Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Please help me understand XPath

Status
Not open for further replies.

tufffta

Programmer
Jan 15, 2015
2
LT
Hi. I am trying to understand the way XPath words. I have a valid digital signature in dsig format and trying to analyze it. There is this expression:

<Reference URI="metadata/signableMetadata0.xml" xmlns="- <Transforms xmlns="- <Transform Algorithm=" <XPath>ancestor-or-self::*[@ID='signature_0']</XPath>
</Transform>
<Transform Algorithm=" />
</Transforms>
<DigestMethod Algorithm=" />
<DigestValue>XIrOvoOM33rWvV5Fdckax/bNLOpR9RNIonkVQ22fczM=</DigestValue>
</Reference>

So from what I understand, the XPath expression ancestor-or-self::*[@ID='signature_0'] links to a specific position ('signature_0') in file metadata/signableMetadata0.xml (it's attached). In other words, it should return a block of code that falls under that ID from the file. But there is a problem:
I have tried several online XPath testing tools, and the XPath expression doesn't seem to return anything. That is so weird. I don't understand it, as the that expression was written by a digital signature software - it can't be wrong, because I took it from an xml file from a valid digital signature. Any ideas as to why it doesn't return anything on these tools? , ,
 
First, welcome to Tek-Tips!

XPath references are always evaluated from a context node in much the same way that relative references are evaluated in a file system's directory structure.

ancestor-or-self is an axis, one of several axes available, that directs the search from the context node to the parents, grandparents, etc nodes. So ancestor-or-self::*[@ID='signature_0'] will only return a nonempty nodeset if evaluated from a context node subordinate to the node containing that ID, (or that node itself - the -or-self).

So, if, for example, your context node is the top-level document node, that XPath expression will return an empty nodeset.

In order to make progress on this, we must know how you are using XPath, so we can better understand how you can specify an appropriate axis. You said, "...and I am trying to analyze it." With what tool?

Tom Morrison
Hill Country Software
 
Thanks for your reply, k5tm!

Actually, I'm a total n00b in web programming. There is a Digest value in the excerpt I posted. I reckon it's a digest value of the string that XPath returns (a portion of xml text that it takes from the attached xml file). In essense, I need to be able to just open the xml file, take a required portion of text and calculate a digest value. The problem is, I have no idea what the XPath returns.
From some examples I have seen, it seems like in this particular case, XPath must return this:

<sig:signature ID="signature_0">
<sig:signatureID>META-INF/signatures/signatures0.xml#SignatureElem_0</sig:signatureID>
<sig:signingTime>2014-08-21T09:09:55+03:00</sig:signingTime>
<sig:signingPurpose>signature</sig:signingPurpose>
<sig:signer>
<sig:individualName>JOHN SMITH</sig:individualName>
<sig:positionName/><sig:structuralSubdivision/>
</sig:signer>
</sig:signature>

Or does it return the block that goes AFTER "<sig:signature ID="signature_0">"?

I tried both, but their SHA256 calculated with online tools differs from that in the excerpt I posted (which is from a real signature)...
 
Without seeing your code which uses XPath, it is difficult to give further advice.

However, in its normal use, XPath describes zero, one or more nodes in an XML document tree. So I would not expect the XPath expression to 'return' a node and all its subordinate nodes, unless care is taken to use an XPath expression which matches a node and all its subordinate nodes.

Again, it all depends on context - that is, what is the context node? If for example, the context node is the top level document node, then an XPath expresion that returns the node set you want is something like:
Code:
descendent::*[ancestor-or-self::*[@ID='signature_0']]
This says, in English, return the set of element nodes (in document order) that are subordinate to me, AND each of which either contains the attribute ID='signature_0' or has an ancestor that has that attribute/value pair.

Tom Morrison
Hill Country Software
 
By the way, I am not any kind of expert on signed XML documents, so I am not offering advice on that. (I have a colleague who is going up that learning curve right now.)

Tom Morrison
Hill Country Software
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top