Santuario
  1. Santuario
  2. SANTUARIO-228

KeyResolver.registerAtStart() leads to ClassCastException

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: Java 1.4.4
    • Component/s: Java
    • Security Level: Public (Public issues, viewable by everyone)
    • Labels:
      None
    • Environment:
      Operating System: Windows NT
      Platform: PC

      Description

      Created an attachment (id=25627)
      source code patch

      KeyResolver.registerAtStart() adds a String to KeyResolver._resolverVector.
      In ResolverIterator.next(), we expect the items in _resolverVector to be KeyResolver instances and this causes a ClassCastException.

      To reproduce, run this code:
      KeyResolver.registerAtStart("org.apache.xml.security.test.encryption.BobKeyResolver");
      KeyResolverSpi resolver = (KeyResolverSpi)KeyResolver.iterator().next();

      The solution is to call new KeyResolver(className) just like KeyResolver.register().
      Unfortunately, we cannot add the throws clauses. For backwards compatibility, we return an unchecked RuntimeException instead. We chose IllegalArgumentException.

      We also modify ResolverIterator.remove() to throw an UnsupportedOperationException.

      I did not add a junit for this bug because there is no way to remove a KeyResolver once it is registered. This would affect the subsequent tests.

        Activity

        Hide
        Colm O hEigeartaigh added a comment -

        Patch applied, thanks.

        Colm.

        Show
        Colm O hEigeartaigh added a comment - Patch applied, thanks. Colm.
        Hide
        Colm O hEigeartaigh added a comment -

        Hi Clement,

        A problem with this patch is that it is not compatible with JDK 1.4:

        [javac] symbol : constructor IllegalArgumentException (java.lang.String,java.lang.Exception)
        [javac] location: class java.lang.IllegalArgumentException
        [javac] throw new IllegalArgumentException("Invalid KeyResolver class name", ex);
        [javac] ^
        [javac] 1 error

        Colm.

        Show
        Colm O hEigeartaigh added a comment - Hi Clement, A problem with this patch is that it is not compatible with JDK 1.4: [javac] symbol : constructor IllegalArgumentException (java.lang.String,java.lang.Exception) [javac] location: class java.lang.IllegalArgumentException [javac] throw new IllegalArgumentException("Invalid KeyResolver class name", ex); [javac] ^ [javac] 1 error Colm.
        Hide
        sean.mullan added a comment -

        (In reply to comment #2)
        > Hi Clement,
        >
        > A problem with this patch is that it is not compatible with JDK 1.4:
        >
        > [javac] symbol : constructor IllegalArgumentException
        > (java.lang.String,java.lang.Exception)
        > [javac] location: class java.lang.IllegalArgumentException
        > [javac] throw new IllegalArgumentException("Invalid KeyResolver
        > class name", ex);
        > [javac] ^
        > [javac] 1 error
        >
        > Colm.

        You can make that compatible with 1.4 as follows:

        throw (IllegalArgumentException) new
        IllegalArgumentException("Invalid KeyResolver class name").initCause(ex);

        Show
        sean.mullan added a comment - (In reply to comment #2) > Hi Clement, > > A problem with this patch is that it is not compatible with JDK 1.4: > > [javac] symbol : constructor IllegalArgumentException > (java.lang.String,java.lang.Exception) > [javac] location: class java.lang.IllegalArgumentException > [javac] throw new IllegalArgumentException("Invalid KeyResolver > class name", ex); > [javac] ^ > [javac] 1 error > > Colm. You can make that compatible with 1.4 as follows: throw (IllegalArgumentException) new IllegalArgumentException("Invalid KeyResolver class name").initCause(ex);
        Hide
        Colm O hEigeartaigh added a comment -

        Fix applied thanks Sean!

        Colm.

        Show
        Colm O hEigeartaigh added a comment - Fix applied thanks Sean! Colm.

          People

          • Assignee:
            Unassigned
            Reporter:
            Clement Pellerin
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development