7094155 Code Review Request

Xuelei Fan xuelei.fan at oracle.com
Wed Oct 26 19:50:21 PDT 2011


Looks fine to me.

I also look at some other places that use the Node.getLocalName(). As
this method may return null, I was wondering it would be nice if we also
make changes to
com/sun/org/apache/xml/internal/security/utils/ElementCheckerImpl.java,
line 10:
 9  if ((el == null) ||
10   ns!=el.getNamespaceURI() || !el.getLocalName().equals(type)){
11     return false;
12  }

and signature/Manifest.java, line 337:
334 if ((n.getNodeType() == Node.ELEMENT_NODE) && ((Element) n)
335    .getNamespaceURI()
336    .equals(Constants.SignatureSpecNS) && ((Element) n)
337    .getLocalName().equals(Constants._TAG_MANIFEST)) {

and signature/XMLSignature.java, line 318:
317 if ((keyInfoElem != null) && (keyInfoElem.getNamespaceURI().equals
(Constants.SignatureSpecNS) &&
318    keyInfoElem.getLocalName().equals(Constants._TAG_KEYINFO)) ) {
319    this._keyInfo = new KeyInfo(keyInfoElem, BaseURI);

If Node.getLocalName() returns, the above lines might throw NPE.

Xuelei

On 10/26/2011 8:54 PM, Sean Mullan wrote:
> Hi Xuelei,
> 
> Could you please review my fix for 7094155 (JSR105 code throws
> javax.xml.crypto.URIReference when running into Java 7 VM)?
> 
> webrev: http://cr.openjdk.java.net/~mullan/webrevs/7094155/webrev.00/
> 
> Thanks,
> Sean




More information about the security-dev mailing list