You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Paul Dennis (JIRA)" <ji...@apache.org> on 2016/03/25 12:14:25 UTC

[jira] [Commented] (SANTUARIO-438) AbstractEncryptOutputProcessor.applyTransforms() is not needed

    [ https://issues.apache.org/jira/browse/SANTUARIO-438?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15211707#comment-15211707 ] 

Paul Dennis commented on SANTUARIO-438:
---------------------------------------

Thanks [~coheigea]. The WSS4J subclassing makes sense. 

> AbstractEncryptOutputProcessor.applyTransforms() is not needed
> --------------------------------------------------------------
>
>                 Key: SANTUARIO-438
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-438
>             Project: Santuario
>          Issue Type: Bug
>      Security Level: Public(Public issues, viewable by everyone) 
>          Components: Java
>    Affects Versions: Java 2.0.6
>         Environment: Ubuntu 14
>            Reporter: Paul Dennis
>            Assignee: Colm O hEigeartaigh
>
> Loading Java xmlsec, Eclipse (perhaps falsely) detects a stream resource handing issue and complains about the call to applyTransforms() in AbstractEncryptOutputProcessor.init(). Eclipse by default will not compile the project because of this issue. 
> {code:title=AbstractEncryptOutputProcessor.java|borderStyle=solid}
>       @Override
>         public void init(OutputProcessorChain outputProcessorChain) throws XMLSecurityException {
>             String encryptionSymAlgorithm = securityProperties.getEncryptionSymAlgorithm();
>             try {
>                 //initialize the cipher
>                 String jceAlgorithm = JCEAlgorithmMapper.translateURItoJCEID(encryptionSymAlgorithm);
>                 if (jceAlgorithm == null) {
>                     throw new XMLSecurityException("algorithms.NoSuchMap",
>                                                    new Object[] {encryptionSymAlgorithm});
>                 }
>                 Cipher symmetricCipher = Cipher.getInstance(jceAlgorithm);
>                 int ivLen = JCEMapper.getIVLengthFromURI(encryptionSymAlgorithm) / 8;
>                 byte[] iv = XMLSecurityConstants.generateBytes(ivLen);
>                 AlgorithmParameterSpec parameterSpec =
>                     XMLCipherUtil.constructBlockCipherParameters(encryptionSymAlgorithm, iv, this.getClass());
>                 symmetricCipher.init(Cipher.ENCRYPT_MODE, encryptionPartDef.getSymmetricKey(), parameterSpec);
>                 characterEventGeneratorOutputStream = new CharacterEventGeneratorOutputStream();
>                 Base64OutputStream base64EncoderStream =
>                         new Base64OutputStream(characterEventGeneratorOutputStream, true, 0, null);
>                 base64EncoderStream.write(iv);
>                 OutputStream outputStream = new CipherOutputStream(base64EncoderStream, symmetricCipher);
>                 outputStream = applyTransforms(outputStream);
> ... 
> }
>         protected OutputStream applyTransforms(OutputStream outputStream) throws XMLSecurityException {
>             return outputStream;
>         }
> {code}
> The applyTransforms() method call could be removed as it does not appear to be used in the project. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)