[jira] [Commented] (CAMEL-6339) XML Signature Component in camel/components/xmlsecurity

Sun, 25 Aug 2013 00:22:30 -0700 

    [ 
https://issues.apache.org/jira/browse/CAMEL-6339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13749554#comment-13749554
 ] 

Franz Forsthofer commented on CAMEL-6339:
-----------------------------------------

to c) I had added this possibility to be able to avoid clashes with existing 
Ids in the XML document to be signed. But if your generated values are very 
unlikely to be used in the XML document, then I have no problem with this 
change.
to d) I added the schema validation because otherwise it is possible to tamper 
the Signature element; for example a attacker can add child elements to the 
Signature element, because the signature is only checked for the SignedInfo 
element. As far as I remember I had created also a test case for this.

I will have a closer look on the changes on Monday.

Franz

                
> XML Signature Component in camel/components/xmlsecurity
> -------------------------------------------------------
>
>                 Key: CAMEL-6339
>                 URL: https://issues.apache.org/jira/browse/CAMEL-6339
>             Project: Camel
>          Issue Type: New Feature
>            Reporter: Franz Forsthofer
>             Fix For: 2.12.0
>
>         Attachments: camel-6339-reworked.patch, 
> CamelComponentXmlsecurity.html, CamelComponentXmlsecurityImproved.html, 
> ExampleDetached.xml, ExampleEnvelopedXmlSig.xml, 
> ExampleEnvelopingDigSigTampered.xml, 
> ExampleEnvelopingDigSigWithSeveralElementsWithNameRoot.xml, 
> ExampleEnvelopingDigSig.xml, keystore.jks, ManifestTest_TamperedContent.xml, 
> patch_file_improved2.txt, patch_file_improved.txt, patch_file.txt, 
> SpringXmlSignatureTests.xml, XmlSignatureComponentDocumentation.md, 
> xslt_test.xsl, xslt_test.xsl
>
>
> Hello, 
> I have created a component for XML signature. I put it into the component 
> xmlsecurity. The component has the name xmlsecurity. In the attachments you 
> will find path_file.txt and CamelComponentxmlsecurity.html. The html file 
> contains a description of the endpoint uris.
> Regards Franz
> ---------------------
> Franz Forsthofer
> SAP AG
> e-mail: [email protected]

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to