You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by co...@apache.org on 2011/04/15 18:46:31 UTC
svn commit: r1092763 - in /santuario/xml-security-java/trunk: ./
src/main/java/org/apache/xml/security/encryption/
src/main/java/org/apache/xml/security/signature/
src/main/java/org/apache/xml/security/utils/
src/main/java/org/apache/xml/security/utils...
Author: coheigea
Date: Fri Apr 15 16:46:30 2011
New Revision: 1092763
URL: http://svn.apache.org/viewvc?rev=1092763&view=rev
Log:
[SANTUARIO-262] - Invalid use of String.getBytes()
- Patch applied.
Modified:
santuario/xml-security-java/trunk/CHANGELOG.txt
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java
santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java
Modified: santuario/xml-security-java/trunk/CHANGELOG.txt
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/CHANGELOG.txt?rev=1092763&r1=1092762&r2=1092763&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/CHANGELOG.txt (original)
+++ santuario/xml-security-java/trunk/CHANGELOG.txt Fri Apr 15 16:46:30 2011
@@ -1,4 +1,8 @@
Changelog for "Apache xml-security" <http://santuario.apache.org/>
+
+New in v1.5.0-SNAPSHOT
+ Fixed SANTUARIO-262: Invalid use of String.getBytes(). Thanks to Martin Koegler.
+
New in v1.4.4
Fixed Bug 50248: Concurrency problem on incomplete Init.init() calls. Thanks to Oliver Moehrke.
Fixed Bug 50215: test_jsr105 target appears to fail certain tests because of changes to W3C xml-stylesheet spec
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java?rev=1092763&r1=1092762&r2=1092763&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/encryption/XMLCipher.java Fri Apr 15 16:46:30 2011
@@ -1039,7 +1039,7 @@ public class XMLCipher {
encryptedBytes = c.doFinal(serializedOctets.getBytes("UTF-8"));
if (logger.isDebugEnabled()) {
logger.debug("Expected cipher.outputSize = " +
- Integer.toString(c.getOutputSize(serializedOctets.getBytes().length)));
+ Integer.toString(c.getOutputSize(serializedOctets.getBytes("UTF-8").length)));
}
}
if (logger.isDebugEnabled()) {
@@ -2286,7 +2286,12 @@ public class XMLCipher {
EncryptionConstants.EncryptionSpecNS,
EncryptionConstants._TAG_OAEPPARAMS).item(0);
if (null != oaepParamsElement) {
- result.setOAEPparams(oaepParamsElement.getNodeValue().getBytes());
+ try {
+ result.setOAEPparams(
+ oaepParamsElement.getNodeValue().getBytes("UTF-8"));
+ } catch(UnsupportedEncodingException e) {
+ throw new RuntimeException("UTF-8 not supported", e);
+ }
}
// TODO: Make this mess work
@@ -3014,10 +3019,16 @@ public class XMLCipher {
).appendChild(contextDocument.createTextNode(String.valueOf(keySize))));
}
if (null != oaepParams) {
- result.appendChild(
- XMLUtils.createElementInEncryptionSpace(
- contextDocument, EncryptionConstants._TAG_OAEPPARAMS
- ).appendChild(contextDocument.createTextNode(new String(oaepParams))));
+ try {
+ result.appendChild(
+ XMLUtils.createElementInEncryptionSpace(
+ contextDocument, EncryptionConstants._TAG_OAEPPARAMS
+ ).appendChild(contextDocument.createTextNode(
+ new String(oaepParams, "UTF-8")
+ )));
+ } catch(UnsupportedEncodingException e) {
+ throw new RuntimeException("UTF-8 not supported", e);
+ }
}
Iterator<Element> itr = encryptionMethodInformation.iterator();
while (itr.hasNext()) {
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java?rev=1092763&r1=1092762&r2=1092763&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/signature/XMLSignatureInput.java Fri Apr 15 16:46:30 2011
@@ -590,9 +590,9 @@ public class XMLSignatureInput implement
// if a not-wellformed nodeset exists, put a container around it...
ByteArrayOutputStream baos = new ByteArrayOutputStream();
- baos.write("<container>".getBytes());
+ baos.write("<container>".getBytes("UTF-8"));
baos.write(this.getBytes());
- baos.write("</container>".getBytes());
+ baos.write("</container>".getBytes("UTF-8"));
byte result[] = baos.toByteArray();
Document document = db.parse(new ByteArrayInputStream(result));
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java?rev=1092763&r1=1092762&r2=1092763&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/XMLUtils.java Fri Apr 15 16:46:30 2011
@@ -166,7 +166,7 @@ public class XMLUtils {
public static void outputDOM(Node contextNode, OutputStream os, boolean addPreamble) {
try {
if (addPreamble) {
- os.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n".getBytes());
+ os.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n".getBytes("UTF-8"));
}
os.write(Canonicalizer.getInstance(
Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java?rev=1092763&r1=1092762&r2=1092763&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java Fri Apr 15 16:46:30 2011
@@ -151,7 +151,7 @@ public class ResolverDirectHTTP extends
if ((proxyUser != null) && (proxyPass != null)) {
String password = proxyUser + ":" + proxyPass;
- String encodedPassword = Base64.encode(password.getBytes());
+ String encodedPassword = Base64.encode(password.getBytes("ISO-8859-1"));
// or was it Proxy-Authenticate ?
urlConnection.setRequestProperty("Proxy-Authorization", encodedPassword);
@@ -174,7 +174,7 @@ public class ResolverDirectHTTP extends
urlConnection = url.openConnection();
String password = user + ":" + pass;
- String encodedPassword = Base64.encode(password.getBytes());
+ String encodedPassword = Base64.encode(password.getBytes("ISO-8859-1"));
// set authentication property in the http header
urlConnection.setRequestProperty("Authorization",