1.2.2
by Torsten Werner
Import upstream version 1.4.5 |
1 |
Changelog for "Apache xml-security" <http://santuario.apache.org/> |
2 |
New in v1.4.5 |
|
3 |
Fixed SANTUARIO-250: VerifyMerlinsExamplesFifteen/TwentyThree.java samples should ignore signature-enveloping-hmac-sha1-40.xml |
|
4 |
Fixed SANTUARIO-191: xml:id attributes are not correctly handled when using c14n11. |
|
5 |
Fixed SANTUARIO-266: c14n11 produces different signatures using version 1.4.3 and 1.4.4. |
|
6 |
Fixed SANTUARIO-253: org.apache.xml.security.utils.resolver.ResourceResolver is not thread safe. |
|
7 |
Fixed SANTUARIO-263: Canonicalizer can't handle dynamical created DOM correctly. Thanks to Martin Koegler. |
|
8 |
Fixed SANTUARIO-262: Invalid use of String.getBytes(). Thanks to Martin Koegler. |
|
9 |
||
10 |
New in v1.4.4 |
|
11 |
Fixed Bug 50248: Concurrency problem on incomplete Init.init() calls. Thanks to Oliver Moehrke. |
|
12 |
Fixed Bug 50215: test_jsr105 target appears to fail certain tests because of changes to W3C xml-stylesheet spec |
|
13 |
||
14 |
New in v1.4.4-SNAPSHOT |
|
15 |
Fixed Bug 50122: JSR 105 TransformService classloading issue |
|
16 |
Fixed Bug 40897: String comparisons using '==' causes validation errors with some parsers. |
|
17 |
Fixed Bug 50050: UnsyncByteArrayOutputStream throws ArrayIndexOutOfBoundsException if array length > internal buffer expansion size. |
|
18 |
Fixed Bug 50036: IdResolver Java API extension. Thanks to Stefan Vladov. |
|
19 |
Fixed Bug 49493: Cannot resolve PrivateKeys used in Key Transport algorithms. Thanks to Clement Pellerin. |
|
20 |
Fixed Bug 49577: DOMSubTreeData allows for only one iteration over referenced data. |
|
21 |
Fixed Bug 49692: Xmlsec 1.4.3 not compatible with xmlbeans 2.4.0. |
|
22 |
Fixed Bug 49629: Some changes to the build system. |
|
23 |
Fixed Bug 49483: KeyResolver.registerAtStart() leads to ClassCastException. Thanks to Clement Pellerin. |
|
24 |
Fixed Bug 49458: StorageResolver always exhausted after first use. Thanks to Clement Pellerin. |
|
25 |
Fixed Bug 49456: StorageResolver.next() gives ClassCastException. Thanks to Clement Pellerin. |
|
26 |
Fixed Bug 49450: KeyStoreResolver always exhausted after first use. Thanks to Clement Pellerin. |
|
27 |
Fixed Bug 49447: KeyStoreResolver iterator returns null for symmetric keys. Thanks to Clement Pellerin. |
|
28 |
Fixed Bug 48368: Digest Value of References inside Manifest - calculation order problem |
|
29 |
Fixed Bug 47779: ConcurrentModificationException in XMLUtils. |
|
30 |
Fixed Bug 47761: xmlns:xml namespace improperly emitted during excl c14n. Thanks to Scott Cantor. |
|
31 |
Fixed Bug 36526: Out of memory error when signing or verifying big files. Thanks to Agnes Juhasz. |
|
32 |
Fixed Bug 47784: ClassNotFoundException when init the xml security in OSGi plateform |
|
33 |
Fixed Bug 47762: contextChild parameter of Transform.getInstance may be null |
|
34 |
New in v1.4.3 |
|
35 |
Fixed Bug 47526: XML signature HMAC truncation authentication bypass |
|
36 |
Fixed Bug 47525: Fix checkstyle problems with source and tests. |
|
37 |
Fixed Bug 42239: ECDSA signature value interopability patch. |
|
38 |
Fixed Bug 45744: XPath transform and xml-stylesheet. |
|
39 |
Fixed Bug 42986: The </#document> node inserted at the end of SOAPEnvelope. |
|
40 |
Fixed Bug 47029: Unnecessary namespace declarations on EncryptedData children. |
|
41 |
Fixed Bug 44335: Can't validate after invalid validation. |
|
42 |
Fixed Bug 47260: Improve Java unit testing. |
|
43 |
Fixed Bug 47265: Some website updates. |
|
44 |
Fixed Bug 45388: We need a POM file added to the Maven repository. |
|
45 |
Fixed Bug 47483: Remove JDK 1.5 API dependencies |
|
46 |
Fixed bug 47057: Downgrade signature verification logging from "info". Thanks to Colm O hEigeartaigh. |
|
47 |
Fixed bug 42061: Method to disable XMLUtils.addReturnToElement (reopened): changed Base64 code to ignore line breaks, if enabled. Thanks to Colm O hEigeartaigh. |
|
48 |
Fixed bug 47097: Reusing XMLSignature for signing and verifying fails on same thread. Thanks to Bruno Harbulot. |
|
49 |
Fixed bug 46732: Failed to add more than one child element to EncryptionMethod. |
|
50 |
Fixed bug 46101: org.apache.xml.security.utils.IdResolver is not thread safe |
|
51 |
Fixed bug 45961: verify with own canonicalization method. Thanks to Anton Kosyakov. |
|
52 |
Fixed bug 45475: XMLSignature::getKeyInfo method modifies document |
|
53 |
Fixed bug 45811: Fix XMLSec 1.4.2 problems reported by findbugs |
|
54 |
Fixed bug 45706: Transform.register class loading and recursive instantiation problems |
|
55 |
Fixed bug 45664: Some calls should be wrapped in AccessController.doPrivileged |
|
56 |
Fixed bug 45634: Restore XMLUtils.createDSctx method. |
|
57 |
Fixed bug 45095: log4j.properties in xmlsec sources and builds has side |
|
58 |
effects in production environment. Thanks to Joachim Rousseau. |
|
59 |
||
60 |
New in v1.4.2rc1 |
|
61 |
Fixed bug 44999: DOMException is thrown at XMLSignature creation. Thanks to Giedrius Noreikis. |
|
62 |
Fixed bug 44863: Improved logging in signature handling. Thanks to Wally Dennis. |
|
63 |
Fixed bug 44956: Concurrent creation of a XMLSignature instance produces an ArrayIndexOutOfBoundsException. Thanks to Giedrius Noreikis |
|
64 |
Fixed bug 44991: Concurrent invocation of KeyInfo.getX509Certificate() occasionally fails. Thanks to Giedrius Noreikis |
|
65 |
||
66 |
New in v1.4.2beta2 |
|
67 |
Fixed bug 44810: Add support for more XMLDSig algorithms listed in RFC 4051 |
|
68 |
Fixed bug 44617: Regression when processing XPath transform (additional fix) |
|
69 |
New in v1.4.2beta1 |
|
70 |
Fixed bug 44629: Switch order of XML Signature validation steps |
|
71 |
Fixed bug 44617: Regression when processing XPath transform |
|
72 |
Fixed bug 44586: XMLX509IssuerSerial.getIssuerName incorrectly escapes '#' in hex values |
|
73 |
Fixed rfe 42653: Add support for C14N 1.1 to Java implementation. Thanks |
|
74 |
to Sean Mullan. |
|
75 |
Fixed bug 44205: XMLX509Certificate.getX509Certificate() results in certificate parsing error. Thanks to Vishal Mahajan. |
|
76 |
Fixed Bug 44177: when using xslt transformation there is problem with xalan newline. Thanks to Matej Spiller. |
|
77 |
Small refactor for ElementProxy to get rid of the state, it was an old |
|
78 |
vestige that where taking space and obfuscating the code. |
|
79 |
Fixed bug 40897: String comparisons using '==' causes validation errors |
|
80 |
with some parsers. Thanks Vishal Mahajan |
|
81 |
Fixed bug 43056: Library does not allow specify provider for private key |
|
82 |
operations. Thanks to Alon Bar-Lev. |
|
83 |
Fixed bug 44102: XMLCipher loadEncryptedKey error. Thanks to Butler. |
|
84 |
Fixed bug 43239: "No installed provider supports this key" when checking a |
|
85 |
RSA signature against a DSA key before RSA key. Thanks to Matthias |
|
86 |
Germann. |
|
87 |
Fixed bug 42597: Unnecessary namespace declarations on Signature children |
|
88 |
Thanks to Brent Putnam. |
|
89 |
Fixed bug 42061: Method to disable XMLUtils.addReturnToElement. Thanks to |
|
90 |
Michael McIntosh. |
|
91 |
Fixed bug 42865: Problem with empty BaseURI in ResolverLocalFilesystem. |
|
92 |
Thanks to Frank Cornelis. |
|
93 |
Fixed bug 43230: Inclusive C14n doesn't always handle xml:space & xml:lang |
|
94 |
attributes correctly |
|
95 |
Fixed bug 38668: Add XMLCipher.encryptData method that takes serialized |
|
96 |
data as parameter. Thanks to Vladimir Ionescu. |
|
97 |
Fixed bug 42886: Error when removing encrypted content in 1.4.1. Thanks to |
|
98 |
Julien Taupin and Daniele Gagliardi. |
|
99 |
Fixed bug 42820: ClassLoader issue causing NoSuchAlgorithmException loading |
|
100 |
Provider Implementation. Thanks to James Washington. |
|
101 |
New in 1.4.1 |
|
102 |
Fixed bug 42239: ECDSA signature value interoperability patch. Thanks to Wolfgang Glas for fix. |
|
103 |
||
104 |
New in v1.4.1beta1 |
|
105 |
Fixed bug 41892: XML Security 1.4.0 does not build with IBM's JDK |
|
106 |
Fixed bug 41927: Cannot canonicalize with XSLT transform. Thanks to |
|
107 |
Lijun Liao for fix. |
|
108 |
Fixed bug 41805: Resolution of SAML 1.x ID attributes, incorrect namespace. Thanks to |
|
109 |
Brent Putman for fix. |
|
110 |
Fixed bug 41474: two text nodes with the value '\n' in succession within |
|
111 |
<ds:SignedInfo> and <ds:X509IssuerSerial>. Thanks to Lijun Liao for fix. |
|
112 |
Fixed bug 41510: org.apache.xml.security.keys.content.KeyValue.getPublicKey() |
|
113 |
returns null for DSA key. Thanks to Stepan Hrbacek for fix. |
|
114 |
Fixed bug 41569: Cannot specify dynamically a specific JCE Provider with |
|
115 |
the DSA Signature. Thanks to Julien Pasquier for fix. |
|
116 |
Fixed bug 41573: XMLCipher StackOverflowError. Thanks to Marek Jablonski |
|
117 |
for fix. |
|
118 |
Fixed bug 41462: Xml canonization - UTF-8 encoding issue in Xml security 1.4.0 Thanks to Karol Rewera. |
|
119 |
Fixed bug 41520: Cannot generate signatures with the same key but different algorithms in sucession. Thanks to Lijun Liao |
|
120 |
New in 1.4 |
|
121 |
Fixed bug 40896 |
|
122 |
||
123 |
New in 1.4RC4 |
|
124 |
Fixed bug 40880 |
|
125 |
||
126 |
New in 1.4RC3 |
|
127 |
Fixed bug 40796 |
|
128 |
||
129 |
New in 1.4RC2a |
|
130 |
Fixed bug 40783 |
|
131 |
||
132 |
New in 1.4RC2 |
|
133 |
Fixed bug 40512. Made TransformSPI backward compatible. Now it is possible |
|
134 |
to use implementations for the >1.3 versions paying the performance hit |
|
135 |
of the old implementation. |
|
136 |
Fix a small & unneeded java 1.4 dependecy. |
|
137 |
KeyResolver & ResourceResolver can work like <1.3 mode when used with old implementations. |
|
138 |
||
139 |
New in 1.4RC1 |
|
140 |
Fixed bug 40290. |
|
141 |
Fixed bug 40298. |
|
142 |
Fixed bug 40360. Changed a little the way the IdResolver works when |
|
143 |
Document.getElementById fails. |
|
144 |
Fixed bug 40404. |
|
145 |
||
146 |
New in v1.4beta2 |
|
147 |
Optimization in c14n in node-sets. |
|
148 |
Optimization for the xml:* inheritance in inclusive c14n. |
|
149 |
Added ECDSA signature thanks Markus Lindner |
|
150 |
Optimization in RetrievelMethod handling. Don't reparse the bytes into a DOM tree if not needed thanks David Garcia. |
|
151 |
Fixed bug 40215: Base64 is not working in EBCDIC platform. Thanks to |
|
152 |
acastro.dit@aeat.es for fix. |
|
153 |
Big optimizations in XPath2 transformation. |
|
154 |
Fixed bug 40245 in XPATH2 transformation(only in development version) |
|
155 |
Fixed bug no resolver for X509Data with just a X509Certificate. |
|
156 |
Optimization in Base64 to do simple transformation from String to byte[] |
|
157 |
||
158 |
New in v1.4beta1 |
|
159 |
Fixed bug 40032. Fixed BUG 40031 Fixed bug when the prefix digital signature uri is not null. |
|
160 |
Changes in the NodeFilter API in order to let the transformations |
|
161 |
do some optimizations take into account the c14n order. |
|
162 |
Optimization in signature transformation in node-sets(xpath, xpath2), 20-40% speed-up. |
|
163 |
||
164 |
New in v1.4beta0 |
|
165 |
Fixed bug 38668: Add XMLCipher.encryptData method that takes |
|
166 |
serialized data as parameter (mullan) |
|
167 |
Fixed bug 39273: JSR 105 DOMCryptoContext.setIdAttributeNS not working |
|
168 |
when validating signatures (mullan) |
|
169 |
Fixed bug 38405: ElementProxy.length() is not working (Java) (mullan) |
|
170 |
Fixed bug 37708: Different behaviour with NodeSet and RootNode with |
|
171 |
InclusiveNamespaces (mullan) |
|
172 |
Fixed bug 37456: Signing throws an exception if custom resource |
|
173 |
resolver is registered (mullan) |
|
174 |
Fixed bug 38655 |
|
175 |
Fixed bug 38444. |
|
176 |
Fixed bug 38605. |
|
177 |
Fixed bug 39200(API CHANGE) |
|
178 |
Refactored the way keyresolver works instead of calling canResolve/resolveX only resolveX is used |
|
179 |
and if it returns null it means it cannot resolve. |
|
180 |
Minor Optimizations. |
|
181 |
Lazy fields initialization, initialize with null and create the object only when needed |
|
182 |
Registered Class reorder, in several parts the library contains a list of workers |
|
183 |
that are asked if it can solve a problem. Now the one that said yes is move to the front |
|
184 |
wishing that the next time it also hits. |
|
185 |
API Change: Make Transform & TransformSpi reusable between threads. |
|
186 |
remove setTransform(Transform t) method in TransformSpi and pass |
|
187 |
the Transform object in enginePerformTransfor methods. |
|
188 |
Fixed bug 39685: bugs reported by findbugs (mullan) |
|
189 |
Added support for SHA256 & SHA512 DigestMethods to JSR 105. (mullan) |
|
190 |
Fix JSR 105 unmarshaling bug: now recognizes PGPData. (mullan) |
|
191 |
Optimization to not create instances of Signature or MessageDigest objects, but mantain one for thread. |
|
192 |
Also don't change the key if it was already used. (raul) |
|
193 |
||
194 |
New in v1.3 |
|
195 |
Init-Don't fail if a transformation don't have all of its dependecies. |
|
196 |
Remove XPath initialization from Init and do only when xpath is needed. |
|
197 |
Resolv-Removed the use of xpath expressions to search the elements to sign/verify, now use only plain DOM searching. |
|
198 |
Resolvers-Remove wantsOctectStream wantsNodeSet and his returns pair they are not used, right now and some are incorrect. |
|
199 |
Remove the Use of xalan or xerces class URI |
|
200 |
Removed the expandSystemId |
|
201 |
Changed from Vector<String> to List<Class>, so we don't need to use classForName everytime and used it just the first time. |
|
202 |
Removed PRNG,HexDump,Version, X509CertificateValidator |
|
203 |
Added an unsync buffer outputstream. |
|
204 |
Changed Symbol table to a more efficient and simple structure |
|
205 |
Fixed bug 34743 , Submitted by: Lee Coomber <lee.at.lshift.net> |
|
206 |
Minor speedups in b64, Halved the table lookups. |
|
207 |
Reduce Object creation during c14n, from one to level to one per c14n. |
|
208 |
Change all Vector to List(ArrayList), we don't need synchronization safety. |
|
209 |
*Refactor the way we handle c14n of nodesets: |
|
210 |
Before this patch every transformation creates a set with the nodes that should |
|
211 |
be outputed. Every set is obtaining visiting the whole dom tree every time, |
|
212 |
and then do it other time at c14n time. So it does <number of transformations>+1 |
|
213 |
visitings, very slow and memory costly. |
|
214 |
Now every transformation just return a NodeFilter that tells if the node is included or not. |
|
215 |
So only one visiting is done. |
|
216 |
Unified http://www.w3.org/2002/06/xmldsig-filter2 and http://www.w3.org/2002/04/xmldsig-filter2 transformation implementations. |
|
217 |
Removed http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter transformation |
|
218 |
Canonicalization tree travesing is not recursive. it gives better memory handling and performance. |
|
219 |
Fixed bug 33936, Submited by: Raymond Wong <rwong.at.ariba.com> |
|
220 |
Fixed bug 35919, Submited by: Luda <ludab.at.lanl.gov> |
|
221 |
out of the box j2se 1.5 ready(no adding xalan in the classpath or endorsed if no |
|
222 |
xpath transformation is needed) |
|
223 |
||
224 |
||
225 |
New in v1.2.1 |
|
226 |
* Fix the memory leak when using xpath or using ResourceResolver and not hitting |
|
227 |
getElementByIdUsingDOM() [http://issues.apache.org/bugzilla/show_bug.cgi?id=32836] |
|
228 |
* Fix the bug with using XPath2Filter and inclusive c14n |
|
229 |
* Fix the bug arrouse in reusing Canonicalizers |
|
230 |
* Fix base64transformation bug [http://issues.apache.org/bugzilla/show_bug.cgi?id=33393 ] |
|
231 |
* Fix the XMLsignatureInput reset() bug. |
|
232 |
* Clean unused jar (xmlParserAPI.jar,etc) and check and stored new versions. |
|
233 |
* generated the dist jar with version (i.e. xmlsec-1.2.1.jar instead of plain xmlsec.jar) |
|
234 |
* Clean unused build*.xml files. |
|
235 |
||
236 |
||
237 |
############################################################################## |
|
238 |
# New in v1.0.3 24. May 2002 |
|
239 |
############################################################################## |
|
240 |
||
241 |
IMPORTANT: |
|
242 |
||
243 |
- The different classes do not call Init.init() any longer. This must be done |
|
244 |
by YOU in your application. If you miss that, you'll get many |
|
245 |
AlgorithmNotRegistered exceptions... |
|
246 |
||
247 |
-------------------------------- |
|
248 |
||
249 |
Summary: |
|
250 |
||
251 |
- The software is faster. Especially canonicalization is between |
|
252 |
factor 5--80 faster than the old one. |
|
253 |
||
254 |
- Some deprecated methods in the Canonicalizer are deleted. |
|
255 |
||
256 |
- We support Exclusive Canonicalization |
|
257 |
||
258 |
- We support the XPath Filter version 2.0 Draft. |
|
259 |
||
260 |
-------------------------------- |
|
261 |
||
262 |
Optimizations and speed-up |
|
263 |
||
264 |
- canonicalization |
|
265 |
- inclusive c14n is now faster (factor between 5 and 80) |
|
266 |
- transforms |
|
267 |
- enveloped-signature is now faster (no XPath ops any more) |
|
268 |
- base64 is now faster (no XPath ops any more) |
|
269 |
- c14n is now faster (due to faster c14n algo) |
|
270 |
||
271 |
-------------------------------- |
|
272 |
||
273 |
Signature package: |
|
274 |
||
275 |
- The XMLSignatureInput which is used for passing node sets and octet |
|
276 |
streams into transforms and which is also the result of transforms |
|
277 |
uses a java.util.Set now instead of a NodeList for the internal |
|
278 |
representation of xpath node sets. This allows easier queries in the |
|
279 |
form: Is node N part of the node set. |
|
280 |
||
281 |
The implication is that you can also pass a Set which contains the nodes |
|
282 |
to be canonicalized to the Canonicalizers using |
|
283 |
public byte[] canonicalizeXPathNodeSet(Set xpathNodeSet) |
|
284 |
||
285 |
-------------------------------- |
|
286 |
||
287 |
Canonicalizer: |
|
288 |
||
289 |
- A bug (well, my understanding of c14n) is corrected regarding the |
|
290 |
canonicalization of node sets. That bug related to the xml:* |
|
291 |
attributes. See xmldsig mailing list archive @ w3.org for details. |
|
292 |
||
293 |
- removed are the methods |
|
294 |
||
295 |
- public byte[] canonicalize(Node node) |
|
296 |
- public byte[] canonicalizeDocument(Document doc) |
|
297 |
- public byte[] canonicalizeSingleNode(Node rootNode) |
|
298 |
||
299 |
replaced by public byte[] canonicalizeSubtree(Node node) |
|
300 |
||
301 |
- public byte[] canonicalize(NodeList xpathNodeSet) |
|
302 |
||
303 |
replaced by public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet) |
|
304 |
||
305 |
- public void setXPath(Object xpath) |
|
306 |
- public Object getXPath() |
|
307 |
- public String getXPathString() |
|
308 |
- public void setXPathNodeSet(NodeList nodeList) |
|
309 |
||
310 |
These are no longer in use. If you want to c14nize an xpath |
|
311 |
node set, select it using CachedXPathAPI and then apply |
|
312 |
canonicalizeXPathNodeSet to the node set. |
|
313 |
||
314 |
- public void setRemoveNSAttrs(boolean remove) |
|
315 |
- public boolean getRemoveNSAttrs() |
|
316 |
||
317 |
The c14nizers do not add any attributes (namespaces or xml:*) |
|
318 |
to the document, so these method make no sense. |
|
319 |
||
320 |
- The Canonicalizer now supports "Exclusive XML Canonicalization |
|
321 |
Version 1.0" <http://www.w3.org/Signature/Drafts/xml-exc-c14n>, Rev 1.58. |
|
322 |
||
323 |
For that reason, the c14n methods allow an additional String parameter |
|
324 |
for passing the inclusive namespaces. |
|
325 |
||
326 |
public byte[] canonicalizeSubtree(Node node, |
|
327 |
String inclusiveNamespaces) |
|
328 |
public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet, |
|
329 |
String inclusiveNamespaces) |
|
330 |
||
331 |
Such a string looks e.g. like this |
|
332 |
||
333 |
String inclusiveNamespaces = "ds xenc ex #default"; |
|
334 |
||
335 |
For more on exclusive c14n, see the spec. If you pass this parameter to the |
|
336 |
regular (inclusive) c14nizer, you'll get a |
|
337 |
CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation") |
|
338 |
||
339 |
-------------------------------- |
|
340 |
||
341 |
Transforms: |
|
342 |
||
343 |
- The exclusive c14n is also supported by the transform framework. |
|
344 |
The parameter for the inclusive namespaces is the class |
|
345 |
org.apache.xml.security.transforms.params.InclusiveNamespaces |
|
346 |
||
347 |
If you want to make a Transform like this, do that: |
|
348 |
||
349 |
Document doc = ...; |
|
350 |
Transforms transforms = new Transforms(doc); |
|
351 |
InclusiveNamespaces incNS = new InclusiveNamespaces(doc, "ns2"); |
|
352 |
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS, |
|
353 |
incNS.getElement()); |
|
354 |
||
355 |
- The XPathContainer for the XPath transform is now moved from the |
|
356 |
org.apache.xml.security.c14n.helper package to |
|
357 |
org.apache.xml.security.transforms.params.XPathContainer |
|
358 |
||
359 |
- The enveloped-signature transform is faster now. We don't do costly |
|
360 |
XPath operations but 'simple' DOM ops. |
|
361 |
||
362 |
- Base64 is faster (no XPath ops). |
|
363 |
||
364 |
- The TransformXPath2Filter is now supported by the package. It can be used by |
|
365 |
using the identifier Transforms.TRANSFORM_XPATH2FILTER in conjuction with the |
|
366 |
XPath2FilterContainer for passing parameters. To know what xfilter2 is, see |
|
367 |
http://www.w3.org/Signature/Drafts/xmldsig-xfilter2/ : |
|
368 |
||
369 |
Document doc = ...; |
|
370 |
Transforms transforms = new Transforms(doc); |
|
371 |
XPath2FilterContainer x2c = |
|
372 |
// intersect |
|
373 |
XPath2FilterContainer.newInstanceIntersect(doc, "//a"); |
|
374 |
// subtract |
|
375 |
XPath2FilterContainer.newInstanceSubtract(doc, "//a"); |
|
376 |
// union |
|
377 |
XPath2FilterContainer.newInstanceUnion(doc, "//a"); |
|
378 |
||
379 |
transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER, |
|
380 |
x2c.getElement()); |
|
381 |
||
382 |
-------------------------------- |
|
383 |