7094155 Code Review Request

Xuelei Fan xuelei.fan at oracle.com
Thu Oct 27 07:57:35 PDT 2011


On 10/27/2011 9:43 PM, Sean Mullan wrote:
> On 10/26/11 10:50 PM, Xuelei Fan wrote:
>> Looks fine to me.
>>
>> I also look at some other places that use the Node.getLocalName(). As
>> this method may return null, I was wondering it would be nice if we also
>> make changes to
>> com/sun/org/apache/xml/internal/security/utils/ElementCheckerImpl.java,
>> line 10:
>>  9  if ((el == null) ||
>> 10   ns!=el.getNamespaceURI() || !el.getLocalName().equals(type)){
>> 11     return false;
>> 12  }
>>
>> and signature/Manifest.java, line 337:
>> 334 if ((n.getNodeType() == Node.ELEMENT_NODE) && ((Element) n)
>> 335    .getNamespaceURI()
>> 336    .equals(Constants.SignatureSpecNS) && ((Element) n)
>> 337    .getLocalName().equals(Constants._TAG_MANIFEST)) {
>>
>> and signature/XMLSignature.java, line 318:
>> 317 if ((keyInfoElem != null) && (keyInfoElem.getNamespaceURI().equals
>> (Constants.SignatureSpecNS) &&
>> 318    keyInfoElem.getLocalName().equals(Constants._TAG_KEYINFO)) ) {
>> 319    this._keyInfo = new KeyInfo(keyInfoElem, BaseURI);
>>
>> If Node.getLocalName() returns, the above lines might throw NPE.
> 
> Possibly, but I would prefer to hold off on that unless I have a specific test
> case. These code paths above are parsing standard XML Signature elements which
> must be defined using the DOM APIs with namespace parameters. This is in
> contrast to the bug fix in which we may be traversing/parsing XML content with
> no namespace information.
> 
Sounds fine to me.

Xuelei

> Thanks,
> Sean
> 
>>
>> Xuelei
>>
>> On 10/26/2011 8:54 PM, Sean Mullan wrote:
>>> Hi Xuelei,
>>>
>>> Could you please review my fix for 7094155 (JSR105 code throws
>>> javax.xml.crypto.URIReference when running into Java 7 VM)?
>>>
>>> webrev: http://cr.openjdk.java.net/~mullan/webrevs/7094155/webrev.00/
>>>
>>> Thanks,
>>> Sean
>>




More information about the security-dev mailing list