You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2018/06/12 15:15:00 UTC

[jira] [Closed] (SANTUARIO-483) Reference.calculateDigest() method calls twice to ResourceResolvers

     [ https://issues.apache.org/jira/browse/SANTUARIO-483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Colm O hEigeartaigh closed SANTUARIO-483.
-----------------------------------------

> Reference.calculateDigest() method calls twice to ResourceResolvers
> -------------------------------------------------------------------
>
>                 Key: SANTUARIO-483
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-483
>             Project: Santuario
>          Issue Type: Bug
>          Components: Java
>    Affects Versions: Java 2.0.10
>            Reporter: Enric Granda
>            Assignee: Colm O hEigeartaigh
>            Priority: Major
>             Fix For: Java 2.0.11, Java 2.1.2
>
>
> _Note: Since it is not a functional bug, I've labelled it as a bug considering it as a performance bug since it could cause multiple internet connections searching for a single resource. If you consider only bugs the functional ones, then it should be changed to improvement. My apologies in this case._
> The class {{org.apache.xml.security.signature.Reference}}
> has a method {{private byte[] calculateDigest(boolean validating)}}
> which, at the beginning calls to:
> {code}XMLSignatureInput input = this.getContentsBeforeTransformation();{code}
> Inside {{getContentsBeforeTransformation}} the resourceResolvers are called.
> This {{XMLSignatureInput input}} is only used for checking if it's a precalculated digest.
> Later on {{calculateDigest}} method, there's a call to:
> {code}XMLSignatureInput output = this.dereferenceURIandPerformTransforms(os);{code}
> The first thing that {{dereferenceURIandPerformTransforms}} method does is calling again to 
> {code}XMLSignatureInput input = this.getContentsBeforeTransformation(); {code}
> which makes a performance loss since it's calling again to resourceResolvers, which could mean connecting again to internet searching for the resource.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)