You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2014/06/12 15:23:03 UTC
[jira] [Resolved] (SANTUARIO-350) Unmarshalling from existing
elements doesn't enforce syntax & semantic requirements
[ https://issues.apache.org/jira/browse/SANTUARIO-350?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved SANTUARIO-350.
-------------------------------------------
Resolution: Fixed
> Unmarshalling from existing elements doesn't enforce syntax & semantic requirements
> -----------------------------------------------------------------------------------
>
> Key: SANTUARIO-350
> URL: https://issues.apache.org/jira/browse/SANTUARIO-350
> Project: Santuario
> Issue Type: Bug
> Security Level: Public(Public issues, viewable by everyone)
> Components: Java
> Affects Versions: Java 1.5.3, Java 2.0.0
> Reporter: Eric Johnson
> Assignee: Colm O hEigeartaigh
> Fix For: Java 1.5.7, Java 2.0.1
>
>
> The methods called by way of XMLSignatureFactory.unmarshal() do not actually check that the names of the elements actually match the expected content model at all.
> For example, inspecting the constructor
> DOMXMLSignature(Element sigElem, XMLCryptoContext context, Provider provider)
> does the following:
> Element siElem = DOMUtils.getFirstChildElement(localSigElem);
> si = new DOMSignedInfo(siElem, context, provider);
> ... if you look at the constructor for DOMSignedInfo in turn, it does not itself enforce that the name of the element is, in fact, "SignedInfo", and in the correct namespace.
> The above is just one instance of the problem that happens throughout the unmarshalling code.
--
This message was sent by Atlassian JIRA
(v6.2#6252)