Bug ID: JDK-8132858 Can not delete a payload file after running XMLSignature.validate

Type: Bug
Component: security-libs
Sub-Component: javax.xml.crypto
Affected Version: 8u31,9

Priority: P3
Status: Closed
Resolution: Not an Issue
OS: windows
CPU: generic

Submitted: 2015-08-03
Updated: 2015-11-03
Resolved: 2015-11-03

If XMLSignatureInput is constructed by using the FileInputStream as octets source then the octet payload file can't be deleted on Windows platforms after usage.
Following test case illustrates this case:
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
import java.io.ByteArrayOutputStream;
import java.io.File;
import java.io.FileInputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;

public class DeletePayloadFile {
    private static final String filename = "XmlSigInput_payload.txt";
    private static final String content = "123456";

    public static void main(String [] args) throws Exception {
        //Create payload file inside scratch
        Path payload = Paths.get(System.getProperty("user.dir", "."))
                .resolve(filename);
        Files.write(payload, content.getBytes());

        File pf = payload.toFile();
        FileInputStream fis = new FileInputStream(pf);
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        XMLSignatureInput sigInput = new XMLSignatureInput(fis);
        sigInput.updateOutputStream(baos);
        System.out.println("baos="+baos.toString()+" result="+baos.toString().equals(content));
        if (!pf.delete()) {
            throw new RuntimeException("Can't delete XMLSignatureInput payload file:"+filename);
        }

    }
}

The payload file can be deleted if the FileInputStream is closed: fis.close(). In complicated cases of signature validation, for example - when custom URIDereferencer is used, the closure of FileInputStream is also needs to be tracked.

13-08-2015