| Changelog for "Apache xml-security" <http://santuario.apache.org/> |
| |
| New in v1.5.8: |
| Fixed SANTUARIO-406 - RSA/ECB/OAEPWithSHA-256AndMGF1Padding not working |
| Fixed SANTUARIO-403 - Support EncryptionProperty child elements |
| Fixed SANTUARIO-399 - XMLCipher fails to declare signature namespace on xenc:EncryptionMethod/ds:DigestMethod elements |
| Fixed SANTUARIO-398 - SignedInfo.getCanonicalizedOctetStream() -- getInclusiveNamespaces() |
| |
| New in v1.5.7: |
| Fixed SANTUARIO-307 - utf8 encode is broken |
| Fixed SANTUARIO-350 - Unmarshalling from existing elements doesn't enforce syntax & semantic requirements |
| Fixed SANTUARIO-375 - Canonicalizer.ALGO_ID_C14N_PHYSICAL's initialization |
| Fixed SANTUARIO-379 - Signing XML with SHA1 with DSA throws exception when key is larger than 1024 |
| Fixed SANTUARIO-383 - NPE in DOMXMLSignature. |
| Fixed SANTUARIO-388 - Add support + testing for RIPE-MD160 digest algorithm |
| Fixed SANTUARIO-389 - Add support + testing for SHA-224 digest algorithm |
| Fixed SANTUARIO-391 - Support for Signature Algorithm RSA with SHA-224 |
| Fixed SANTUARIO-392 - In XMLCipher support use of GCMParameterSpec for AES GCM modes |
| Fixed SANTUARIO-393 - Performance regression as signature data is not buffered |
| |
| New in v1.5.6: |
| Fixed SANTUARIO-368 - NPE in XMLSignature. |
| |
| New in v1.5.4: |
| Fixed SANTUARIO-337 - ResourceResolver does thread-unsafe handling of the "secureValidation" flag. |
| Fixed SANTUARIO-353 - ReferenceSubTreeData.iterator() does not return nodes in document order. |
| Fixed SANTUARIO-351 - Avoid possible NPE in Unsync OutputStreams. |
| |
| New in v1.5.3: |
| Fixed SANTUARIO-344 - XMLSignature keeps file-handle on xml-file. |
| Fixed SANTUARIO-345 - Support Signature 1.1 KeyInfo Extensions: DEREncodedKeyValue, KeyInfoReference, X509Digest. |
| Fixed SANTUARIO-342 - NullPointer in javax.xml.crypto.KeySelectorException.printStackTrace |
| Fixed SANTUARIO-336 - Multiple race conditions in the ResolverDirectHttp implementation |
| Fixed SANTUARIO-335 - Remove use of X509Certificate getSubjectDN + getIssuerDN. |
| Fixed SANTUARIO-334 - UnsyncByteArrayOutputStream hangs on messages larger 512 MB. |
| |
| New in v1.5.2: |
| Fixed SANTUARIO-313 - Javadocs warnings. |
| Fixed SANTUARIO-309 - Default XMLCipher canonicalizer may decrypt element to the wrong namespace. |
| Fixed SANTUARIO-308 - Canonicalizer error when encrypting multiple elements. |
| Fixed SANTUARIO-310 - Implement KeyResolvers for PrivateKeys and SecretKeys. |
| Fixed SANTUARIO-305 - No way to register internal key resolvers in DECRYPT_MODE. |
| Fixed SANTUARIO-306 - KeySelectors loop |
| Fixed SANTUARIO-304 - No way to distinguish DataReference from a KeyReference when iterating a ReferenceList |
| Fixed SANTUARIO-302 - Need API to martial an independent ReferenceList. |
| Fixed SANTUARIO-301 - Missing KeyInfo element when encrypting multiple elements. |
| |
| New in v1.5.1: |
| Fixed SANTUARIO-300 - decryption/encryption optimization. |
| Fixed SANTUARIO-296 - XMLSignatureInput fails with an IOException if constructed on a BufferedInputStream |
| Fixed SANTUARIO-298 - Xalan is still a required dependency |
| Fixed SANTUARIO-299 - StringIndexOutOfBoundsException is thrown during reference verification (if URI = "#") |
| Fixed SANTUARIO-297 - Exceptions should use a JDK exception cause mechanism |
| |
| New in v1.5.0: |
| Fixed SANTUARIO-295: XMLDSig XPathFilter2Transform bug involving intersect filter |
| Fixed SANTUARIO-282: RSA-OAEP key transport is limited to SHA-1 digests. |
| Fixed SANTUARIO-293: Support XML Encryption 1.1 Key Wrapping test-cases. |
| Fixed SANTUARIO-292: Add the ability to access the dereferenced Elements after signature validation in the non-JSR-105 API. |
| Fixed SANTUARIO-290: Add a secure validation switch for signature processing |
| Fixed SANTUARIO-255: Port JSR 105 code to JDK 1.5. |
| Fixed SANTUARIO-288: Add support for GCM algorithms via a third-party Crypto provider. |
| Fixed SANTUARIO-287: Rename org.jcp package in the 1.5 release. |
| Fixed SANTUARIO-284: ElementProxy#getTextFromChildElement() doesn't get all of the text if the element contains an entity like & |
| Fixed SANTUARIO-273: xml:base attribute not processed correctly in C14N11 canonicalization. |
| Fixed SANTUARIO-260: Review logging |
| Fixed SANTUARIO-257: Use JUnit4 for testing |
| Fixed SANTUARIO-256: Port non-JSR 105 code to use JDK 1.5. |
| Fixed SANTUARIO-269: Register default algorithms/implementations dynamically. |
| Fixed SANTUARIO-283: JSR105 does not retain namespace definitions on Object element when unmarshalling |
| Fixed SANTUARIO-254: Rework org.apache.xml.security.utils.resolver.ResourceResolver. |
| Fixed SANTUARIO-248: Add support for ECDSA signature with SHA-2 message digests + enhancements in ASN.1 to XMLDSIG converter (and viceversa) |
| |
| New in v.1.4.6 |
| Fixed SANTUARIO-284: ElementProxy#getTextFromChildElement() doesn't get all of the text if the element contains an entity like & |
| Fixed SANTUARIO-283: JSR105 does not retain namespace definitions on Object element when unmarshalling |
| Fixed SANTUARIO-281: Invalid signature value when using XMLSignature in two EJB modules on AS |
| Fixed SANTUARIO-102: Private keys must be instance of RSAPrivate or have PKCS#8 encoding |
| Fixed SANTUARIO-273: xml:base attribute not processed correctly in C14N11 canonicalization. |
| |
| New in v1.4.5 |
| Fixed SANTUARIO-250: VerifyMerlinsExamplesFifteen/TwentyThree.java samples should ignore signature-enveloping-hmac-sha1-40.xml |
| Fixed SANTUARIO-191: xml:id attributes are not correctly handled when using c14n11. |
| Fixed SANTUARIO-266: c14n11 produces different signatures using version 1.4.3 and 1.4.4. |
| Fixed SANTUARIO-253: org.apache.xml.security.utils.resolver.ResourceResolver is not thread safe. |
| Fixed SANTUARIO-263: Canonicalizer can't handle dynamical created DOM correctly. Thanks to Martin Koegler. |
| Fixed SANTUARIO-262: Invalid use of String.getBytes(). Thanks to Martin Koegler. |
| |
| New in v1.4.4 |
| Fixed Bug 50248: Concurrency problem on incomplete Init.init() calls. Thanks to Oliver Moehrke. |
| Fixed Bug 50215: test_jsr105 target appears to fail certain tests because of changes to W3C xml-stylesheet spec |
| |
| New in v1.4.4-SNAPSHOT |
| Fixed Bug 50122: JSR 105 TransformService classloading issue |
| Fixed Bug 40897: String comparisons using '==' causes validation errors with some parsers. |
| Fixed Bug 50050: UnsyncByteArrayOutputStream throws ArrayIndexOutOfBoundsException if array length > internal buffer expansion size. |
| Fixed Bug 50036: IdResolver Java API extension. Thanks to Stefan Vladov. |
| Fixed Bug 49493: Cannot resolve PrivateKeys used in Key Transport algorithms. Thanks to Clement Pellerin. |
| Fixed Bug 49577: DOMSubTreeData allows for only one iteration over referenced data. |
| Fixed Bug 49692: Xmlsec 1.4.3 not compatible with xmlbeans 2.4.0. |
| Fixed Bug 49629: Some changes to the build system. |
| Fixed Bug 49483: KeyResolver.registerAtStart() leads to ClassCastException. Thanks to Clement Pellerin. |
| Fixed Bug 49458: StorageResolver always exhausted after first use. Thanks to Clement Pellerin. |
| Fixed Bug 49456: StorageResolver.next() gives ClassCastException. Thanks to Clement Pellerin. |
| Fixed Bug 49450: KeyStoreResolver always exhausted after first use. Thanks to Clement Pellerin. |
| Fixed Bug 49447: KeyStoreResolver iterator returns null for symmetric keys. Thanks to Clement Pellerin. |
| Fixed Bug 48368: Digest Value of References inside Manifest - calculation order problem |
| Fixed Bug 47779: ConcurrentModificationException in XMLUtils. |
| Fixed Bug 47761: xmlns:xml namespace improperly emitted during excl c14n. Thanks to Scott Cantor. |
| Fixed Bug 36526: Out of memory error when signing or verifying big files. Thanks to Agnes Juhasz. |
| Fixed Bug 47784: ClassNotFoundException when init the xml security in OSGi plateform |
| Fixed Bug 47762: contextChild parameter of Transform.getInstance may be null |
| New in v1.4.3 |
| Fixed Bug 47526: XML signature HMAC truncation authentication bypass |
| Fixed Bug 47525: Fix checkstyle problems with source and tests. |
| Fixed Bug 42239: ECDSA signature value interopability patch. |
| Fixed Bug 45744: XPath transform and xml-stylesheet. |
| Fixed Bug 42986: The </#document> node inserted at the end of SOAPEnvelope. |
| Fixed Bug 47029: Unnecessary namespace declarations on EncryptedData children. |
| Fixed Bug 44335: Can't validate after invalid validation. |
| Fixed Bug 47260: Improve Java unit testing. |
| Fixed Bug 47265: Some website updates. |
| Fixed Bug 45388: We need a POM file added to the Maven repository. |
| Fixed Bug 47483: Remove JDK 1.5 API dependencies |
| Fixed bug 47057: Downgrade signature verification logging from "info". Thanks to Colm O hEigeartaigh. |
| Fixed bug 42061: Method to disable XMLUtils.addReturnToElement (reopened): changed Base64 code to ignore line breaks, if enabled. Thanks to Colm O hEigeartaigh. |
| Fixed bug 47097: Reusing XMLSignature for signing and verifying fails on same thread. Thanks to Bruno Harbulot. |
| Fixed bug 46732: Failed to add more than one child element to EncryptionMethod. |
| Fixed bug 46101: org.apache.xml.security.utils.IdResolver is not thread safe |
| Fixed bug 45961: verify with own canonicalization method. Thanks to Anton Kosyakov. |
| Fixed bug 45475: XMLSignature::getKeyInfo method modifies document |
| Fixed bug 45811: Fix XMLSec 1.4.2 problems reported by findbugs |
| Fixed bug 45706: Transform.register class loading and recursive instantiation problems |
| Fixed bug 45664: Some calls should be wrapped in AccessController.doPrivileged |
| Fixed bug 45634: Restore XMLUtils.createDSctx method. |
| Fixed bug 45095: log4j.properties in xmlsec sources and builds has side |
| effects in production environment. Thanks to Joachim Rousseau. |
| |
| New in v1.4.2rc1 |
| Fixed bug 44999: DOMException is thrown at XMLSignature creation. Thanks to Giedrius Noreikis. |
| Fixed bug 44863: Improved logging in signature handling. Thanks to Wally Dennis. |
| Fixed bug 44956: Concurrent creation of a XMLSignature instance produces an ArrayIndexOutOfBoundsException. Thanks to Giedrius Noreikis |
| Fixed bug 44991: Concurrent invocation of KeyInfo.getX509Certificate() occasionally fails. Thanks to Giedrius Noreikis |
| |
| New in v1.4.2beta2 |
| Fixed bug 44810: Add support for more XMLDSig algorithms listed in RFC 4051 |
| Fixed bug 44617: Regression when processing XPath transform (additional fix) |
| New in v1.4.2beta1 |
| Fixed bug 44629: Switch order of XML Signature validation steps |
| Fixed bug 44617: Regression when processing XPath transform |
| Fixed bug 44586: XMLX509IssuerSerial.getIssuerName incorrectly escapes '#' in hex values |
| Fixed rfe 42653: Add support for C14N 1.1 to Java implementation. Thanks |
| to Sean Mullan. |
| Fixed bug 44205: XMLX509Certificate.getX509Certificate() results in certificate parsing error. Thanks to Vishal Mahajan. |
| Fixed Bug 44177: when using xslt transformation there is problem with xalan newline. Thanks to Matej Spiller. |
| Small refactor for ElementProxy to get rid of the state, it was an old |
| vestige that where taking space and obfuscating the code. |
| Fixed bug 40897: String comparisons using '==' causes validation errors |
| with some parsers. Thanks Vishal Mahajan |
| Fixed bug 43056: Library does not allow specify provider for private key |
| operations. Thanks to Alon Bar-Lev. |
| Fixed bug 44102: XMLCipher loadEncryptedKey error. Thanks to Butler. |
| Fixed bug 43239: "No installed provider supports this key" when checking a |
| RSA signature against a DSA key before RSA key. Thanks to Matthias |
| Germann. |
| Fixed bug 42597: Unnecessary namespace declarations on Signature children |
| Thanks to Brent Putnam. |
| Fixed bug 42061: Method to disable XMLUtils.addReturnToElement. Thanks to |
| Michael McIntosh. |
| Fixed bug 42865: Problem with empty BaseURI in ResolverLocalFilesystem. |
| Thanks to Frank Cornelis. |
| Fixed bug 43230: Inclusive C14n doesn't always handle xml:space & xml:lang |
| attributes correctly |
| Fixed bug 38668: Add XMLCipher.encryptData method that takes serialized |
| data as parameter. Thanks to Vladimir Ionescu. |
| Fixed bug 42886: Error when removing encrypted content in 1.4.1. Thanks to |
| Julien Taupin and Daniele Gagliardi. |
| Fixed bug 42820: ClassLoader issue causing NoSuchAlgorithmException loading |
| Provider Implementation. Thanks to James Washington. |
| New in 1.4.1 |
| Fixed bug 42239: ECDSA signature value interoperability patch. Thanks to Wolfgang Glas for fix. |
| |
| New in v1.4.1beta1 |
| Fixed bug 41892: XML Security 1.4.0 does not build with IBM's JDK |
| Fixed bug 41927: Cannot canonicalize with XSLT transform. Thanks to |
| Lijun Liao for fix. |
| Fixed bug 41805: Resolution of SAML 1.x ID attributes, incorrect namespace. Thanks to |
| Brent Putman for fix. |
| Fixed bug 41474: two text nodes with the value '\n' in succession within |
| <ds:SignedInfo> and <ds:X509IssuerSerial>. Thanks to Lijun Liao for fix. |
| Fixed bug 41510: org.apache.xml.security.keys.content.KeyValue.getPublicKey() |
| returns null for DSA key. Thanks to Stepan Hrbacek for fix. |
| Fixed bug 41569: Cannot specify dynamically a specific JCE Provider with |
| the DSA Signature. Thanks to Julien Pasquier for fix. |
| Fixed bug 41573: XMLCipher StackOverflowError. Thanks to Marek Jablonski |
| for fix. |
| Fixed bug 41462: Xml canonization - UTF-8 encoding issue in Xml security 1.4.0 Thanks to Karol Rewera. |
| Fixed bug 41520: Cannot generate signatures with the same key but different algorithms in sucession. Thanks to Lijun Liao |
| New in 1.4 |
| Fixed bug 40896 |
| |
| New in 1.4RC4 |
| Fixed bug 40880 |
| |
| New in 1.4RC3 |
| Fixed bug 40796 |
| |
| New in 1.4RC2a |
| Fixed bug 40783 |
| |
| New in 1.4RC2 |
| Fixed bug 40512. Made TransformSPI backward compatible. Now it is possible |
| to use implementations for the >1.3 versions paying the performance hit |
| of the old implementation. |
| Fix a small & unneeded java 1.4 dependecy. |
| KeyResolver & ResourceResolver can work like <1.3 mode when used with old implementations. |
| |
| New in 1.4RC1 |
| Fixed bug 40290. |
| Fixed bug 40298. |
| Fixed bug 40360. Changed a little the way the IdResolver works when |
| Document.getElementById fails. |
| Fixed bug 40404. |
| |
| New in v1.4beta2 |
| Optimization in c14n in node-sets. |
| Optimization for the xml:* inheritance in inclusive c14n. |
| Added ECDSA signature thanks Markus Lindner |
| Optimization in RetrievelMethod handling. Don't reparse the bytes into a DOM tree if not needed thanks David Garcia. |
| Fixed bug 40215: Base64 is not working in EBCDIC platform. Thanks to |
| acastro.dit@aeat.es for fix. |
| Big optimizations in XPath2 transformation. |
| Fixed bug 40245 in XPATH2 transformation(only in development version) |
| Fixed bug no resolver for X509Data with just a X509Certificate. |
| Optimization in Base64 to do simple transformation from String to byte[] |
| |
| New in v1.4beta1 |
| Fixed bug 40032. Fixed BUG 40031 Fixed bug when the prefix digital signature uri is not null. |
| Changes in the NodeFilter API in order to let the transformations |
| do some optimizations take into account the c14n order. |
| Optimization in signature transformation in node-sets(xpath, xpath2), 20-40% speed-up. |
| |
| New in v1.4beta0 |
| Fixed bug 38668: Add XMLCipher.encryptData method that takes |
| serialized data as parameter (mullan) |
| Fixed bug 39273: JSR 105 DOMCryptoContext.setIdAttributeNS not working |
| when validating signatures (mullan) |
| Fixed bug 38405: ElementProxy.length() is not working (Java) (mullan) |
| Fixed bug 37708: Different behaviour with NodeSet and RootNode with |
| InclusiveNamespaces (mullan) |
| Fixed bug 37456: Signing throws an exception if custom resource |
| resolver is registered (mullan) |
| Fixed bug 38655 |
| Fixed bug 38444. |
| Fixed bug 38605. |
| Fixed bug 39200(API CHANGE) |
| Refactored the way keyresolver works instead of calling canResolve/resolveX only resolveX is used |
| and if it returns null it means it cannot resolve. |
| Minor Optimizations. |
| Lazy fields initialization, initialize with null and create the object only when needed |
| Registered Class reorder, in several parts the library contains a list of workers |
| that are asked if it can solve a problem. Now the one that said yes is move to the front |
| wishing that the next time it also hits. |
| API Change: Make Transform & TransformSpi reusable between threads. |
| remove setTransform(Transform t) method in TransformSpi and pass |
| the Transform object in enginePerformTransfor methods. |
| Fixed bug 39685: bugs reported by findbugs (mullan) |
| Added support for SHA256 & SHA512 DigestMethods to JSR 105. (mullan) |
| Fix JSR 105 unmarshaling bug: now recognizes PGPData. (mullan) |
| Optimization to not create instances of Signature or MessageDigest objects, but mantain one for thread. |
| Also don't change the key if it was already used. (raul) |
| |
| New in v1.3 |
| Init-Don't fail if a transformation don't have all of its dependecies. |
| Remove XPath initialization from Init and do only when xpath is needed. |
| Resolv-Removed the use of xpath expressions to search the elements to sign/verify, now use only plain DOM searching. |
| Resolvers-Remove wantsOctectStream wantsNodeSet and his returns pair they are not used, right now and some are incorrect. |
| Remove the Use of xalan or xerces class URI |
| Removed the expandSystemId |
| Changed from Vector<String> to List<Class>, so we don't need to use classForName everytime and used it just the first time. |
| Removed PRNG,HexDump,Version, X509CertificateValidator |
| Added an unsync buffer outputstream. |
| Changed Symbol table to a more efficient and simple structure |
| Fixed bug 34743 , Submitted by: Lee Coomber <lee.at.lshift.net> |
| Minor speedups in b64, Halved the table lookups. |
| Reduce Object creation during c14n, from one to level to one per c14n. |
| Change all Vector to List(ArrayList), we don't need synchronization safety. |
| *Refactor the way we handle c14n of nodesets: |
| Before this patch every transformation creates a set with the nodes that should |
| be outputed. Every set is obtaining visiting the whole dom tree every time, |
| and then do it other time at c14n time. So it does <number of transformations>+1 |
| visitings, very slow and memory costly. |
| Now every transformation just return a NodeFilter that tells if the node is included or not. |
| So only one visiting is done. |
| Unified http://www.w3.org/2002/06/xmldsig-filter2 and http://www.w3.org/2002/04/xmldsig-filter2 transformation implementations. |
| Removed http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter transformation |
| Canonicalization tree travesing is not recursive. it gives better memory handling and performance. |
| Fixed bug 33936, Submited by: Raymond Wong <rwong.at.ariba.com> |
| Fixed bug 35919, Submited by: Luda <ludab.at.lanl.gov> |
| out of the box j2se 1.5 ready(no adding xalan in the classpath or endorsed if no |
| xpath transformation is needed) |
| |
| |
| New in v1.2.1 |
| * Fix the memory leak when using xpath or using ResourceResolver and not hitting |
| getElementByIdUsingDOM() [http://issues.apache.org/bugzilla/show_bug.cgi?id=32836] |
| * Fix the bug with using XPath2Filter and inclusive c14n |
| * Fix the bug arrouse in reusing Canonicalizers |
| * Fix base64transformation bug [http://issues.apache.org/bugzilla/show_bug.cgi?id=33393 ] |
| * Fix the XMLsignatureInput reset() bug. |
| * Clean unused jar (xmlParserAPI.jar,etc) and check and stored new versions. |
| * generated the dist jar with version (i.e. xmlsec-1.2.1.jar instead of plain xmlsec.jar) |
| * Clean unused build*.xml files. |
| |
| |
| ############################################################################## |
| # New in v1.0.3 24. May 2002 |
| ############################################################################## |
| |
| IMPORTANT: |
| |
| - The different classes do not call Init.init() any longer. This must be done |
| by YOU in your application. If you miss that, you'll get many |
| AlgorithmNotRegistered exceptions... |
| |
| -------------------------------- |
| |
| Summary: |
| |
| - The software is faster. Especially canonicalization is between |
| factor 5--80 faster than the old one. |
| |
| - Some deprecated methods in the Canonicalizer are deleted. |
| |
| - We support Exclusive Canonicalization |
| |
| - We support the XPath Filter version 2.0 Draft. |
| |
| -------------------------------- |
| |
| Optimizations and speed-up |
| |
| - canonicalization |
| - inclusive c14n is now faster (factor between 5 and 80) |
| - transforms |
| - enveloped-signature is now faster (no XPath ops any more) |
| - base64 is now faster (no XPath ops any more) |
| - c14n is now faster (due to faster c14n algo) |
| |
| -------------------------------- |
| |
| Signature package: |
| |
| - The XMLSignatureInput which is used for passing node sets and octet |
| streams into transforms and which is also the result of transforms |
| uses a java.util.Set now instead of a NodeList for the internal |
| representation of xpath node sets. This allows easier queries in the |
| form: Is node N part of the node set. |
| |
| The implication is that you can also pass a Set which contains the nodes |
| to be canonicalized to the Canonicalizers using |
| public byte[] canonicalizeXPathNodeSet(Set xpathNodeSet) |
| |
| -------------------------------- |
| |
| Canonicalizer: |
| |
| - A bug (well, my understanding of c14n) is corrected regarding the |
| canonicalization of node sets. That bug related to the xml:* |
| attributes. See xmldsig mailing list archive @ w3.org for details. |
| |
| - removed are the methods |
| |
| - public byte[] canonicalize(Node node) |
| - public byte[] canonicalizeDocument(Document doc) |
| - public byte[] canonicalizeSingleNode(Node rootNode) |
| |
| replaced by public byte[] canonicalizeSubtree(Node node) |
| |
| - public byte[] canonicalize(NodeList xpathNodeSet) |
| |
| replaced by public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet) |
| |
| - public void setXPath(Object xpath) |
| - public Object getXPath() |
| - public String getXPathString() |
| - public void setXPathNodeSet(NodeList nodeList) |
| |
| These are no longer in use. If you want to c14nize an xpath |
| node set, select it using CachedXPathAPI and then apply |
| canonicalizeXPathNodeSet to the node set. |
| |
| - public void setRemoveNSAttrs(boolean remove) |
| - public boolean getRemoveNSAttrs() |
| |
| The c14nizers do not add any attributes (namespaces or xml:*) |
| to the document, so these method make no sense. |
| |
| - The Canonicalizer now supports "Exclusive XML Canonicalization |
| Version 1.0" <http://www.w3.org/Signature/Drafts/xml-exc-c14n>, Rev 1.58. |
| |
| For that reason, the c14n methods allow an additional String parameter |
| for passing the inclusive namespaces. |
| |
| public byte[] canonicalizeSubtree(Node node, |
| String inclusiveNamespaces) |
| public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet, |
| String inclusiveNamespaces) |
| |
| Such a string looks e.g. like this |
| |
| String inclusiveNamespaces = "ds xenc ex #default"; |
| |
| For more on exclusive c14n, see the spec. If you pass this parameter to the |
| regular (inclusive) c14nizer, you'll get a |
| CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation") |
| |
| -------------------------------- |
| |
| Transforms: |
| |
| - The exclusive c14n is also supported by the transform framework. |
| The parameter for the inclusive namespaces is the class |
| org.apache.xml.security.transforms.params.InclusiveNamespaces |
| |
| If you want to make a Transform like this, do that: |
| |
| Document doc = ...; |
| Transforms transforms = new Transforms(doc); |
| InclusiveNamespaces incNS = new InclusiveNamespaces(doc, "ns2"); |
| transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS, |
| incNS.getElement()); |
| |
| - The XPathContainer for the XPath transform is now moved from the |
| org.apache.xml.security.c14n.helper package to |
| org.apache.xml.security.transforms.params.XPathContainer |
| |
| - The enveloped-signature transform is faster now. We don't do costly |
| XPath operations but 'simple' DOM ops. |
| |
| - Base64 is faster (no XPath ops). |
| |
| - The TransformXPath2Filter is now supported by the package. It can be used by |
| using the identifier Transforms.TRANSFORM_XPATH2FILTER in conjuction with the |
| XPath2FilterContainer for passing parameters. To know what xfilter2 is, see |
| http://www.w3.org/Signature/Drafts/xmldsig-xfilter2/ : |
| |
| Document doc = ...; |
| Transforms transforms = new Transforms(doc); |
| XPath2FilterContainer x2c = |
| // intersect |
| XPath2FilterContainer.newInstanceIntersect(doc, "//a"); |
| // subtract |
| XPath2FilterContainer.newInstanceSubtract(doc, "//a"); |
| // union |
| XPath2FilterContainer.newInstanceUnion(doc, "//a"); |
| |
| transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER, |
| x2c.getElement()); |
| |
| -------------------------------- |
| |