Santuario
  1. Santuario
  2. SANTUARIO-296

XMLSignatureInput fails with an IOException if constructed on a BufferedInputStream

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: Java 1.5
    • Fix Version/s: Java 1.5.1
    • Component/s: Java
    • Security Level: Public (Public issues, viewable by everyone)
    • Labels:
      None

      Description

      org.apache.xml.security.signature.XMLSignatureInput calls inputOctetStreamProxy.reset() after a successful check if inputOctetStreamProxy.markSupported() in a number of places. This behavior is incompatible with a general contract of java.io.InputStream.reset() (an IOException may be thrown if no mark has been set) and causes "java.io.IOException: Resetting to invalid mark" when a resource resolver returns XMLSignatureInput constructed on a BufferedInputStream:

      java.io.IOException: Resetting to invalid mark
      at java.io.BufferedInputStream.reset(BufferedInputStream.java:416)
      at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:492)
      at org.apache.xml.security.signature.XMLSignatureInput.updateOutputStream(XMLSignatureInput.java:471)
      at org.apache.xml.security.signature.Reference.calculateDigest(Reference.java:718)
      at org.apache.xml.security.signature.Reference.verify(Reference.java:761)
      at org.apache.xml.security.signature.Manifest.verifyReferences(Manifest.java:336)
      at org.apache.xml.security.signature.SignedInfo.verify(SignedInfo.java:259)
      at org.apache.xml.security.signature.XMLSignature.checkSignatureValue(XMLSignature.java:724)
      <...>

      This issue is similar to SANTUARIO-39.

        Activity

          People

          • Assignee:
            Colm O hEigeartaigh
            Reporter:
            Giedrius Noreikis
          • Votes:
            1 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development