santuario-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 49465] New: impossible to subclass XMLCipher
Date Fri, 18 Jun 2010 18:17:45 GMT
https://issues.apache.org/bugzilla/show_bug.cgi?id=49465

           Summary: impossible to subclass XMLCipher
           Product: Security
           Version: unspecified
          Platform: PC
        OS/Version: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Encryption
        AssignedTo: security-dev@xml.apache.org
        ReportedBy: Clement_Pellerin@ibi.com


Created an attachment (id=25614)
 --> (https://issues.apache.org/bugzilla/attachment.cgi?id=25614)
source code patch and new junit

The constructor of XMLCipher is private which makes it impossible to subclass
XMLCipher. Furthermore, much of the work to construct the XMLCipher instance is
located in the getInstance() or getProviderInstance() methods. That would force
a subclass to duplicate that code once again.

The goal of this effort is to experiment with per KeyInfo KeyResolvers to
resolve the Key Encryption Key dynamically based on the EncryptedKey/KeyInfo
carried in the message. The junit in attachment shows how to achieve it through
subclassing. This might not be the most obvious use of the API, but at least it
proves that it can be done. It has the advantage that none of the API changes
are controversial.

The solution involves:
- Making the XMLCipher constructor protected. Callers must still call one of
the getInstance() or getProviderInstance() methods.
- pushing all the construction code in getInstance() and getProviderInstance()
into the real constructor.
- relaxing the requirement that provider must not be null. Passing null for the
provider in getProviderInstance() gives the same result as using the equivalent
getInstance() method.
- Adding createKeyInfo() and createEncryptedKeyResolver() factory methods in
XMLCipher.
- Changing XMLCipher to use the new factory methods when creating internal
KeyInfo or EncryptedKeyResolver objects.
- Adding the method createXMLCipher() to EncryptedKeyResolver.
- Also added some test to @return keywords that were empty in XMLCipher

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

Mime
View raw message