https://issues.apache.org/bugzilla/show_bug.cgi?id=49483
Summary: KeyResolver.registerAtStart() leads to
ClassCastException
Product: Security
Version: unspecified
Platform: PC
OS/Version: Windows NT
Status: NEW
Severity: normal
Priority: P2
Component: Encryption
AssignedTo: [email protected]
ReportedBy: [email protected]
Created an attachment (id=25627)
--> (https://issues.apache.org/bugzilla/attachment.cgi?id=25627)
source code patch
KeyResolver.registerAtStart() adds a String to KeyResolver._resolverVector.
In ResolverIterator.next(), we expect the items in _resolverVector to be
KeyResolver instances and this causes a ClassCastException.
To reproduce, run this code:
KeyResolver.registerAtStart("org.apache.xml.security.test.encryption.BobKeyResolver");
KeyResolverSpi resolver = (KeyResolverSpi)KeyResolver.iterator().next();
The solution is to call new KeyResolver(className) just like
KeyResolver.register().
Unfortunately, we cannot add the throws clauses. For backwards compatibility,
we return an unchecked RuntimeException instead. We chose
IllegalArgumentException.
We also modify ResolverIterator.remove() to throw an
UnsupportedOperationException.
I did not add a junit for this bug because there is no way to remove a
KeyResolver once it is registered. This would affect the subsequent tests.
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
