Signature from User-specified URIDereferencers NodeSetData objects is wrong

Shubham Rajput shubhamnba2009 at
Thu May 17 05:54:14 UTC 2018

Hi all,
I am using the following URIreference to form the
signature: #xpointer(//*[@authenticate='true'])

The XML that I am targetting is having 3 element with attribute
'authenticate' set to 'true'. For those 3 element the signature is required
to be formed.

To achieve the above functionality I am using my own URIDereference class
and forming a nodelist comprising all the node elements containing the
elements with attribute 'authenticate' set to'true'.
I am returning back a iterator method after forming the arraylist from

But it seems the signature is forming only for the nodes name and not the
whole node.

 Here's my URIDreferencer method:


public MyURIDereferencer(Document doc1) {
this.doc = doc1;

public Data dereference(URIReference uriReference, XMLCryptoContext context)
throws URIReferenceException {
XPathFactory factory = XPathFactory.newInstance();
XPath xpath = factory.newXPath();
NodeList nodes = null;
try {
String x = uriReference.getURI();
x = x.replace("#xpointer(", "");
x = x.replace("%5B", "[");
x = x.replace("%5D", "]");
x = x.substring(0, x.length() - 1);
nodes = (NodeList) xpath.evaluate(x, this.doc,
String nwe = nodeToString(nodes.item(0));
final List<Node> l = new ArrayList<Node>();

                 for (int i = 0; i < nodes.getLength(); i++)

                    return new NodeSetData() {

             public Iterator<Node> iterator() {

                 return l.listIterator();
} catch (XPathExpressionException e) {
.println("XPathExpression Exception when defrencing a URI."
+ e.getMessage());
return null;


Any lead why the signature is forming for the node element name only and
not for the whole node?

Thanks in advance


Shubham Rajput
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the security-dev mailing list