You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by co...@apache.org on 2013/11/25 12:02:40 UTC

svn commit: r1545219 - in /santuario/xml-security-java/trunk/src/main: java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java resources/security-config.xml

Author: coheigea
Date: Mon Nov 25 11:02:39 2013
New Revision: 1545219

URL: http://svn.apache.org/r1545219
Log:
[SANTUARIO-371] - Introduce a new Configuration property for EncryptedData events

Modified:
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java
    santuario/xml-security-java/trunk/src/main/resources/security-config.xml

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java?rev=1545219&r1=1545218&r2=1545219&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java Mon Nov 25 11:02:39 2013
@@ -70,6 +70,8 @@ public abstract class AbstractDecryptInp
 
     protected static final Integer maximumAllowedXMLStructureDepth =
             Integer.valueOf(ConfigurationProperties.getProperty("MaximumAllowedXMLStructureDepth"));
+    protected static final Integer maximumAllowedEncryptedDataEvents =
+        Integer.valueOf(ConfigurationProperties.getProperty("MaximumAllowedEncryptedDataEvents"));
 
     private final KeyInfoType keyInfoType;
     private final Map<String, ReferenceType> references;
@@ -439,8 +441,8 @@ public abstract class AbstractDecryptInp
             }
 
             xmlSecEvents.push(encryptedDataXMLSecEvent);
-            if (++count >= 50) {
-                throw new XMLSecurityException("stax.xmlStructureSizeExceeded", 50);
+            if (++count >= maximumAllowedEncryptedDataEvents) {
+                throw new XMLSecurityException("stax.xmlStructureSizeExceeded", maximumAllowedEncryptedDataEvents);
             }
 
             //the keyInfoCount is necessary to prevent early while-loop abort when the KeyInfo also contains a CipherValue.

Modified: santuario/xml-security-java/trunk/src/main/resources/security-config.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/resources/security-config.xml?rev=1545219&r1=1545218&r2=1545219&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/resources/security-config.xml (original)
+++ santuario/xml-security-java/trunk/src/main/resources/security-config.xml Mon Nov 25 11:02:39 2013
@@ -10,6 +10,7 @@
         <Property NAME="AllowMD5Algorithm" VAL="false"/>
         <Property NAME="AllowNotSameDocumentReferences" VAL="false"/>
         <Property NAME="MaximumAllowedXMLStructureDepth" VAL="100"/>
+        <Property NAME="MaximumAllowedEncryptedDataEvents" VAL="100"/>
         <Property NAME="DefaultLanguageCode" VAL="en"/>
         <Property NAME="DefaultCountryCode" VAL="US"/>
     </Properties>