[jira] Commented: (WSS-102) AbstractCrypto's constructor does not allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no input stream source

[Akitoshi Yoshida (JIRA)]

    [ 
https://issues.apache.org/jira/browse/WSS-102?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12593359#action_12593359
 ] 

Akitoshi Yoshida commented on WSS-102:
--------------------------------------

Hi Fred,
I would not call it a show stopper, but I would prefer AbstractCrypto to get 
this properties==null option back in 1.5.4 so that we don't have to change the 
code. That would make our life easier, as we have opted for using a modified 
version of 1.5.2 or 1.5.3.  with this check if they are to be used, in the hope 
of this check being reinstantiated in the next version.

Thanks.
Regards, Aki








> AbstractCrypto's constructor does not allow null properties in WSS4J 1.5.2 
> and 1.5.3 for custom Crypto with no input stream source
> ----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-102
>                 URL: https://issues.apache.org/jira/browse/WSS-102
>             Project: WSS4J
>          Issue Type: Bug
>         Environment: WSS4J 1.5.2
> WSS4J 1.5.3
>            Reporter: Akitoshi Yoshida
>            Assignee: Ruchith Udayanga Fernando
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> The ealier implemantation (before 1.5.2) looked like:
>     public AbstractCrypto(Properties properties, ClassLoader loader) throws 
> CredentialException, IOException {
>         /*
>         * if no properties .. just return an instance, the rest will be
>         * done later or this instance is just used to handle certificate
>         * conversions in this implementatio
>         */
>         if (properties == null) {
>             return;
>         }
>         this.properties = properties;
>         String location = 
> this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> This allowed a custom Crypto class extending from AbstractCrypto to pass a 
> null properties and do the rest in its own constructor.
> The above implementation was changed in 1.5.2 so that it does not accept a 
> null properties, as in
>     public AbstractCrypto(Properties properties, ClassLoader loader) throws 
> CredentialException, IOException {
>         this.properties = properties;
>         String location = 
> this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> The rest of the code in this constructor assumes an input stream based 
> keystore source and therefore it is not useful if your environment has only 
> access to the keystore object but not its source stream.
> Is there any strong reason to remove the original "if (properties == null) { 
> return; } " block?
> If not, could you reinsert that block?
> Thank you.
> Aki Yoshida

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]