Uploaded image for project: 'Santuario'
  1. Santuario
  2. SANTUARIO-228

KeyResolver.registerAtStart() leads to ClassCastException

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: Java 1.4.4
    • Component/s: Java
    • Security Level: Public (Public issues, viewable by everyone)
    • Labels:
      None
    • Environment:
      Operating System: Windows NT
      Platform: PC
    • Bugzilla Id:
      49483

      Description

      Created an attachment (id=25627)
      source code patch

      KeyResolver.registerAtStart() adds a String to KeyResolver._resolverVector.
      In ResolverIterator.next(), we expect the items in _resolverVector to be KeyResolver instances and this causes a ClassCastException.

      To reproduce, run this code:
      KeyResolver.registerAtStart("org.apache.xml.security.test.encryption.BobKeyResolver");
      KeyResolverSpi resolver = (KeyResolverSpi)KeyResolver.iterator().next();

      The solution is to call new KeyResolver(className) just like KeyResolver.register().
      Unfortunately, we cannot add the throws clauses. For backwards compatibility, we return an unchecked RuntimeException instead. We chose IllegalArgumentException.

      We also modify ResolverIterator.remove() to throw an UnsupportedOperationException.

      I did not add a junit for this bug because there is no way to remove a KeyResolver once it is registered. This would affect the subsequent tests.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              clement_pellerin@ibi.com Clement Pellerin
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: