You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (JIRA)" <ji...@apache.org> on 2018/06/12 15:15:00 UTC
[jira] [Closed] (SANTUARIO-483) Reference.calculateDigest() method
calls twice to ResourceResolvers
[ https://issues.apache.org/jira/browse/SANTUARIO-483?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed SANTUARIO-483.
-----------------------------------------
> Reference.calculateDigest() method calls twice to ResourceResolvers
> -------------------------------------------------------------------
>
> Key: SANTUARIO-483
> URL: https://issues.apache.org/jira/browse/SANTUARIO-483
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 2.0.10
> Reporter: Enric Granda
> Assignee: Colm O hEigeartaigh
> Priority: Major
> Fix For: Java 2.0.11, Java 2.1.2
>
>
> _Note: Since it is not a functional bug, I've labelled it as a bug considering it as a performance bug since it could cause multiple internet connections searching for a single resource. If you consider only bugs the functional ones, then it should be changed to improvement. My apologies in this case._
> The class {{org.apache.xml.security.signature.Reference}}
> has a method {{private byte[] calculateDigest(boolean validating)}}
> which, at the beginning calls to:
> {code}XMLSignatureInput input = this.getContentsBeforeTransformation();{code}
> Inside {{getContentsBeforeTransformation}} the resourceResolvers are called.
> This {{XMLSignatureInput input}} is only used for checking if it's a precalculated digest.
> Later on {{calculateDigest}} method, there's a call to:
> {code}XMLSignatureInput output = this.dereferenceURIandPerformTransforms(os);{code}
> The first thing that {{dereferenceURIandPerformTransforms}} method does is calling again to
> {code}XMLSignatureInput input = this.getContentsBeforeTransformation(); {code}
> which makes a performance loss since it's calling again to resourceResolvers, which could mean connecting again to internet searching for the resource.
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)