You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@santuario.apache.org by "Colm O hEigeartaigh (Commented) (JIRA)" <ji...@apache.org> on 2012/02/09 13:17:00 UTC

[jira] [Commented] (SANTUARIO-296) XMLSignatureInput fails with an IOException if constructed on a BufferedInputStream

    [ https://issues.apache.org/jira/browse/SANTUARIO-296?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13204473#comment-13204473 ] 

Colm O hEigeartaigh commented on SANTUARIO-296:
-----------------------------------------------

I'm going to follow the following comment in SANTUARIO-39:

"The XMLSignatureInput class has no business of resetting the input stream
becaus it does not if the input stream has been marked or not. The
implementation of the resolve method should handle all the business of marking
and resetting the input stream where appropriate."

Fix committed. If you could test this it would be great.

Colm.
                
> XMLSignatureInput fails with an IOException if constructed on a BufferedInputStream
> -----------------------------------------------------------------------------------
>
>                 Key: SANTUARIO-296
>                 URL: https://issues.apache.org/jira/browse/SANTUARIO-296
>             Project: Santuario
>          Issue Type: Bug
>          Components: Java
>    Affects Versions: Java 1.5
>            Reporter: Giedrius Noreikis
>            Assignee: Colm O hEigeartaigh
>            Priority: Blocker
>
> org.apache.xml.security.signature.XMLSignatureInput calls inputOctetStreamProxy.reset() after a successful check if inputOctetStreamProxy.markSupported() in a number of places. This behavior is incompatible with a general contract of java.io.InputStream.reset() (an IOException may be thrown if no mark has been set) and causes "java.io.IOException: Resetting to invalid mark" when a resource resolver returns XMLSignatureInput constructed on a BufferedInputStream:
> java.io.IOException: Resetting to invalid mark
> 	at java.io.BufferedInputStream.reset(BufferedInputStream.java:416)
> 	at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:492)
> 	at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:471)
> 	at org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:718)
> 	at org.apache.xml.security.signature.Reference.verify(Reference.java:761)
> 	at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:336)
> 	at org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:259)
> 	at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:724)
> 	<...>
> This issue is similar to SANTUARIO-39.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira