yes, I know URI couldn't contain space, but local path always does. The
apache
implementation could accept URI string with space, can we say apache
implementation
does not conform XML Signature specification.
Actually, URI could contain space which regards space as %20, so good API
design
ought to take raw URI string, ex., local path having space, and do necessary
character
escape within itself. Users need not firstly encode form of URI when
employing XMLdsig
API interface as now apache supports.
----- Original Message -----
I disagree. The XML Signature specification specifically states that the
Reference URI attribute is an RFC 3986 URI, so putting the URI above into
the Signature as-is without escaping the space would be a non-compliant
RFC 3986 URI, and other XML Signature implementations may not be able to
parse it.
The API however, could provide a method to represent or parse the URI into
a more readable form. For example, the URI.getPath() method returns the
URI and decodes the escaped octets whereas getRawPath() does not:
import java.net.URI;
public class ParseURI {
public static void main(String[] args) throws Exception {
URI uri = URI.create(args[0]);
System.out.println(uri.getPath());
System.out.println(uri.getRawPath());
}
}
$ java ParseURI "foo%20foo"
foo foo
foo%20foo
--Sean
