santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
Subject DO NOT REPLY [Bug 49465] New: impossible to subclass XMLCipher
Date Fri, 18 Jun 2010 18:17:45 GMT

           Summary: impossible to subclass XMLCipher
           Product: Security
           Version: unspecified
          Platform: PC
        OS/Version: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Encryption

Created an attachment (id=25614)
 --> (
source code patch and new junit

The constructor of XMLCipher is private which makes it impossible to subclass
XMLCipher. Furthermore, much of the work to construct the XMLCipher instance is
located in the getInstance() or getProviderInstance() methods. That would force
a subclass to duplicate that code once again.

The goal of this effort is to experiment with per KeyInfo KeyResolvers to
resolve the Key Encryption Key dynamically based on the EncryptedKey/KeyInfo
carried in the message. The junit in attachment shows how to achieve it through
subclassing. This might not be the most obvious use of the API, but at least it
proves that it can be done. It has the advantage that none of the API changes
are controversial.

The solution involves:
- Making the XMLCipher constructor protected. Callers must still call one of
the getInstance() or getProviderInstance() methods.
- pushing all the construction code in getInstance() and getProviderInstance()
into the real constructor.
- relaxing the requirement that provider must not be null. Passing null for the
provider in getProviderInstance() gives the same result as using the equivalent
getInstance() method.
- Adding createKeyInfo() and createEncryptedKeyResolver() factory methods in
- Changing XMLCipher to use the new factory methods when creating internal
KeyInfo or EncryptedKeyResolver objects.
- Adding the method createXMLCipher() to EncryptedKeyResolver.
- Also added some test to @return keywords that were empty in XMLCipher

Configure bugmail:
------- You are receiving this mail because: -------
You are the assignee for the bug.

View raw message