Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
None
-
None
-
Security Level: Public (Public issues, viewable by everyone)
-
None
Description
This task describes new functionality available in the 1.5 library. It involves supporting a boolean switch, which defaults to false, which allows more secure validation of signatures. When enabled, this functionality implements the following constraints:
- Limits the number of Transforms per Reference to a maximum of 5.
- Does not allow XSLT transforms.
- Does not allow a RetrievalMethod to reference another RetrievalMethod.
- Does not allow a Reference to call the ResolverLocalFilesystem or
the ResolverDirectHTTP (references to local files and HTTP resources
are forbidden). - Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
- MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
- Guarantees that the Dereferenced Element returned via Document.getElementById is unique by performing a tree-search.
This functionality is supported in the core library through additional method signatures which take a boolean, and in the JSR-105 API via the property "org.apache.jcp.xml.dsig.secureValidation".
Attachments
Issue Links
- is related to
-
-
- Closed
-
-
-
- Closed
-