[jira] Commented: (WSS-102) AbstractCrypto's constructor does not allow null properties in WSS4J 1.5.2 and 1.5.3 for custom Crypto with no input stream source

[Fred Dushin (JIRA)]

    [ 
https://issues.apache.org/jira/browse/WSS-102?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12593405#action_12593405
 ] 

Fred Dushin commented on WSS-102:
---------------------------------

I think we should be able to squeeze this into the 1.5.4 release, but I need to 
check with the team about risk -- I think it's pretty low.

> AbstractCrypto's constructor does not allow null properties in WSS4J 1.5.2 
> and 1.5.3 for custom Crypto with no input stream source
> ----------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: WSS-102
>                 URL: https://issues.apache.org/jira/browse/WSS-102
>             Project: WSS4J
>          Issue Type: Bug
>         Environment: WSS4J 1.5.2
> WSS4J 1.5.3
>            Reporter: Akitoshi Yoshida
>            Assignee: Ruchith Udayanga Fernando
>   Original Estimate: 1h
>  Remaining Estimate: 1h
>
> The ealier implemantation (before 1.5.2) looked like:
>     public AbstractCrypto(Properties properties, ClassLoader loader) throws 
> CredentialException, IOException {
>         /*
>         * if no properties .. just return an instance, the rest will be
>         * done later or this instance is just used to handle certificate
>         * conversions in this implementatio
>         */
>         if (properties == null) {
>             return;
>         }
>         this.properties = properties;
>         String location = 
> this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> This allowed a custom Crypto class extending from AbstractCrypto to pass a 
> null properties and do the rest in its own constructor.
> The above implementation was changed in 1.5.2 so that it does not accept a 
> null properties, as in
>     public AbstractCrypto(Properties properties, ClassLoader loader) throws 
> CredentialException, IOException {
>         this.properties = properties;
>         String location = 
> this.properties.getProperty("org.apache.ws.security.crypto.merlin.file");
> The rest of the code in this constructor assumes an input stream based 
> keystore source and therefore it is not useful if your environment has only 
> access to the keystore object but not its source stream.
> Is there any strong reason to remove the original "if (properties == null) { 
> return; } " block?
> If not, could you reinsert that block?
> Thank you.
> Aki Yoshida

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]