United StatesChange Country, Oracle Worldwide Web Sites Communities I am a... I want to...
Bug ID: JDK-7195301 XML Signature DOM implementation should not use instanceof to determine type of Node
JDK-7195301 : XML Signature DOM implementation should not use instanceof to determine type of Node

Details
Type:
Bug
Submit Date:
2012-08-30
Status:
Closed
Updated Date:
2013-08-27
Project Name:
JDK
Resolved Date:
2012-09-25
Component:
security-libs
OS:
generic
Sub-Component:
javax.xml.crypto
CPU:
generic
Priority:
P2
Resolution:
Fixed
Affected Versions:
6
Fixed Versions:

Related Reports
Backport:
Backport:
Backport:
Backport:

Sub Tasks

Description
The XML Signature DOM implementation should not use instanceof to determine type of Node. This is not guaranteed to behave consistently on all DOM implementations. Instead we should always use Node.getNodeType() to determine the type of Node. 

More details to be added later.

                                    

Comments
URL:   http://hg.openjdk.java.net/jdk8/build/jdk/rev/a51f86e2dce9
User:  katleman
Date:  2012-09-27 06:14:08 +0000

                                     
2012-09-27
Verified changes with manual code review. Verified the fix with attached test. Fix verified with b58 and b100.
                                     
2013-08-27
SUGGESTED FIX

Changeset: a51f86e2dce9
Author:    mullan
Date:      2012-09-10 08:57 -0400
URL:       http://hg.openjdk.java.net/jdk8/tl/jdk/rev/a51f86e2dce9

7195301: XML Signature DOM implementation should not use instanceof to determine type of Node
Reviewed-by: xuelei

! src/share/classes/com/sun/org/apache/xml/internal/security/Init.java
! src/share/classes/com/sun/org/apache/xml/internal/security/c14n/implementations/CanonicalizerBase.java
! src/share/classes/com/sun/org/apache/xml/internal/security/encryption/XMLCipher.java
! src/share/classes/com/sun/org/apache/xml/internal/security/keys/keyresolver/implementations/RetrievalMethodResolver.java
! src/share/classes/com/sun/org/apache/xml/internal/security/utils/IdResolver.java
                                     
2012-09-10
EVALUATION

There are a handful of places in the XML Signature implementation that use instanceof instead of Node.getNodeType(). These will all be modified to use Node.getNodeType(). Need to be also careful to check for null references before calling Node.getNodeType() to avoid NullPointerExceptions.
                                     
2012-09-07



Hardware and Software, Engineered to Work Together