Ling Xiaohan wrote:
yes, I know URI couldn't contain space, but local path always does. The
apache
implementation could accept URI string with space, can we say apache
implementation
does not conform XML Signature specification.
Yes, I agree. It really should throw an exception if the URI is not legal.
Actually, URI could contain space which regards space as %20, so good
API design
ought to take raw URI string, ex., local path having space, and do
necessary character
escape within itself. Users need not firstly encode form of URI when
employing XMLdsig
API interface as now apache supports.
Hmm, perhaps, but you could easily work around this problem by converting the
local path to a URI and then passing it into the xmlsec API as follows:
String uri = new File(localPath).toURI().toString();
This will properly escape all characters that should be escaped.
--Sean
