Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-327

Add a secure validation switch for streaming signature processing

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • Java 2.0.0
    • Java
    • Security Level: Public (Public issues, viewable by everyone)
    • None

    Description

      This task is to add a secure validation switch for streaming signature processing. This property is false by default. When set to true, it enforces the following processing rules (possibly each should be separately configurable):

      a) Limits the number of Transforms per Reference to a maximum of 5.
      b) Limits the number of references per Manifest (SignedInfo) to a maximum of 30.
      c) MD5 is not allowed as a SignatureAlgorithm or DigestAlgorithm.
      d) Do not allow local or remote references
      e) Enforce maximum depth of the xml
      f) Guarantee that the dereferenced element is unique...is this already enforced?

      Attachments

        Issue Links

          relates to

          Improvement - An improvement or enhancement to an existing feature or task. SANTUARIO-290 Add a secure validation switch for signature processing

          • Major - Major loss of function.
          • Closed

          Activity

            People

              giger Marc Giger
              coheigea Colm O hEigeartaigh
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: