You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by gi...@apache.org on 2015/11/15 16:13:49 UTC
svn commit: r1714465 - /santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSecurityInputProcessor.java

Author: giger
Date: Sun Nov 15 15:13:49 2015
New Revision: 1714465

URL: http://svn.apache.org/viewvc?rev=1714465&view=rev
Log:
SANTUARIO-432: Introduce decrypt only mode via actions. This saves a lot of memory because decryption can be processed sequentially and without the need to buffer events.

Modified:
    santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSecurityInputProcessor.java

Modified: santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSecurityInputProcessor.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSecurityInputProcessor.java?rev=1714465&r1=1714464&r2=1714465&view=diff
==============================================================================
--- santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSecurityInputProcessor.java (original)
+++ santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/stax/impl/processor/input/XMLSecurityInputProcessor.java Sun Nov 15 15:13:49 2015
@@ -43,10 +43,20 @@ public class XMLSecurityInputProcessor e
     private InternalBufferProcessor internalBufferProcessor;
     private boolean signatureElementFound = false;
     private boolean encryptedDataElementFound = false;
+    private boolean decryptOnly = false;
 
     public XMLSecurityInputProcessor(XMLSecurityProperties securityProperties) {
         super(securityProperties);
         setPhase(XMLSecurityConstants.Phase.POSTPROCESSING);
+
+        // For decrypt only mode we misuse the actions that are normally only used for outbound processing.
+        // In decrypt only mode we can save a lot of memory because we don't have to buffer anything and
+        // can process the document sequentially.
+        // for backward compatibility:
+        // If no actions are set (default behaviour) we do signature and decryption processing
+        // If the only action is XMLSecurityConstants.ENCRYPT then we only do decryption and skip signature processing
+        decryptOnly = securityProperties.getActions().size() == 1 &&
+                securityProperties.getActions().contains(XMLSecurityConstants.ENCRYPT);
     }
 
     @Override
@@ -60,7 +70,7 @@ public class XMLSecurityInputProcessor e
             throws XMLStreamException, XMLSecurityException {
 
         //add the buffer processor (for signature) when this processor is called for the first time
-        if (internalBufferProcessor == null) {
+        if (!decryptOnly && internalBufferProcessor == null) {
             internalBufferProcessor = new InternalBufferProcessor(getSecurityProperties());
             inputProcessorChain.addProcessor(internalBufferProcessor);
         }
@@ -70,7 +80,7 @@ public class XMLSecurityInputProcessor e
             case XMLStreamConstants.START_ELEMENT:
                 final XMLSecStartElement xmlSecStartElement = xmlSecEvent.asStartElement();
 
-                if (xmlSecStartElement.getName().equals(XMLSecurityConstants.TAG_dsig_Signature)) {
+                if (!decryptOnly && xmlSecStartElement.getName().equals(XMLSecurityConstants.TAG_dsig_Signature)) {
                     signatureElementFound = true;
                     startIndexForProcessor = internalBufferProcessor.getXmlSecEventList().size() - 1;
                 } else if (xmlSecStartElement.getName().equals(XMLSecurityConstants.TAG_xenc_EncryptedData)) {
@@ -83,9 +93,11 @@ public class XMLSecurityInputProcessor e
                     decryptInputProcessor.addBeforeProcessor(XMLSecurityInputProcessor.InternalBufferProcessor.class.getName());
                     inputProcessorChain.addProcessor(decryptInputProcessor);
 
-                    final ArrayDeque<XMLSecEvent> xmlSecEventList = internalBufferProcessor.getXmlSecEventList();
-                    //remove the last event (EncryptedData)
-                    xmlSecEventList.pollFirst();
+                    if (!decryptOnly) {
+                        final ArrayDeque<XMLSecEvent> xmlSecEventList = internalBufferProcessor.getXmlSecEventList();
+                        //remove the last event (EncryptedData)
+                        xmlSecEventList.pollFirst();
+                    }
 
                     // temporary processor to return the EncryptedData element for the DecryptionProcessor
                     AbstractInputProcessor abstractInputProcessor = new AbstractInputProcessor(getSecurityProperties()) {
@@ -111,7 +123,7 @@ public class XMLSecurityInputProcessor e
                     xmlSecEvent = inputProcessorChain.processEvent();
 
                     //check if the decrypted element is a Signature element
-                    if (xmlSecEvent.isStartElement() &&
+                    if (!decryptOnly && xmlSecEvent.isStartElement() &&
                             xmlSecEvent.asStartElement().getName().equals(XMLSecurityConstants.TAG_dsig_Signature)) {
                         signatureElementFound = true;
                         startIndexForProcessor = internalBufferProcessor.getXmlSecEventList().size() - 1;