Details
-
Bug
-
Status: Closed
-
Major
-
Resolution: Fixed
-
Java 1.5.3, Java 2.0.0
-
Security Level: Public (Public issues, viewable by everyone)
-
None
Description
The methods called by way of XMLSignatureFactory.unmarshal() do not actually check that the names of the elements actually match the expected content model at all.
For example, inspecting the constructor
DOMXMLSignature(Element sigElem, XMLCryptoContext context, Provider provider)
does the following:
Element siElem = DOMUtils.getFirstChildElement(localSigElem);
si = new DOMSignedInfo(siElem, context, provider);
... if you look at the constructor for DOMSignedInfo in turn, it does not itself enforce that the name of the element is, in fact, "SignedInfo", and in the correct namespace.
The above is just one instance of the problem that happens throughout the unmarshalling code.