https://issues.apache.org/bugzilla/show_bug.cgi?id=44863
--- Comment #2 from Wally Dennis <[EMAIL PROTECTED]> 2008-04-23 12:54:12 PST --- (In reply to comment #1) > (In reply to comment #0) > > Created an attachment (id=21848) --> (https://issues.apache.org/bugzilla/attachment.cgi?id=21848) [details] [details] > > logging modifications to Reference and XMLSignature classes > > > > It would be very helpful to have additional logging surrounding the creation > > and validation of signatures. We need this information to assist in > > debugging > > issues when our clients are attempting to call our web services. > > Specifically, > > I am suggesting the additional logging be added to the > > org.apache.xml.security.signature.Reference.java and > > org.apache.xml.security.signature.XMLSignature.java classes. I am > > attaching a > > file detailing the changes to these files we need using a base of version > > 1.4.1. Can this logging be added to the next release of xml security? > I should be able to add it to 1.4.2 since it is fairly low risk. However, the > changes I will add will be a little different. The best place to put the > logging statements is in the SignerOutputStream and DigesterOutputStream > classes and log the bytes as they are being signed or digested. Calling > Reference.getReferencedBytes or SignedInfo.getCanonicalizedStream has a couple > of issues. These methods recalculate the transformed or canonicalized bytes; > thus they may not be the exact same bytes (for example, the referenced content > may change or there may be network issues, etc) and also incur an additional > performance cost. Adding the logging to the OutputStream classes does have one drawback, though. Especially for the reference logging, I believe you lose the URI so in situations where multiple references are present you have to figure it out. Granted, this is most likely not difficult, but it is helpful. We tend to like to have as much info as possible as long as there is no significant performance impact. That being said, I'll take whatever I can get. Thanks. -- Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug.
