Re: XMLSignature class - The signer output stream is closed before signing operation

Wed, 14 Mar 2007 04:02:07 -0800

I think that the "so.close()" instruction should be AFTER the canonicalization of bytes from the SignedInfo element. 

I think so the following code should  be better:
------------------------
// generate digest values for all References in this SignedInfo
si.generateDigestValues();
OutputStream so=new UnsyncBufferedOutputStream(new SignerOutputStream(sa));

// get the canonicalized bytes from SignedInfo
si.signInOctectStream(so);
// **** Close the output stream AFTER calling signInOctetStream method ***** 
try {
  so.close();
} catch (IOException e) {
//Imposible
}
------------------------
----- Original Message ----- From: "Marcin Cinik" <[EMAIL PROTECTED]> 
To: <security-dev@xml.apache.org>
Sent: Wednesday, March 14, 2007 12:19 PM
Subject: RE: XMLSignature class - The signer output stream is closed before signing operation 



There should rather be:
try {
  so.close();
} catch (IOException e) {
   //Imposible
  throw new RuntimeException(e);
}

when the operation is impossible (You never know ;-) ).



-----Original Message-----
From: Julien PASQUIER [mailto:[EMAIL PROTECTED]
Sent: Wednesday, March 14, 2007 12:12 PM
To: security-dev@xml.apache.org
Subject: XMLSignature class - The signer output stream is closed before
signing operation


Hi,
In the org.apache.xml.security.signature.XMLSignature class of the java XML 
Security v1.4, I don't understand a piece of code in the "public void
sign(Key signingKey)" method.

-----------------------------
// generate digest values for all References in this SignedInfo
si.generateDigestValues();
OutputStream so=new UnsyncBufferedOutputStream(new SignerOutputStream(sa)); 
try {
  so.close();
} catch (IOException e) {
  //Imposible
}
// get the canonicalized bytes from SignedInfo
si.signInOctectStream(so);
-----------------------------

Why the output stream "so" object is closed ("so.close()") before the
signing operation ?

Regards,

Julien PASQUIER
---------------------------------------------------------------------------------------
Orange vous informe que cet  e-mail a ete controle par l'anti-virus mail.
Aucun virus connu a ce jour par nos services n'a ete detecte.

Reply via email to