You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by "Giedrius Noreikis (Created) (JIRA)" <ji...@apache.org> on 2012/02/06 00:49:59 UTC
[jira] [Created] (SANTUARIO-296) XMLSignatureInput fails with an
IOException if constructed on a BufferedInputStream
XMLSignatureInput fails with an IOException if constructed on a BufferedInputStream
-----------------------------------------------------------------------------------
Key: SANTUARIO-296
URL: https://issues.apache.org/jira/browse/SANTUARIO-296
Project: Santuario
Issue Type: Bug
Components: Java
Affects Versions: Java 1.5
Reporter: Giedrius Noreikis
Assignee: Colm O hEigeartaigh
Priority: Blocker
org.apache.xml.security.signature.XMLSignatureInput calls inputOctetStreamProxy.reset() after a successful check if inputOctetStreamProxy.markSupported() in a number of places. This behavior is incompatible with a general contract of java.io.InputStream.reset() (an IOException may be thrown if no mark has been set) and causes "java.io.IOException: Resetting to invalid mark" when a resource resolver returns XMLSignatureInput constructed on a BufferedInputStream:
java.io.IOException: Resetting to invalid mark
at java.io.BufferedInputStream.reset(BufferedInputStream.java:416)
at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:492)
at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:471)
at org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:718)
at org.apache.xml.security.signature.Reference.verify(Reference.java:761)
at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:336)
at org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:259)
at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:724)
<...>
This issue is similar to SANTUARIO-39.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (SANTUARIO-296) XMLSignatureInput fails with an
IOException if constructed on a BufferedInputStream
Posted by "Colm O hEigeartaigh (Updated) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh updated SANTUARIO-296:
------------------------------------------
Fix Version/s: Java 1.5.1
> XMLSignatureInput fails with an IOException if constructed on a BufferedInputStream
> -----------------------------------------------------------------------------------
>
> Key: SANTUARIO-296
> URL: https://issues.apache.org/jira/browse/SANTUARIO-296
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.5
> Reporter: Giedrius Noreikis
> Assignee: Colm O hEigeartaigh
> Priority: Blocker
> Fix For: Java 1.5.1
>
>
> org.apache.xml.security.signature.XMLSignatureInput calls inputOctetStreamProxy.reset() after a successful check if inputOctetStreamProxy.markSupported() in a number of places. This behavior is incompatible with a general contract of java.io.InputStream.reset() (an IOException may be thrown if no mark has been set) and causes "java.io.IOException: Resetting to invalid mark" when a resource resolver returns XMLSignatureInput constructed on a BufferedInputStream:
> java.io.IOException: Resetting to invalid mark
> at java.io.BufferedInputStream.reset(BufferedInputStream.java:416)
> at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:492)
> at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:471)
> at org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:718)
> at org.apache.xml.security.signature.Reference.verify(Reference.java:761)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:336)
> at org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:259)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:724)
> <...>
> This issue is similar to SANTUARIO-39.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SANTUARIO-296) XMLSignatureInput fails with an
IOException if constructed on a BufferedInputStream
Posted by "Giedrius Noreikis (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13212658#comment-13212658 ]
Giedrius Noreikis commented on SANTUARIO-296:
---------------------------------------------
I've tested this - the fix works for us, thanks.
> XMLSignatureInput fails with an IOException if constructed on a BufferedInputStream
> -----------------------------------------------------------------------------------
>
> Key: SANTUARIO-296
> URL: https://issues.apache.org/jira/browse/SANTUARIO-296
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.5
> Reporter: Giedrius Noreikis
> Assignee: Colm O hEigeartaigh
> Priority: Blocker
> Fix For: Java 1.5.1
>
>
> org.apache.xml.security.signature.XMLSignatureInput calls inputOctetStreamProxy.reset() after a successful check if inputOctetStreamProxy.markSupported() in a number of places. This behavior is incompatible with a general contract of java.io.InputStream.reset() (an IOException may be thrown if no mark has been set) and causes "java.io.IOException: Resetting to invalid mark" when a resource resolver returns XMLSignatureInput constructed on a BufferedInputStream:
> java.io.IOException: Resetting to invalid mark
> at java.io.BufferedInputStream.reset(BufferedInputStream.java:416)
> at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:492)
> at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:471)
> at org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:718)
> at org.apache.xml.security.signature.Reference.verify(Reference.java:761)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:336)
> at org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:259)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:724)
> <...>
> This issue is similar to SANTUARIO-39.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (SANTUARIO-296) XMLSignatureInput fails with an
IOException if constructed on a BufferedInputStream
Posted by "Colm O hEigeartaigh (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh resolved SANTUARIO-296.
-------------------------------------------
Resolution: Fixed
> XMLSignatureInput fails with an IOException if constructed on a BufferedInputStream
> -----------------------------------------------------------------------------------
>
> Key: SANTUARIO-296
> URL: https://issues.apache.org/jira/browse/SANTUARIO-296
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.5
> Reporter: Giedrius Noreikis
> Assignee: Colm O hEigeartaigh
> Priority: Blocker
> Fix For: Java 1.5.1
>
>
> org.apache.xml.security.signature.XMLSignatureInput calls inputOctetStreamProxy.reset() after a successful check if inputOctetStreamProxy.markSupported() in a number of places. This behavior is incompatible with a general contract of java.io.InputStream.reset() (an IOException may be thrown if no mark has been set) and causes "java.io.IOException: Resetting to invalid mark" when a resource resolver returns XMLSignatureInput constructed on a BufferedInputStream:
> java.io.IOException: Resetting to invalid mark
> at java.io.BufferedInputStream.reset(BufferedInputStream.java:416)
> at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:492)
> at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:471)
> at org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:718)
> at org.apache.xml.security.signature.Reference.verify(Reference.java:761)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:336)
> at org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:259)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:724)
> <...>
> This issue is similar to SANTUARIO-39.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (SANTUARIO-296) XMLSignatureInput fails with an
IOException if constructed on a BufferedInputStream
Posted by "Colm O hEigeartaigh (Commented) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13204473#comment-13204473 ]
Colm O hEigeartaigh commented on SANTUARIO-296:
-----------------------------------------------
I'm going to follow the following comment in SANTUARIO-39:
"The XMLSignatureInput class has no business of resetting the input stream
becaus it does not if the input stream has been marked or not. The
implementation of the resolve method should handle all the business of marking
and resetting the input stream where appropriate."
Fix committed. If you could test this it would be great.
Colm.
> XMLSignatureInput fails with an IOException if constructed on a BufferedInputStream
> -----------------------------------------------------------------------------------
>
> Key: SANTUARIO-296
> URL: https://issues.apache.org/jira/browse/SANTUARIO-296
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.5
> Reporter: Giedrius Noreikis
> Assignee: Colm O hEigeartaigh
> Priority: Blocker
>
> org.apache.xml.security.signature.XMLSignatureInput calls inputOctetStreamProxy.reset() after a successful check if inputOctetStreamProxy.markSupported() in a number of places. This behavior is incompatible with a general contract of java.io.InputStream.reset() (an IOException may be thrown if no mark has been set) and causes "java.io.IOException: Resetting to invalid mark" when a resource resolver returns XMLSignatureInput constructed on a BufferedInputStream:
> java.io.IOException: Resetting to invalid mark
> at java.io.BufferedInputStream.reset(BufferedInputStream.java:416)
> at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:492)
> at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:471)
> at org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:718)
> at org.apache.xml.security.signature.Reference.verify(Reference.java:761)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:336)
> at org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:259)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:724)
> <...>
> This issue is similar to SANTUARIO-39.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Closed] (SANTUARIO-296) XMLSignatureInput fails with an
IOException if constructed on a BufferedInputStream
Posted by "Colm O hEigeartaigh (Closed) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SANTUARIO-296?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Colm O hEigeartaigh closed SANTUARIO-296.
-----------------------------------------
> XMLSignatureInput fails with an IOException if constructed on a BufferedInputStream
> -----------------------------------------------------------------------------------
>
> Key: SANTUARIO-296
> URL: https://issues.apache.org/jira/browse/SANTUARIO-296
> Project: Santuario
> Issue Type: Bug
> Components: Java
> Affects Versions: Java 1.5
> Reporter: Giedrius Noreikis
> Assignee: Colm O hEigeartaigh
> Priority: Blocker
> Fix For: Java 1.5.1
>
>
> org.apache.xml.security.signature.XMLSignatureInput calls inputOctetStreamProxy.reset() after a successful check if inputOctetStreamProxy.markSupported() in a number of places. This behavior is incompatible with a general contract of java.io.InputStream.reset() (an IOException may be thrown if no mark has been set) and causes "java.io.IOException: Resetting to invalid mark" when a resource resolver returns XMLSignatureInput constructed on a BufferedInputStream:
> java.io.IOException: Resetting to invalid mark
> at java.io.BufferedInputStream.reset(BufferedInputStream.java:416)
> at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:492)
> at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:471)
> at org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:718)
> at org.apache.xml.security.signature.Reference.verify(Reference.java:761)
> at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:336)
> at org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:259)
> at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:724)
> <...>
> This issue is similar to SANTUARIO-39.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira