https://issues.apache.org/bugzilla/show_bug.cgi?id=45475
Summary: XMLSignature::getKeyInfo method modifies document
Product: Security
Version: unspecified
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: critical
Priority: P2
Component: Signature
AssignedTo: security-dev@xml.apache.org
ReportedBy: [EMAIL PROTECTED]
The org.w3c.com.document that is assigned to an XMLSignature object through the
document's signature element
Document doc=..;
Element sigElement = doc.get...;
XMLSignature signature = new XMLSignature(sigElement, null);
signature.getKeyInfo();
-> original document is modified
That seems to happen, if no Key Information is present in the signature
Element.
Result: document is modified, future verification fails (e.g. with another
signature Element).
Happens with xml-sec 1.4.2, java version
xml-sec 1.4.0 did not contain this bug.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
