You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2013/11/25 12:02:40 UTC
svn commit: r1545219 - in /santuario/xml-security-java/trunk/src/main:
java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java
resources/security-config.xml
Author: coheigea
Date: Mon Nov 25 11:02:39 2013
New Revision: 1545219
URL: http://svn.apache.org/r1545219
Log:
[SANTUARIO-371] - Introduce a new Configuration property for EncryptedData events
Modified:
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java
santuario/xml-security-java/trunk/src/main/resources/security-config.xml
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java?rev=1545219&r1=1545218&r2=1545219&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/AbstractDecryptInputProcessor.java Mon Nov 25 11:02:39 2013
@@ -70,6 +70,8 @@ public abstract class AbstractDecryptInp
protected static final Integer maximumAllowedXMLStructureDepth =
Integer.valueOf(ConfigurationProperties.getProperty("MaximumAllowedXMLStructureDepth"));
+ protected static final Integer maximumAllowedEncryptedDataEvents =
+ Integer.valueOf(ConfigurationProperties.getProperty("MaximumAllowedEncryptedDataEvents"));
private final KeyInfoType keyInfoType;
private final Map<String, ReferenceType> references;
@@ -439,8 +441,8 @@ public abstract class AbstractDecryptInp
}
xmlSecEvents.push(encryptedDataXMLSecEvent);
- if (++count >= 50) {
- throw new XMLSecurityException("stax.xmlStructureSizeExceeded", 50);
+ if (++count >= maximumAllowedEncryptedDataEvents) {
+ throw new XMLSecurityException("stax.xmlStructureSizeExceeded", maximumAllowedEncryptedDataEvents);
}
//the keyInfoCount is necessary to prevent early while-loop abort when the KeyInfo also contains a CipherValue.
Modified: santuario/xml-security-java/trunk/src/main/resources/security-config.xml
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/resources/security-config.xml?rev=1545219&r1=1545218&r2=1545219&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/resources/security-config.xml (original)
+++ santuario/xml-security-java/trunk/src/main/resources/security-config.xml Mon Nov 25 11:02:39 2013
@@ -10,6 +10,7 @@
<Property NAME="AllowMD5Algorithm" VAL="false"/>
<Property NAME="AllowNotSameDocumentReferences" VAL="false"/>
<Property NAME="MaximumAllowedXMLStructureDepth" VAL="100"/>
+ <Property NAME="MaximumAllowedEncryptedDataEvents" VAL="100"/>
<Property NAME="DefaultLanguageCode" VAL="en"/>
<Property NAME="DefaultCountryCode" VAL="US"/>
</Properties>