You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Steve Jones (Created) (JIRA)" <ji...@apache.org> on 2012/01/03 20:54:39 UTC
[jira] [Created] (SANTUARIO-291) XML parsing should allow
configuration (e.g. EntityResolver, DOCTYPE allowed)
XML parsing should allow configuration (e.g. EntityResolver, DOCTYPE allowed)
-----------------------------------------------------------------------------
Key: SANTUARIO-291
URL: https://issues.apache.org/jira/browse/SANTUARIO-291
Project: Santuario
Issue Type: Bug
Components: Java
Affects Versions: Java 1.4.6, Java 1.4.5, Java 1.4.4
Reporter: Steve Jones
Assignee: Colm O hEigeartaigh
When transforming referenced data prior to digesting, the content may need to be parsed (in XMLSignatureInput.convertToNodes())
Currently the user cannot customize the XML parser configuration, to disallow document type declarations, or configure an entity resolver.
This may be an issue in some environments if the signed data has a document type declaration that should be resolved to a local copy of the DTD, or if the signed data should not contain a document type declaration, or is not permitted to reference external entities.
An example of how this issue can occur is a Base64 transform, followed by canonicalization:
<ds:Reference URI="#signeddata">
<ds:Transforms>
<ds:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#base64"/>
<ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/>
</ds:Transforms>
<ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1"/>
<ds:DigestValue>tZ/wPQtWp7Bca2Z1QqnpwZLRLZ4=</ds:DigestValue>
</ds:Reference>
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira