CYBS-737: Readme and code comments update

sumadhav · sumadhav · commit b4ccdda7f53b · 2022-05-28T12:57:40.000+05:30
diff --git a/README.md b/README.md
@@ -252,7 +252,7 @@ Retry Pattern allows to retry sending a failed request and it will only work wit
 _______________________________
 Version Cybersource-sdk-java 6.2.12 (JUNE,2022)
 _______________________________
-    1) Apache WSS4j Security Vulnerability fix.
+    1) Mitigation of Apache WSS4j Security Vulnerability fix.
 _______________________________
 _______________________________
 Version Cybersource-sdk-java 6.2.11 (MAY,2020)
diff --git a/java/src/main/java/com/cybersource/ws/client/SecurityUtil.java b/java/src/main/java/com/cybersource/ws/client/SecurityUtil.java
@@ -7,6 +7,7 @@
 import org.apache.wss4j.dom.message.WSSecEncrypt;
 import org.apache.wss4j.dom.message.WSSecHeader;
 import org.apache.wss4j.dom.message.WSSecSignature;
+import org.apache.xml.security.Init;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.w3c.dom.Document;
 
@@ -196,14 +197,17 @@ public static Document handleMessageCreation(Document signedDoc, String merchant
 
         logger.log(Logger.LT_INFO, "Encrypting Signed doc ...");
 
-        org.apache.xml.security.Init.init();
         WSSecHeader secHeader = new WSSecHeader(signedDoc);
         try {
             secHeader.insertSecurityHeader();
         } catch (WSSecurityException e) {
             logger.log(Logger.LT_EXCEPTION, "Exception while adding document in soap securiy header for MLE");
             throw new SignException(e);
         }
+
+        //Must initialize xml-security library correctly before use it
+        Init.init();
+
         WSSecEncrypt encrBuilder = new WSSecEncrypt(secHeader);
         //Set the user name to get the encryption certificate.
         //The public key of this certificate is used, thus no password necessary. The user name is a keystore alias usually.
diff --git a/zip/README b/zip/README
@@ -279,7 +279,7 @@ Provides low level HTTP transport components that can be used to build custom cl
 
 Version Cybersource-sdk-java 6.2.12 (JUNE,2022)
 _______________________________
-    1) Apache WSS4j Security Vulnerability fix.
+    1) Mitigation of Apache WSS4j Security Vulnerability.
 
 Version Cybersource-sdk-java 6.2.11 (MAY,2020)
 _______________________________
