Passing Document as Signature Parent fails

[GoogleCodeExporter]

What steps will reproduce the problem?
1. The wiki claims we can pass a Document as the signature parent.

Element sigParentNode = ...; // The DOM node to which the signature will be 
appended (Element or Document)
signer.sign(dataObjs, sigParentNode);

The javadoc is silent about this but the method signature takes a Node instead 
of an Element hinting about other possibilities.

Unfortunately, when passing a Document we get:
Exception in thread "main" org.w3c.dom.DOMException: HIERARCHY_REQUEST_ERR: An 
attempt was made to insert a node where it is not permitted.

That's because XAdES4J is trying to add a second Element for the signature but 
the Document can only contain one DocumentElement.

This could possibly work if the Document does not have a DocumentElement but 
this means none of the References can contain same-document URIs like #myid. 
This is a serious limitation.

Maybe the intention was to take the DocumentElement as the actual parent.

Another possibility is to forbid passing a Document, therefore deprecating 
sign(SignedDataObjects, Node) and only offer sign(SignedDataObjects, Element).

What is the expected output? What do you see instead?
Either
1) allow passing a Document as the Signature parent, plus an update to the 
javadoc and a new junit.
2) or forbidding passing a Document and an update to the wiki.

What version of the product are you using? On what operating system?
1.2.0
Windows 7

Please provide any additional information below.

Original issue reported on code.google.com by clementp...@gmail.com on 6 Dec 2011 at 4:30

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

The intention was to treat the parameter as the actual signature parent, which 
is the current behavior. If the document already has a DocumentElement, the 
exception is the correct behavior. Note that you may want to have the signature 
as the DocumentElement; that's when you should pass the Document as the parent. 
There's no limitation in this; it just means that the signature doesn't need 
anything else on a document (such as a signature over external resources).

If the signature is meant to be child of an element, that element should be 
passed as the parent regardless it being the DocumentElement or not. If the 
document's root element was used, we'd loose the possibility of appending the 
signature directly to the document, hence becoming the root.

I get your point.. I see 2 options:

1) Update the docs to be more clear and leave the behavior as it is
2) Change the behavior to: if the parent is a Document and:
  a) has no root element -> signature becomes the root (appended to document as is)
  b) already has a root element -> root element is used as parent (reference node if using different appending strategies)

After writing this, I don't think option 2 is very useful. It's more confusing 
and will end up only on saving one call to doc.getDocumentElement().

Did I misunderstand something? If not, I think no changes should be made and 
the issue should be closed.

Original comment by luis.fgoncalv on 26 Dec 2011 at 5:55

[GoogleCodeExporter]

[deleted comment]

[GoogleCodeExporter]

As an additional note, this is the behavior of the JSR 105 API. At least it was 
when the XAdES4j implementation was based on it.

Original comment by luis.fgoncalv on 26 Dec 2011 at 6:06

[GoogleCodeExporter]

Original comment by luis.fgoncalv on 22 Jan 2012 at 8:19

• Added labels: Priority-Low
• Removed labels: Priority-Medium

[GoogleCodeExporter]

Original comment by luis.fgoncalv on 29 Jan 2012 at 11:56

• Changed state: WontFix