Bug 45475 - XMLSignature::getKeyInfo method modifies document
Summary: XMLSignature::getKeyInfo method modifies document
Status: RESOLVED FIXED
Alias: None
Product: Security - Now in JIRA
Classification: Unclassified
Component: Signature (show other bugs)
Version: unspecified
Hardware: PC Windows XP
: P2 critical
Target Milestone: ---
Assignee: XML Security Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2008-07-24 04:37 UTC by Gill Bates
Modified: 2008-09-15 11:34 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Gill Bates 2008-07-24 04:37:01 UTC
The org.w3c.com.document that is assigned to an XMLSignature object through the document's signature element

Document doc=..;
Element sigElement = doc.get...;

XMLSignature signature = new XMLSignature(sigElement, null);
				 
signature.getKeyInfo();

-> original document is modified

That seems to happen, if no Key Information is present in the signature Element.

Result: document is modified, future verification fails (e.g. with another signature Element).

Happens with xml-sec 1.4.2, java version

xml-sec 1.4.0 did not contain this bug.
Comment 1 sean.mullan 2008-09-15 11:34:56 UTC
Fixed in trunk/main branch.