You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Paul Dennis (JIRA)" <ji...@apache.org> on 2016/03/25 12:14:25 UTC
[jira] [Commented] (SANTUARIO-438)
AbstractEncryptOutputProcessor.applyTransforms() is not needed
[ https://issues.apache.org/jira/browse/SANTUARIO-438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15211707#comment-15211707 ]
Paul Dennis commented on SANTUARIO-438:
---------------------------------------
Thanks [~coheigea]. The WSS4J subclassing makes sense.
> AbstractEncryptOutputProcessor.applyTransforms() is not needed
> --------------------------------------------------------------
>
> Key: SANTUARIO-438
> URL: https://issues.apache.org/jira/browse/SANTUARIO-438
> Project: Santuario
> Issue Type: Bug
> Security Level: Public(Public issues, viewable by everyone)
> Components: Java
> Affects Versions: Java 2.0.6
> Environment: Ubuntu 14
> Reporter: Paul Dennis
> Assignee: Colm O hEigeartaigh
>
> Loading Java xmlsec, Eclipse (perhaps falsely) detects a stream resource handing issue and complains about the call to applyTransforms() in AbstractEncryptOutputProcessor.init(). Eclipse by default will not compile the project because of this issue.
> {code:title=AbstractEncryptOutputProcessor.java|borderStyle=solid}
> @Override
> public void init(OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
> String encryptionSymAlgorithm = securityProperties.getEncryptionSymAlgorithm();
> try {
> //initialize the cipher
> String jceAlgorithm = JCEAlgorithmMapper.translateURItoJCEID(encryptionSymAlgorithm);
> if (jceAlgorithm == null) {
> throw new XMLSecurityException("algorithms.NoSuchMap",
> new Object[] {encryptionSymAlgorithm});
> }
> Cipher symmetricCipher = Cipher.getInstance(jceAlgorithm);
> int ivLen = JCEMapper.getIVLengthFromURI(encryptionSymAlgorithm) / 8;
> byte[] iv = XMLSecurityConstants.generateBytes(ivLen);
> AlgorithmParameterSpec parameterSpec =
> XMLCipherUtil.constructBlockCipherParameters(encryptionSymAlgorithm, iv, this.getClass());
> symmetricCipher.init(Cipher.ENCRYPT_MODE, encryptionPartDef.getSymmetricKey(), parameterSpec);
> characterEventGeneratorOutputStream = new CharacterEventGeneratorOutputStream();
> Base64OutputStream base64EncoderStream =
> new Base64OutputStream(characterEventGeneratorOutputStream, true, 0, null);
> base64EncoderStream.write(iv);
> OutputStream outputStream = new CipherOutputStream(base64EncoderStream, symmetricCipher);
> outputStream = applyTransforms(outputStream);
> ...
> }
> protected OutputStream applyTransforms(OutputStream outputStream) throws XMLSecurityException {
> return outputStream;
> }
> {code}
> The applyTransforms() method call could be removed as it does not appear to be used in the project.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)