to test the content encryption of XMLCipher I modified the test case of XML encryption. The modifed test case showed some serious problems inside XMLCipher as well as in the Xerces XMLSerializer.
Hmm.. not good.
[snip..]
link to bug report for lazy people:
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=25853>
The modified XMLCipher content encryption can be used only with the fixed Xerces code.
Hmm.. ok.
The attachement contains the patch to the XMLCipher (that also contains some code cleanup). The relevant code that deals with DocumentFragment is near the end of the patch file.
If necessary I can provide the a Xerces jar file that contains the fixed XMLSerializer.
The questions is, how do we proceed here?
I guess that depends on a few things..
- What are the Xerces guys planning on doing about it? - How 'wrong' is what we are doing now. - And how many people would be affected by this - Would there be problems with the signature stuff with the new jar - What happens if you use the API with a non-patched Xerces jar?
My first priority is to the signature code. It's been solid for a while and while it might not be the best API out there, it works. Encryption stuff is beta and doesn't have nearly the same amount of users.
What we have learned from the initial JDK1.4 stuff (when you had to put a xerces.jar in endorsed) is that it is a support nightmare. No matter how many times you put it in big bold all over the place, people would still download the stuff, give it a shot without worrying about reading anything and mailing "I get this and such exception, what's wrong".
So if we can make a distribution which will do the same thing it does right now and your patch only makes it work without breaking anything at the moment I think that's pretty acceptable. If it breaks encryption only in some way I think we should have to sit down and have a discussion. If it breaks the signature stuff I think it would be wise to think about it long and hard, wait what the Xerces guys come up with and then discuss it some more :)
If you have some more info, let me know,
Erwin
