coheigea commented on code in PR #504:
URL:
https://github.com/apache/santuario-xml-security-java/pull/504#discussion_r2764046381
##########
src/main/java/org/apache/xml/security/utils/XMLUtils.java:
##########
@@ -56,14 +56,63 @@
/**
* DOM and XML accessibility and comfort functions.
*
+ * @implNote
+ * Following system properties affect XML formatting:
+ * <ul>
+ * <li>{@systemProperty org.apache.xml.security.ignoreLineBreaks} -
ignores all line breaks,
+ * making a single-line document. Overrides all other formatting options.
Default: false</li>
+ * <li>{@systemProperty org.apache.xml.security.base64.ignoreLineBreaks} -
ignores line breaks in base64Binary values.
+ * Takes precedence over line length and separator options (see below).
Default: false</li>
+ * <li>{@systemProperty org.apache.xml.security.base64.lineSeparator} -
Sets the line separator sequence in base64Binary values.
+ * Possible values: crlf, lf. Default: crlf</li>
+ * <li>{@systemProperty org.apache.xml.security.base64.lineLength} - Sets
maximum line length in base64Binary values.
+ * The value is rounded down to nearest multiple of 4. Values less than 4
are ignored. Default: 76</li>
+ * </ul>
*/
public final class XMLUtils {
+ private static final Logger LOG =
System.getLogger(XMLUtils.class.getName());
+
+ private static final String IGNORE_LINE_BREAKS_PROP =
"org.apache.xml.security.ignoreLineBreaks";
+ private static final String BASE64_IGNORE_LINE_BREAKS_PROP =
"org.apache.xml.security.base64.ignoreLineBreaks";
+ private static final String BASE64_LINE_SEPARATOR_PROP =
"org.apache.xml.security.base64.lineSeparator";
+ private static final String BASE64_LINE_LENGTH_PROP =
"org.apache.xml.security.base64.lineLength";
+
private static boolean ignoreLineBreaks =
AccessController.doPrivileged(
- (PrivilegedAction<Boolean>) () ->
Boolean.getBoolean("org.apache.xml.security.ignoreLineBreaks"));
+ (PrivilegedAction<Boolean>) () ->
Boolean.getBoolean(IGNORE_LINE_BREAKS_PROP));
+
+ private static Base64FormattingOptions base64Formatting =
Review Comment:
Were these comments addressed?
##########
src/main/java/org/apache/xml/security/stax/impl/processor/output/AbstractEncryptOutputProcessor.java:
##########
@@ -175,12 +174,7 @@ public void init(OutputProcessorChain
outputProcessorChain) throws XMLSecurityEx
symmetricCipher.init(Cipher.ENCRYPT_MODE,
encryptionPartDef.getSymmetricKey(), parameterSpec);
characterEventGeneratorOutputStream = new
CharacterEventGeneratorOutputStream();
- Base64OutputStream base64EncoderStream = null; //NOPMD
- if (XMLUtils.isIgnoreLineBreaks()) {
- base64EncoderStream = new
Base64OutputStream(characterEventGeneratorOutputStream, true, 0, null);
- } else {
- base64EncoderStream = new
Base64OutputStream(characterEventGeneratorOutputStream, true);
- }
+ OutputStream base64EncoderStream =
XMLUtils.encodeStream(characterEventGeneratorOutputStream); //NOPMD
Review Comment:
Yes it's needed otherwise we have:
```
[INFO] PMD Failure:
org.apache.xml.security.stax.impl.processor.output.AbstractEncryptOutputProcessor$AbstractInternalEncryptionOutputProcessor:186
Rule:CloseResource Priority:3 Ensure that resources like this
Base64OutputStream object are closed after use.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
