The logs will be wrong (or maybe worse) when logging about canonicalized
non-ASCII data on a platfrom with a default encoding other than UTF-8.

I'm attaching a simple patch

-A
Index: main/java/org/apache/xml/security/stax/impl/util/DigestOutputStream.java
===================================================================
--- main/java/org/apache/xml/security/stax/impl/util/DigestOutputStream.java	(revision 1645556)
+++ main/java/org/apache/xml/security/stax/impl/util/DigestOutputStream.java	(working copy)
@@ -18,12 +18,13 @@
  */
 package org.apache.xml.security.stax.impl.util;
 
+import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
-import java.io.OutputStream;
-import java.security.MessageDigest;
-
 /**
  * A Streaming based message-digest implementation
  *
@@ -52,9 +53,10 @@
 
     @Override
     public void write(int arg0) {
-        messageDigest.update((byte) arg0);
+        byte asByte = (byte) arg0;
+        messageDigest.update(asByte);
         if (isDebugEnabled) {
-            stringBuilder.append(new String(new byte[]{(byte) arg0}));
+            stringBuilder.append((char)asByte);
         }
     }
 
@@ -62,7 +64,11 @@
     public void write(byte[] arg0, int arg1, int arg2) {
         messageDigest.update(arg0, arg1, arg2);
         if (isDebugEnabled) {
-            stringBuilder.append(new String(arg0, arg1, arg2));
+            try {
+                stringBuilder.append(new String(arg0, arg1, arg2, "UTF-8"));
+            } catch (UnsupportedEncodingException e) {
+                log.warn(e.toString(), e);//UTF-8 is mandatory actually
+            }
         }
     }
 
Index: main/java/org/apache/xml/security/stax/impl/util/SignerOutputStream.java
===================================================================
--- main/java/org/apache/xml/security/stax/impl/util/SignerOutputStream.java	(revision 1645556)
+++ main/java/org/apache/xml/security/stax/impl/util/SignerOutputStream.java	(working copy)
@@ -18,13 +18,14 @@
  */
 package org.apache.xml.security.stax.impl.util;
 
+import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
 
-import java.io.OutputStream;
-
 /**
  * @author $Author$
  * @version $Revision$ $Date$
@@ -52,9 +53,10 @@
     @Override
     public void write(int arg0) {
         try {
-            signatureAlgorithm.engineUpdate((byte) arg0);
+            byte asByte = (byte) arg0;
+            signatureAlgorithm.engineUpdate(asByte);
             if (isDebugEnabled) {
-                stringBuilder.append(new String(new byte[]{(byte) arg0}));
+                stringBuilder.append((char)asByte);
             }
         } catch (XMLSecurityException e) {
             throw new RuntimeException(e);
@@ -66,10 +68,12 @@
         try {
             signatureAlgorithm.engineUpdate(arg0, arg1, arg2);
             if (isDebugEnabled) {
-                stringBuilder.append(new String(arg0, arg1, arg2));
+                stringBuilder.append(new String(arg0, arg1, arg2, "UTF-8"));
             }
         } catch (XMLSecurityException e) {
             throw new RuntimeException(e);
+        } catch (UnsupportedEncodingException e) {
+            log.warn(e.toString(), e);//UTF-8 is mandatory actually
         }
     }
 

Reply via email to