Google Git
Sign in
apache / santuario-java / refs/tags/J_1_3 / . / CHANGELOG.txt
blob: a06f8eb0d6a497a7ae2571a710d22a7dc6a3b1ce [file] [log] [blame]
Changelog for "Apache xml-security" <http://xml.apache.org/security/>
New in v1.2.1-99
Init-Don't fail if a transformation don't have all of its dependecies.
Remove XPath initialization from Init and do only when xpath is needed.
Resolv-Removed the use of xpath expressions to search the elements to sign/verify, now use only plain DOM searching.
Resolvers-Remove wantsOctectStream wantsNodeSet and his returns pair they are not used, right now and some are incorrect.
Remove the Use of xalan or xerces class URI
Removed the expandSystemId
Changed from Vector<String> to List<Class>, so we don't need to use classForName everytime and used it just the first time.
Removed PRNG,HexDump,Version, X509CertificateValidator
Added an unsync buffer outputstream.
Changed Symbol table to a more efficient and simple structure
Fixed bug 34743 , Submitted by: Lee Coomber <lee.at.lshift.net>
Minor speedups in b64, Halved the table lookups.
Reduce Object creation during c14n, from one to level to one per c14n.
Change all Vector to List(ArrayList), we don't need synchronization safety.
*Refactor the way we handle c14n of nodesets:
Before this patch every transformation creates a set with the nodes that should
be outputed. Every set is obtaining visiting the whole dom tree every time,
and then do it other time at c14n time. So it does <number of transformations>+1
visitings, very slow and memory costly.
Now every transformation just return a NodeFilter that tells if the node is included or not.
So only one visiting is done.
Unified http://www.w3.org/2002/06/xmldsig-filter2 and http://www.w3.org/2002/04/xmldsig-filter2 transformation implementations.
Removed http://www.nue.et-inf.uni-siegen.de/~geuer-pollmann/#xpathFilter transformation
Canonicalization tree travesing is not recursive. it gives better memory handling and performance.
Fixed bug 33936, Submited by: Raymond Wong <rwong.at.ariba.com>
Fixed bug 35919, Submited by: Luda <ludab.at.lanl.gov>
out of the box j2se 1.5 ready(no adding xalan in the classpath or endorsed if no
xpath transformation is needed)
New in v1.2.1
* Fix the memory leak when using xpath or using ResourceResolver and not hitting
getElementByIdUsingDOM() [http://issues.apache.org/bugzilla/show_bug.cgi?id=32836]
* Fix the bug with using XPath2Filter and inclusive c14n
* Fix the bug arrouse in reusing Canonicalizers
* Fix base64transformation bug [http://issues.apache.org/bugzilla/show_bug.cgi?id=33393 ]
* Fix the XMLsignatureInput reset() bug.
* Clean unused jar (xmlParserAPI.jar,etc) and check and stored new versions.
* generated the dist jar with version (i.e. xmlsec-1.2.1.jar instead of plain xmlsec.jar)
* Clean unused build*.xml files.
##############################################################################
# New in v1.0.3 24. May 2002
##############################################################################
IMPORTANT:
- The different classes do not call Init.init() any longer. This must be done
by YOU in your application. If you miss that, you'll get many
AlgorithmNotRegistered exceptions...
--------------------------------
Summary:
- The software is faster. Especially canonicalization is between
factor 5--80 faster than the old one.
- Some deprecated methods in the Canonicalizer are deleted.
- We support Exclusive Canonicalization
- We support the XPath Filter version 2.0 Draft.
--------------------------------
Optimizations and speed-up
- canonicalization
- inclusive c14n is now faster (factor between 5 and 80)
- transforms
- enveloped-signature is now faster (no XPath ops any more)
- base64 is now faster (no XPath ops any more)
- c14n is now faster (due to faster c14n algo)
--------------------------------
Signature package:
- The XMLSignatureInput which is used for passing node sets and octet
streams into transforms and which is also the result of transforms
uses a java.util.Set now instead of a NodeList for the internal
representation of xpath node sets. This allows easier queries in the
form: Is node N part of the node set.
The implication is that you can also pass a Set which contains the nodes
to be canonicalized to the Canonicalizers using
public byte[] canonicalizeXPathNodeSet(Set xpathNodeSet)
--------------------------------
Canonicalizer:
- A bug (well, my understanding of c14n) is corrected regarding the
canonicalization of node sets. That bug related to the xml:*
attributes. See xmldsig mailing list archive @ w3.org for details.
- removed are the methods
- public byte[] canonicalize(Node node)
- public byte[] canonicalizeDocument(Document doc)
- public byte[] canonicalizeSingleNode(Node rootNode)
replaced by public byte[] canonicalizeSubtree(Node node)
- public byte[] canonicalize(NodeList xpathNodeSet)
replaced by public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet)
- public void setXPath(Object xpath)
- public Object getXPath()
- public String getXPathString()
- public void setXPathNodeSet(NodeList nodeList)
These are no longer in use. If you want to c14nize an xpath
node set, select it using CachedXPathAPI and then apply
canonicalizeXPathNodeSet to the node set.
- public void setRemoveNSAttrs(boolean remove)
- public boolean getRemoveNSAttrs()
The c14nizers do not add any attributes (namespaces or xml:*)
to the document, so these method make no sense.
- The Canonicalizer now supports "Exclusive XML Canonicalization
Version 1.0" <http://www.w3.org/Signature/Drafts/xml-exc-c14n>, Rev 1.58.
For that reason, the c14n methods allow an additional String parameter
for passing the inclusive namespaces.
public byte[] canonicalizeSubtree(Node node,
String inclusiveNamespaces)
public byte[] canonicalizeXPathNodeSet(NodeList xpathNodeSet,
String inclusiveNamespaces)
Such a string looks e.g. like this
String inclusiveNamespaces = "ds xenc ex #default";
For more on exclusive c14n, see the spec. If you pass this parameter to the
regular (inclusive) c14nizer, you'll get a
CanonicalizationException("c14n.Canonicalizer.UnsupportedOperation")
--------------------------------
Transforms:
- The exclusive c14n is also supported by the transform framework.
The parameter for the inclusive namespaces is the class
org.apache.xml.security.transforms.params.InclusiveNamespaces
If you want to make a Transform like this, do that:
Document doc = ...;
Transforms transforms = new Transforms(doc);
InclusiveNamespaces incNS = new InclusiveNamespaces(doc, "ns2");
transforms.addTransform(Transforms.TRANSFORM_C14N_EXCL_OMIT_COMMENTS,
incNS.getElement());
- The XPathContainer for the XPath transform is now moved from the
org.apache.xml.security.c14n.helper package to
org.apache.xml.security.transforms.params.XPathContainer
- The enveloped-signature transform is faster now. We don't do costly
XPath operations but 'simple' DOM ops.
- Base64 is faster (no XPath ops).
- The TransformXPath2Filter is now supported by the package. It can be used by
using the identifier Transforms.TRANSFORM_XPATH2FILTER in conjuction with the
XPath2FilterContainer for passing parameters. To know what xfilter2 is, see
http://www.w3.org/Signature/Drafts/xmldsig-xfilter2/ :
Document doc = ...;
Transforms transforms = new Transforms(doc);
XPath2FilterContainer x2c =
// intersect
XPath2FilterContainer.newInstanceIntersect(doc, "//a");
// subtract
XPath2FilterContainer.newInstanceSubtract(doc, "//a");
// union
XPath2FilterContainer.newInstanceUnion(doc, "//a");
transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER,
x2c.getElement());
--------------------------------