You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Thomas Maslen (JIRA)" <ji...@apache.org> on 2014/09/04 22:35:23 UTC
[jira] [Created] (SANTUARIO-398)
SignedInfo.getCanonicalizedOctetStream() -- getInclusiveNamespaces() ?
Thomas Maslen created SANTUARIO-398:
---------------------------------------
Summary: SignedInfo.getCanonicalizedOctetStream() -- getInclusiveNamespaces() ?
Key: SANTUARIO-398
URL: https://issues.apache.org/jira/browse/SANTUARIO-398
Project: Santuario
Issue Type: Bug
Components: Java
Affects Versions: Java 1.5.6
Reporter: Thomas Maslen
Assignee: Colm O hEigeartaigh
Priority: Minor
[I happened to notice this while reading the code. Offhand it looks to me like a potential bug?]
In org.apache.xml.security.signature.SignedInfo:
The signInOctetStream(OutputStream) method checks getInclusiveNamespaces() and uses its value to select between overloaded canonicalizeSubtree(...) methods. All good.
By contrast, the getCanonicalizedOctetStream() method ignores getInclusiveNamespaces() and always just uses the canonicalizeSubtree(Node) method.
I'm guessing that getCanonicalizedOctetStream() should use the same logic that signInOctetStream() does, but perhaps I'm missing something.
Perhaps getCanonicalizedOctetSteam() doesn't actually get used and so this is mostly moot? [I came to this from OpenSAML, which definitely uses signInOctetStream() but, I believe, doesn't use getCanonicalizedOctetSteam()].
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)