Ling Xiaohan wrote:
yes, I know URI couldn't contain space, but local path always does. The apache implementation could accept URI string with space, can we say apache implementation
does not conform XML Signature specification.

Yes, I agree. It really should throw an exception if the URI is not legal.

Actually, URI could contain space which regards space as %20, so good API design ought to take raw URI string, ex., local path having space, and do necessary character escape within itself. Users need not firstly encode form of URI when employing XMLdsig
API interface as now apache supports.

Hmm, perhaps, but you could easily work around this problem by converting the local path to a URI and then passing it into the xmlsec API as follows:

String uri = new File(localPath).toURI().toString();

This will properly escape all characters that should be escaped.

--Sean

Reply via email to