santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hess Yvan <yvan.h...@imtf.ch>
Subject RE: When can we expected to have a new official release
Date Wed, 19 Jan 2005 08:09:35 GMT
Thanks for your answer.

The problem with InputStream is not really solved. I am using an Oracle Clob
as InputStream that apparently supports mark as described into
documentation: 

FORMAT: 
public void mark(int readLimit)

DESCRIPTION: 
Marks the current position in the BfileInputStream. A call to the reset( )
method will return you to the last marked position in the BfileInputStream.

PARAMETERS 
ReadLimit - This argument is ignored by the class.

I have a look into the XML security code and I saw that you mark the
InputStream with a value of -1. In this case I get an error because value of
-1 is not supported by the implementation of Oracle Blob. I changed your
code to set it with a value of 0 and it seems working. I checked the Javadoc
of InputStream and I never saw that you have the right to set the readlimit
to -1 meaning that mark must always be valid. InputStream javadoc describes
the parameter as follow "readlimit - the maximum limit of bytes that can be
read before the mark position becomes invalid". The management of this
readlimit value seems to be implementation specific and I think you should
not use this feature in the context of XML apache security. I saw in the
code that in any case when you need to sign a document you need to have the
InputStream as a byte array and for this reason I passed to the constructor
of the XMLSignatureInput my InputStream converted as a bytes array.

Regards. Yvan Hess

-----Original Message-----
From: Raul Benito [mailto:raul.benito.garcia@gmail.com]
Sent: mardi, 18. janvier 2005 19:56
To: security-dev@xml.apache.org
Subject: Re: When can we expected to have a new official release


I was thinking in doing 1.2.1 release in February, with the fixed to
your error. But I also want to see if more Bug reports are coming as
people seem to test just released software not the convenient RC ;).
Anyway I'm thinking that February will be a good time to release a
bugfix version.

Regards,

p.s. Have the CVS HEAD version fix your Exceptions when using
XMLSignatureInput(InputStream is) constructor?


On Mon, 17 Jan 2005 15:08:06 +0100, Hess Yvan <yvan.hess@imtf.ch> wrote:
> Some bugs has been found into the verson 1.2 and seems to be corrected.
When
> can we expect to have a new official release ?
> 
> Regards.  Yvan Hess
> 
> Yvan Hess
> Chief Software Architect
> 
> e-mail: yvan.hess@imtf.ch
> phone : +41 (0)26 460 66 66
> fax   : +41 (0)26 460 66 60
> 
> Informatique-MTF SA
> Route du Bleuet 1
> CH-1762 Givisiez
> 
> Excellence in Compliance and Document Management
> http://www.imtf.com
> 
> DISCLAIMER
> This message is intended only for use by the person to whom it is
addressed.
> It may contain information that is privileged and confidential. Its
content
> does not constitute a formal commitment by IMTF. If you are not the
intended
> recipient of this message, kindly notify the sender immediately and
destroy
> this message. Thank You.
> 
>


Mime
View raw message