You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Thomas Maslen (JIRA)" <ji...@apache.org> on 2014/09/04 22:35:23 UTC

[jira] [Created] (SANTUARIO-398) SignedInfo.getCanonicalizedOctetStream() -- getInclusiveNamespaces() ?

Thomas Maslen created SANTUARIO-398:
---------------------------------------

             Summary: SignedInfo.getCanonicalizedOctetStream() -- getInclusiveNamespaces() ?
                 Key: SANTUARIO-398
                 URL: https://issues.apache.org/jira/browse/SANTUARIO-398
             Project: Santuario
          Issue Type: Bug
          Components: Java
    Affects Versions: Java 1.5.6
            Reporter: Thomas Maslen
            Assignee: Colm O hEigeartaigh
            Priority: Minor


[I happened to notice this while reading the code.  Offhand it looks to me like a potential bug?]

In org.apache.xml.security.signature.SignedInfo:

The signInOctetStream(OutputStream) method checks getInclusiveNamespaces() and uses its value to select between overloaded canonicalizeSubtree(...) methods.  All good.

By contrast, the getCanonicalizedOctetStream() method ignores getInclusiveNamespaces() and always just uses the canonicalizeSubtree(Node) method.

I'm guessing that getCanonicalizedOctetStream() should use the same logic that signInOctetStream() does, but perhaps I'm missing something.


Perhaps getCanonicalizedOctetSteam() doesn't actually get used and so this is mostly moot?  [I came to this from OpenSAML, which definitely uses signInOctetStream() but, I believe, doesn't use getCanonicalizedOctetSteam()].




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)