I am having trouble to find out the correct XPath-expression for an enveloped XML-Signature. example given:
<xxx>
<bbb>
<Signature>
<SignedInfo>
...
<Reference>
<Transforms>
<Transform>
<XPath>???<XPath>
<Transform>
<Transforms>
...
<Reference>
<SignedInfo>
...
<Signature>
</bbb>
<bbb>
</bbb>
</xxx>
Each BBB may have its own signature (and XXX must not) and there is no ID-Attribute in BBB allowed. BBB can occur multiple times. So I need to tell the signature to work with its enveloping node. Sadly the schema is fix and I know not very nice, but I have to deal with it.
Maybe the here()-function ([http://www.w3.org/TR/xmldsig-filter2/#function-here) might help? My suggestion would be:
here()/../../../../../..
where it starts at the XPath-node (noted in the link) and I walk down the signature-nodes to my BBB-node, but that looks pretty messed up.
I got the answer to this:
it is simply not possible to reference the enveloping parent element via a XPath expression.
You need to use a reference ID.