Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-350

Unmarshalling from existing elements doesn't enforce syntax & semantic requirements

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: Java 1.5.3, Java 2.0.0
    • Fix Version/s: Java 1.5.7, Java 2.0.1
    • Component/s: Java
    • Security Level: Public (Public issues, viewable by everyone)
    • Labels:
      None

      Description

      The methods called by way of XMLSignatureFactory.unmarshal() do not actually check that the names of the elements actually match the expected content model at all.

      For example, inspecting the constructor
      DOMXMLSignature(Element sigElem, XMLCryptoContext context, Provider provider)

      does the following:

      Element siElem = DOMUtils.getFirstChildElement(localSigElem);
      si = new DOMSignedInfo(siElem, context, provider);

      ... if you look at the constructor for DOMSignedInfo in turn, it does not itself enforce that the name of the element is, in fact, "SignedInfo", and in the correct namespace.

      The above is just one instance of the problem that happens throughout the unmarshalling code.

        Attachments

          Activity

            People

            • Assignee:
              coheigea Colm O hEigeartaigh
              Reporter:
              eric@tibco.com Eric Johnson
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: