The logs will be wrong (or maybe worse) when logging about canonicalized
non-ASCII data on a platfrom with a default encoding other than UTF-8.
I'm attaching a simple patch
-A
Index: main/java/org/apache/xml/security/stax/impl/util/DigestOutputStream.java
===================================================================
--- main/java/org/apache/xml/security/stax/impl/util/DigestOutputStream.java (revision 1645556)
+++ main/java/org/apache/xml/security/stax/impl/util/DigestOutputStream.java (working copy)
@@ -18,12 +18,13 @@
*/
package org.apache.xml.security.stax.impl.util;
+import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
+import java.security.MessageDigest;
+
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import java.io.OutputStream;
-import java.security.MessageDigest;
-
/**
* A Streaming based message-digest implementation
*
@@ -52,9 +53,10 @@
@Override
public void write(int arg0) {
- messageDigest.update((byte) arg0);
+ byte asByte = (byte) arg0;
+ messageDigest.update(asByte);
if (isDebugEnabled) {
- stringBuilder.append(new String(new byte[]{(byte) arg0}));
+ stringBuilder.append((char)asByte);
}
}
@@ -62,7 +64,11 @@
public void write(byte[] arg0, int arg1, int arg2) {
messageDigest.update(arg0, arg1, arg2);
if (isDebugEnabled) {
- stringBuilder.append(new String(arg0, arg1, arg2));
+ try {
+ stringBuilder.append(new String(arg0, arg1, arg2, "UTF-8"));
+ } catch (UnsupportedEncodingException e) {
+ log.warn(e.toString(), e);//UTF-8 is mandatory actually
+ }
}
}
Index: main/java/org/apache/xml/security/stax/impl/util/SignerOutputStream.java
===================================================================
--- main/java/org/apache/xml/security/stax/impl/util/SignerOutputStream.java (revision 1645556)
+++ main/java/org/apache/xml/security/stax/impl/util/SignerOutputStream.java (working copy)
@@ -18,13 +18,14 @@
*/
package org.apache.xml.security.stax.impl.util;
+import java.io.OutputStream;
+import java.io.UnsupportedEncodingException;
+
+import org.apache.xml.security.exceptions.XMLSecurityException;
+import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
-import org.apache.xml.security.exceptions.XMLSecurityException;
-import org.apache.xml.security.stax.impl.algorithms.SignatureAlgorithm;
-import java.io.OutputStream;
-
/**
* @author $Author$
* @version $Revision$ $Date$
@@ -52,9 +53,10 @@
@Override
public void write(int arg0) {
try {
- signatureAlgorithm.engineUpdate((byte) arg0);
+ byte asByte = (byte) arg0;
+ signatureAlgorithm.engineUpdate(asByte);
if (isDebugEnabled) {
- stringBuilder.append(new String(new byte[]{(byte) arg0}));
+ stringBuilder.append((char)asByte);
}
} catch (XMLSecurityException e) {
throw new RuntimeException(e);
@@ -66,10 +68,12 @@
try {
signatureAlgorithm.engineUpdate(arg0, arg1, arg2);
if (isDebugEnabled) {
- stringBuilder.append(new String(arg0, arg1, arg2));
+ stringBuilder.append(new String(arg0, arg1, arg2, "UTF-8"));
}
} catch (XMLSecurityException e) {
throw new RuntimeException(e);
+ } catch (UnsupportedEncodingException e) {
+ log.warn(e.toString(), e);//UTF-8 is mandatory actually
}
}
