
@@ -118,10 +118,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, rsaKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -161,10 +159,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, rsaKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -204,10 +200,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, rsaKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -247,10 +241,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, rsaKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -293,10 +285,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, rsaKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -339,10 +329,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, rsaKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -385,10 +373,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, rsaKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -431,10 +417,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, rsaKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -477,10 +461,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, rsaKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -523,10 +505,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, rsaKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -566,10 +546,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, ecKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -609,10 +587,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, ecKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -652,10 +628,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, ecKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -695,10 +669,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, ecKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -738,10 +710,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, ecKeyPair.getPublic(), properties.getSignatureSecureParts());
@@ -784,10 +754,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, ecKeyPair.getPublic(), properties.getSignatureSecureParts());
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureVerificationTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureVerificationTest.java
index 8b2c75b..e7878db 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureVerificationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/PKSignatureVerificationTest.java
@@ -121,11 +121,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -162,11 +159,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -203,11 +197,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -244,12 +235,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(rsaKeyPair.getPublic());
@@ -288,12 +276,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(rsaKeyPair.getPublic());
@@ -332,12 +317,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(rsaKeyPair.getPublic());
@@ -376,12 +358,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(rsaKeyPair.getPublic());
@@ -420,12 +399,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(rsaKeyPair.getPublic());
@@ -464,12 +440,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(rsaKeyPair.getPublic());
@@ -508,12 +481,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(rsaKeyPair.getPublic());
@@ -549,12 +519,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(ecKeyPair.getPublic());
@@ -590,12 +557,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(ecKeyPair.getPublic());
@@ -631,12 +595,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(ecKeyPair.getPublic());
@@ -672,12 +633,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(ecKeyPair.getPublic());
@@ -713,12 +671,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(ecKeyPair.getPublic());
@@ -757,12 +712,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(ecKeyPair.getPublic());
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/PhaosTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/PhaosTest.java
index eb4244a..4ebfebb 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/PhaosTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/PhaosTest.java
@@ -99,11 +99,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -135,12 +132,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -166,12 +160,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -214,12 +205,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(key);
@@ -255,12 +243,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(key);
@@ -291,12 +276,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(key);
@@ -341,12 +323,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -377,12 +356,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -413,12 +389,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -444,12 +417,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/RSASecurityTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/RSASecurityTest.java
index 82ae2e3..ef37b14 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/RSASecurityTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/RSASecurityTest.java
@@ -76,12 +76,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -112,12 +109,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java
index da1f16a..78711c7 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationReferenceURIResolverTest.java
@@ -98,10 +98,8 @@
XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
xmlStreamWriter.close();
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
@@ -149,10 +147,8 @@
XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
xmlStreamWriter.close();
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
@@ -206,10 +202,8 @@
XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
xmlStreamWriter.close();
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts(), resolverDirectHTTP);
@@ -253,10 +247,8 @@
XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
xmlStreamWriter.close();
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "Reference");
Assert.assertEquals(1, nodeList.getLength());
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
index 16f1bcc..1c1d1a8 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureCreationTest.java
@@ -93,10 +93,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
//first child element must be the dsig:Signature @see SANTUARIO-324:
Node childNode = document.getDocumentElement().getFirstChild();
@@ -199,10 +197,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
//first child element must be the dsig:Signature @see SANTUARIO-324:
Node childNode = document.getDocumentElement().getFirstChild();
@@ -263,10 +259,8 @@
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
//first child element must be the dsig:Signature @see SANTUARIO-324:
Node childNode = document.getDocumentElement().getFirstChild();
@@ -338,10 +332,8 @@
//System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document
+ = XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
//find first child element:
Node childNode = XMLUtils.getNextElement(document.getDocumentElement().getFirstChild());
@@ -411,10 +403,8 @@
//System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document
+ = XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts(),null,true,"ID");
@@ -460,10 +450,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
@@ -516,10 +504,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
XPathFactory xpf = XPathFactory.newInstance();
@@ -580,10 +566,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, key, properties.getSignatureSecureParts());
@@ -628,10 +612,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
@@ -688,10 +670,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
@@ -749,10 +729,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
@@ -796,10 +774,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
@@ -844,10 +820,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_CanonicalizationMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_CanonicalizationMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -912,10 +886,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_CanonicalizationMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_CanonicalizationMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -979,11 +951,9 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
-
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
+
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
}
@@ -1027,10 +997,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces.getNamespaceURI(), XMLSecurityConstants.TAG_c14nExcl_InclusiveNamespaces.getLocalPart());
Assert.assertEquals(2, nodeList.getLength());
@@ -1078,10 +1046,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
@@ -1133,10 +1099,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
@@ -1179,10 +1143,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
@@ -1225,10 +1187,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
@@ -1273,10 +1233,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
@@ -1321,10 +1279,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts(), null, false, "Id");
@@ -1369,10 +1325,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_KeyName.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_KeyName.getLocalPart());
assertEquals(1, nodeList.getLength());
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureDigestCreationTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureDigestCreationTest.java
index 491bc3b..fce0a15 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureDigestCreationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureDigestCreationTest.java
@@ -121,10 +121,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_DigestMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_DigestMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -176,10 +174,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_DigestMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_DigestMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -231,10 +227,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_DigestMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_DigestMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -286,10 +280,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_DigestMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_DigestMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -341,10 +333,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_DigestMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_DigestMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -399,10 +389,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_DigestMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_DigestMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -457,10 +445,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_DigestMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_DigestMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -515,10 +501,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_DigestMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_DigestMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -573,10 +557,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_DigestMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_DigestMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -631,10 +613,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_DigestMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_DigestMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
@@ -689,10 +669,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
NodeList nodeList = document.getElementsByTagNameNS(XMLSecurityConstants.TAG_dsig_DigestMethod.getNamespaceURI(), XMLSecurityConstants.TAG_dsig_DigestMethod.getLocalPart());
Assert.assertEquals(1, nodeList.getLength());
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureDigestVerificationTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureDigestVerificationTest.java
index 623b2c4..d164727 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureDigestVerificationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureDigestVerificationTest.java
@@ -128,12 +128,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -180,12 +177,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -232,12 +226,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -284,12 +275,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -336,12 +324,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -391,12 +376,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -446,12 +428,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -501,12 +480,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -556,12 +532,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -611,12 +584,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -666,12 +636,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureEncryptionTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureEncryptionTest.java
index 1c56fc8..c324d89 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureEncryptionTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureEncryptionTest.java
@@ -98,10 +98,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt using DOM API
Document doc =
@@ -167,10 +165,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt using DOM API
Document doc =
@@ -244,10 +240,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt using DOM API
Document doc =
@@ -321,10 +315,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Decrypt using DOM API
Document doc =
@@ -398,10 +390,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, cert, properties.getSignatureSecureParts());
@@ -482,9 +472,7 @@
private TestSecurityEventListener verifyUsingStAX(
byte[] doc, Key decryptionKey, PublicKey signatureVerificationKey) throws Exception {
- try (InputStream is = new ByteArrayInputStream(doc)) {
- return verifyUsingStAX(is, decryptionKey, signatureVerificationKey);
- }
+ return verifyUsingStAX(new ByteArrayInputStream(doc), decryptionKey, signatureVerificationKey);
}
private TestSecurityEventListener verifyUsingStAX(
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACCreationTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACCreationTest.java
index 844f320..a352f12 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACCreationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACCreationTest.java
@@ -112,10 +112,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, key, properties.getSignatureSecureParts());
@@ -157,10 +155,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, key, properties.getSignatureSecureParts());
@@ -202,10 +198,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, key, properties.getSignatureSecureParts());
@@ -247,10 +241,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, key, properties.getSignatureSecureParts());
@@ -292,10 +284,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, key, properties.getSignatureSecureParts());
@@ -340,10 +330,8 @@
xmlStreamWriter.close();
// System.out.println("Got:\n" + new String(baos.toByteArray(), "UTF-8"));
- Document document = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- document = XMLUtils.createDocumentBuilder(false).parse(is);
- }
+ Document document =
+ XMLUtils.createDocumentBuilder(false).parse(new ByteArrayInputStream(baos.toByteArray()));
// Verify using DOM
verifyUsingDOM(document, key, properties.getSignatureSecureParts());
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACVerificationTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACVerificationTest.java
index 3497095..f9b7c6a 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACVerificationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureHMACVerificationTest.java
@@ -119,11 +119,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -165,11 +162,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -211,11 +205,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -257,12 +248,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(key);
@@ -303,11 +291,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -352,11 +337,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverTest.java
index 9971202..992ce92 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationReferenceURIResolverTest.java
@@ -110,12 +110,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
@@ -180,12 +177,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
@@ -260,12 +254,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
@@ -338,12 +329,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
@@ -412,12 +400,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
@@ -479,10 +464,8 @@
//System.out.println(baos.toString());
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java
index f9bce89..dac4b0b 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/SignatureVerificationTest.java
@@ -118,11 +118,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -198,11 +195,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -292,12 +286,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -359,11 +350,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -407,11 +395,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -487,11 +472,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -558,11 +540,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -641,11 +620,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -724,11 +700,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -807,11 +780,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -894,11 +864,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -977,11 +944,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1068,12 +1032,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
@@ -1148,11 +1109,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1229,11 +1187,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1302,11 +1257,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1362,11 +1314,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1422,11 +1371,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1485,11 +1431,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1545,12 +1488,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
InboundXMLSec inboundXMLSec = XMLSec.getInboundWSSec(properties);
@@ -1620,11 +1560,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1672,11 +1609,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1737,11 +1671,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1808,11 +1739,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -1886,11 +1814,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
diff --git a/src/test/java/org/apache/xml/security/test/stax/signature/UnknownAlgoSignatureTest.java b/src/test/java/org/apache/xml/security/test/stax/signature/UnknownAlgoSignatureTest.java
index c8698a4..dd2a640 100644
--- a/src/test/java/org/apache/xml/security/test/stax/signature/UnknownAlgoSignatureTest.java
+++ b/src/test/java/org/apache/xml/security/test/stax/signature/UnknownAlgoSignatureTest.java
@@ -128,11 +128,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
@@ -174,12 +171,9 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
-
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
+
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
properties.setSignatureVerificationKey(cert.getPublicKey());
@@ -221,11 +215,8 @@
javax.xml.transform.Transformer transformer = transformerFactory.newTransformer();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
transformer.transform(new DOMSource(document), new StreamResult(baos));
-
- XMLStreamReader xmlStreamReader = null;
- try (InputStream is = new ByteArrayInputStream(baos.toByteArray())) {
- xmlStreamReader = xmlInputFactory.createXMLStreamReader(is);
- }
+ final XMLStreamReader xmlStreamReader =
+ xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray()));
// Verify signature
XMLSecurityProperties properties = new XMLSecurityProperties();
diff --git a/src/test/java/org/apache/xml/security/test/stax/utils/HttpRequestRedirectorProxy.java b/src/test/java/org/apache/xml/security/test/stax/utils/HttpRequestRedirectorProxy.java
index 9ef391c..3b183b8 100644
--- a/src/test/java/org/apache/xml/security/test/stax/utils/HttpRequestRedirectorProxy.java
+++ b/src/test/java/org/apache/xml/security/test/stax/utils/HttpRequestRedirectorProxy.java
@@ -20,6 +20,7 @@
import org.apache.xml.security.stax.ext.XMLSecurityUtils;
import org.eclipse.jetty.http.MimeTypes;
+import org.eclipse.jetty.io.Buffer;
import org.eclipse.jetty.server.Server;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
@@ -105,9 +106,9 @@
InputStream inputStream = this.getClass().getClassLoader().getResourceAsStream(s + "/" + file);
if (inputStream != null) {
- String mime = mimeTypes.getMimeByExtension(req.getPathInfo());
+ Buffer mime = mimeTypes.getMimeByExtension(req.getPathInfo());
if (mime != null) {
- resp.setContentType(mime);
+ resp.setContentType(mime.toString());
}
XMLSecurityUtils.copy(inputStream, resp.getOutputStream());
inputStream.close();
